SSL export for loadbalancing server

Similar Messages

• Is it possible to use single ssl certificate for multiple server farm with different FQDN?

  Hi
  We generated the CSR request for versign secure site pro certificate
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  SSL Certificate for cn=abc.com   considering abc.com as our major domain. now we have servers in this domain like    www.abc.com,   a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
  And the same message when trying to access https://www.abc.com from Google Chrome.
  "This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
  so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
  Now my question is
  1. Is is possible to  remove above errors doing some ssl configuration on ACE?
  2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate  for CSR generated uisng cn =abc.com to be installed on ACE  and will be used  for all servers like  www.abc.com , a.abc.com etc..
  Thanks
  Waliullah

  If you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate.  Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate.  And right now it won't beause your certificate is for abc.com.  You need a wildcard cert that will be for something like *.abc.com.
  Hope this helps,
  Sean

• Oracle 10g DB Export for SQL Server 2008

  I'm having a hard time exporting my database Primavera P6 Project Management for SQL Server 2008, in fact I need to do this so I can export to a future program in Visual Studio 2010. But contiue with the Oracle Database Enabled
  Thank you.
  Edited by: 898987 on 25/11/2011 01:59

  Hi,
  Thanks for the translation.
  You say you are having a hard time exporting my database Primavera P6 Project Management for SQL Server 2008. Could you give details of exactly what you are using for the export and what problems you are having ?
  Is this an export from an Oracle database or a SQL*Server 2008 database ?
  Regards,
  Mike

• Upgrade SSL Certificate for Exchange Server

  Hi Folks,
  I need to upgrade the SSL certificate on my Exchange Server, so he can negotiate encryption and authorization to an upstream SMTP Smart Host.  This means that the certificate I need is not necessarily a server certificate, because in this scenario Exchange
  Server is acting as a client to the upstream SMTP Smart Host.  I have openssl at my disposal, so making the certificate in not a problem but installing it in the correct location and testing that I've done what I think I've done is.
  Thanks for the help,
  Chris.
  Thanks for the help,
  Chris.

  Hi,
  Please just make sure the primary certificate in your Exchange server with
  SMTP service is valid, trusted by your SMTP smart host.
  Thanks,
  Winnie Liang
  TechNet Community Support

• Ps exporting for indesign server+js

  i can able to export the ps file from indesign cs2, but i cant do it in indesign server,
  syntex i used there:
  myDoc.print(app.printPresets[1],true)
  while executing this line i got message as
  the configuration was invalid or the user cancelled. plesae try the same operation in the user interface to see detailed information.
  thanks in advance
  subha

  On Nov 27, 2008, at 2:08 AM, Olav Kvern wrote:
  Hi Ole!
  This reminds me. I think your scripting documentation and sample scripts are too difficult. :-)
  Likewise, I can't tell whether you're suggesting a workaround here or not. I've just got, you know, something hanging out with the right side at 38.768, and I want it at exactly 37.1, and I don't want to move the left side, and I can't drag the handle where I want it even if I want to, because it only goes to 36.934 or 37.226 argh, and I still don't have a way to simply put it at 37.1(00).
  Failing that, maybe one of you wonderful guys will tell me how to correct this:
  set
  find what
  of
  find text preferences
  to
  set
  change to
  of
  change text preferences
  to
  thin space
  thin space
  change text
  document
  1
  O
  It says it was expecting a string or nothing and I hate to disappoint it, but I found that "thin space" in the dictionary and had the audacity to think I could use it. Which I suppose I can, somewhere, only apparently not here.
  Thanks,
  Roy
  Hi Roy, Dave,
  Actually, that's the difference between the resize and reframe methods in scripting, which mirror the difference between the scale x/scale y and width/height fields in the Control panel. But I agree that the Proxy version was better.:-)

• Setup SSL for SQL Server 2014

  I'm trying to get SSL setup for SQL Server. I'm assuming version doesn't matter. It's all about the same but I'm using 2014.
  I have an Enterprise CA so I've setup certs through it.  I've tried using several templates but none seem to work.  I thought it might be needing to use a SAN cert but that doesn't seem to work either.
  I create the cert, add it to the computer account. 
  Go to the properties of "Protocols for MSSQLSERVER" and change the settings on the cert tab to my cert. 
  Attempting to restart SQL Server fails.  Once I clear the setting the service will start.
  What am I missing?
  David Jenkins

  Hello,
  Please read the following resources:
  http://support.microsoft.com/kb/316898/en-us
  http://thesqldude.com/2012/04/21/setting-up-ssl-encryption-for-sql-server-using-certificates-issues-tips-tricks/
  Hope this helps.
  Regards,
  Alberto Morillo
  SQLCoffee.com

• After installed SP1 for SQL Server 2012, can no longer export to csv

  After installing SP1 today via Windows Update, I am no longer able to export data to csv using the SQL Server Import and Export wizard. I get the following error message:
  "Column information for the source and the destination data could not be retrieved, or the data types of source columns were not mapped correctly to those available on the destination provider."
  "Column "col1": Source data type "200" was not found in the data type mapping file."...
  (The above line repeats for each column)
  The work-around I have to do is to manually map each column in the "Edit Mappings..." option from the "Configure Flat File Destination" page of the wizard. This is an extreme inconvenience to have to have to edit the mappings and change
  each column to "string [DT_STR]" type from "byte stream [DT_BYTES]" type each time I want to export to csv. I did not have to do this before installing SP1; it worked perfectly for months with hundreds of exports prior to this update and
  no need to modify mapping.

  I am running Windows 7 64-bit, SQL Server 2012 Express edition. Again, just yesterday from Windows Update, I installed SQL Server 2012 Service Pack 1 (KB2674319), followed by Update Rollup for SQL Server 2012 Service Pack 1 (KB2793634). This situation was
  not occurring before these updates were installed, and I noticed it immediately after they were installed (and of course I restarted my computer after the updates).
  In SSMS I just now created a test DB and table to provide a step-by-step with screenshots.
  Here is the code I ran to create the test DB and table:
  CREATE DATABASE testDB;
  GO
  USE testDB;
  GO
  CREATE TABLE testTable
  id int,
  lname varchar(50),
  fname varchar(50),
  address varchar(50),
  city varchar(50),
  state char(2),
  dob date
  GO
  INSERT INTO testTable VALUES
  (1,'Smith','Bob','123 Main St.','Los Angeles','CA','20080212'),
  (2,'Doe','John','555 Rainbow Ln.','Chicago','IL','19580530'),
  (3,'Jones','Jane','999 Somewhere Pl.','Washington','DC','19651201'),
  (4,'Jackson','George','111 Hello Cir.','Dallas','TX','20010718');
  GO
  SELECT * FROM testTable;
  Results look good:
  id    lname    fname    address    city    state    dob
  1    Smith    Bob    123 Main St.    Los Angeles    CA    2008-02-12
  2    Doe    John    555 Rainbow Ln.    Chicago    IL    1958-05-30
  3    Jones    Jane    999 Somewhere Pl.    Washington    DC    1965-12-01
  4    Jackson    George    111 Hello Cir.    Dallas    TX    2001-07-18
  In Object Explorer, I right-click on the [testDB] database, choose "Tasks", then "Export Data..." and the SQL Server Import and Export Wizard appears. I click Next to leave all settings as-is on the "Choose a Data Source" page, then on the "Choose a Destination"
  page, under the "Destination" drop-down I choose "Flat File Destination" then browse to the desktop and name the file "table_export.csv" then click Next. On the "Specify Table Copy or Query" page I choose "Write a query to specify the data to transfer" then
  click Next. I type the following SQL statement:
  SELECT * FROM testTable;
  When clicking the "Parse" button I get the message "This SQL statement is valid."
  On to the next page, "Configure Flat File Destination" I try leaving the defaults then click Next. This is where I am getting the error message (see screenshot below):
  Then going to the "Edit Mappings..." option on the "Configure Flat File Destination" page, I see that all columns which were defined as varchar in the table are showing as type "byte stream [DT_BYTES]", size "0", the state column which is defined as char(2)
  shows correctly however with type "string [DT_STR]", size "2" (see screenshow below):
  So what I have to do is change the type for the lname, fname, address and city columns to "string [DT_STR]", then I am able to proceed with the export successfully. Again, this just started happening after installing these updates. As you can imagine, this
  is very frustrating, as I do a lot of exports from many tables, with a lot more columns than this test table.
  Thanks for your help.

• Need info to configure SSL for Portal Server in EP6SP2

  Hello,
  We need to configure SSL for Portal Server. We are using J2EE 6.20 Patch 25 and EP6SP2P4. The ITS is already using https and it creats lots of Session issues since Portal is not in https.
  Is there any OSS Note or How to guide to configure Portal to use SSL.
  Thanks.
  - PK

  Hi Marcel,
  Thanx for your Post, I have a Question, we will use CISCO for load balancing and SSL termination but I have a big issue, the URL in the portal applciation is always the same ant the URL in the borwser, I guess al the other URL´s are in the Frames, how will we configure the SSL termination for the login page in example if the URL in the Browser appears always the same?
  Thanx in Advanced!!!

• Configuring SSL for SOA Server

  Hi All,
  I wrkin on SOA suite 11g. I am tryin to implement transport level security. Firstly 1-way authentication and than 2-way mutual authentication. For that I need to enable the SSL for SOA server which is managed by the WLS admin server. As per my knowledge the WLS comes with demoidentity and demotrust keystores. If I need to configure the SSL for SOA server do i need to create new keystores and CA,s or I can use the demo keystores.
  Now, in case i need to create new keystores than can i do the same using keytool utility. Additionally, is it possible to make CA using keytool utility? If yes, kindly provide me some links about how to do the same.
  Thanks in advance.

  Hi Shomit,
  If I need to configure the SSL for SOA server do i need to create new keystores and CA,s or I can use the demo keystores.You can use the Demo keystores for dev purpose but it is NOT recommended to use demo keystores for production use.
  in case i need to create new keystores than can i do the same using keytool utilityYes, you can do it using Keytool utility.
  is it possible to make CA using keytool utility?Actually you can generate a self-signed cert and use that as a CA for signing CSR's.
  kindly provide me some links about how to do the sameYou should get everything here -
  http://download.oracle.com/docs/cd/E14571_01/web.1111/e13707/ssl.htm#i1200848
  Regards,
  Anuj

• SQL Developer 2.1.0.63 - Export Data menu missing for SQL Server databases

  Hi
  The Export Data menu only appears for Oracle databases in this version, it does not appear for SQL server databases.
  To demonstrate:
  Press F9 to run query
  Right click on Query Result data
  For Oracle an Export Data sub menu appears
  For SQL server no Export Data sub menu appears
  This worked in previous versions.
  Is this functionality going to reappear?
  Thanks
  Dave

  Hi,
  Looks like this is exactly the same problem for third party connections as I have the exact same issue for mySQL.
  I had to apply 1.5.5 version to fix it.
  Hope we're going to have this solved !
  Thanks,
  JP

• Mac mail - SSL option for the SMTP outgoing mail server - Help!

  Mac mail (Version 6.3 (1503)) will not let me "uncheck" the SSL option for the SMTP outgoing mail server - Help!
  Thanks!

  Problems such as yours are sometimes caused by files that should belong to you but are locked or have wrong permissions. This procedure will check for such files. It makes no changes and therefore will not, in itself, solve your problem.
  First, empty the Trash.
  Triple-click the line below to select it, then copy the selected text to the Clipboard (command-C):
  find ~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 -o -acl \) 2> /dev/null | wc -l
  Launch the Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Paste into the Terminal window (command-V). The command may take a noticeable amount of time to run. Wait for a new line ending in a dollar sign (“$”) to appear.
  The output of this command, on a line directly below what you entered, will be a number such as "41." Please post it in a reply.

• Cannot Set URL For Report Server SSL Binding In SSRS 2008R2

  Hi,
  I have an SSL certificate that has a number of subject alternate names and I need the SSL binding for the report server and the report manager to be against one of these names, not the certificate name.
  However, while it is possible to set the host header for a non-SSL identity and therefore control the URL reserved, it does not seem possible to set this for an SSL identity - the edit dialogue box simply generates the URL when you choose the certificate
  from the dropdown box.
  How do I set the URL for a report server SSL binding?
  Cheers
  Dan

  Hi Charlie,
  You are correct, i am configuring SSL connections on a native mode report server and i want to configure a custom URL for it.
  However, my issue is not that I cannot see the certficate - it is that I cannot set a custom URL for SSL connections. Apologies, I should have written up an example of what I am seeing:-
  I have installed a certificate for a.company.com. It shows up fine in the certificate list/dropdown for configuring the web service URL SSL certificate.
  I can set a host header for non-SSL traffic for a.company.com and the binding succeeds. I can also set an SSL identity in the same Advanced Multiple Web Site Configuration window for a.company.com and this also binds correctly.
  However, the certficate is like a wildcard in that it supports 4 more URLs in its subject alternate name property. I would like to set an SSL identity for b.company.com which is one of those entries.
  As an aside, the certificate is also installed in IIS and succeeds in binding to b.company.com. I mention this as it shows that the certificate appears to be installed correctly and is working in its wildcard-like capacity.
  I can also successfully set a host header for b.company.com for the report server for non-SSL traffic. It is b.company.com that I would like to host the report server and manager under.
  The issue I have is that if I try to add an SSL identity for the report server web service for b.company.com using the Advanced Multiple Web Site Configuration window, there is no editable box for URL and so it does not allow me to set the URL/host
  header - it therefore always binds to a.company.com.
  I have scoured the boards for answers and there have been a couple of mentions, but neither has worked for me.
  This one talks about adding the required
  https://b.company.com/reportserver to the rsreportserver.config file and the OP describes the issue pretty much exactly as I am experiencing plus the responder talks about this guidance as coming from MS support - however when I followed the steps the result
  is the same as without the configuration:-
  http://www.sql-server-performance.com/forum/threads/ssrs-2008-host-headers-and-ssl.28571/
  Another suggestion (for which I have lost the link) was to amend the URL config in that file directly and add the required entry. Both posters claim it has worked for them so I am sure that using a wildcard certificate with SSRS does work! I think in my
  case I am missing some extra steps as it is fine to amend the config file directly, but I don't think this actually kicks off the SSL/URL binding process which is what the dialogue window does.
  Hope this helps in explaining further. I am sure this is resolvable as I cannot believe the only option for SSRS is to bind to a single domain name and ignore the other wildcard/alternate options.
  Cheers
  Dan

• Server settings for remote Server in Flash Builder 4.5 Premium

  Has anyone figured this out? Seems like everyone is talking about FlashBuilder that comes with PHP and that doesn't help me. So I'm still having trouble moving my mobile app to a remote server and I have FlashBuilder 4.5 Premium without PHP.
  I have created a PHP project outside of Flash Builder and then I have connected to it using the Data/Service tab, but then it ask for the server information and that is where I'm having the issues.
  It works create with the setting like this.
  MAC:
  Server Options
  Web Root: /Applications/MAMP/htdocs
  Root URL: http://localhost/
  But when you try to export a release build or just like to test it, and insert your server settings.
  Server Options
  Web Root: /home/username/domain_name/
  Root URL: http://mydomain.com
  It doesn't Validate which in turn won't let the project work. Also it would be nice to put the remote server in there for testing instead of just for release builds. Any one have an answer. Every tutorial or explanation shows localhost.
  thanks

  Hello guys,
  I have found a solution: In ZendFramework/library/Zend/Amf/Response/Http.php  linenumber 59:
  $ssl = $_SERVER['HTTPS']; is given an error.
  I did this:
  $_SERVER['HTTPS'] = 'off';
  $ssl = $_SERVER['HTTPS'];
  So add this line....
  And it works...
  Hope it works for you too.
  Ooh, and don't forget to follow the instruction of TweenOut.
  Erik.
  Van: tweenOut [email protected]
  Verzonden: dinsdag 20 december 2011 18:42
  Aan: EGJ Steens
  Onderwerp: Server settings for remote Server in Flash Builder 4.5 Premium
  Re: Server settings for remote Server in Flash Builder 4.5 Premium
  created by tweenOut <http://forums.adobe.com/people/tweenOut>  in Using Flash Builder - View the full discussion <http://forums.adobe.com/message/4095833#4095833

• Set-up with different urls for login server and mid-tier

  The desired external host names are the following:
  Portal -> http://www.myportal.com
  Login Server -> http://www.login.com
  The real (internal) host names are the following:
  midtier -> midtier.xyz.com
  infrastructure-> infra.xyz.com
  How should the Oracle HTTP Server, Login/SSO server, portal be configured with this type of set-up?
  In particular, what should be in the httpd.conf, dads.conf, mod_osso.conf files and which values should be passed to the ssocfg and ptlasst scripts? Does the DAS url need to have the internal or external host name?

  How should the scenario described above be integrated into the instructions below? $HOSTNAME may refer to the internal or external midtier or infrastructure machine name. Which should be used?
  Assume HTTPS for the login server --> https://www.login.com.
  <PRE>
  Doc ID: Note:216126.1
  Subject: How to configure SSL with Portal 9.0.2
  Type: HOWTO
  Status: PUBLISHED
  Content Type: TEXT/PLAIN
  Creation Date: 25-OCT-2002
  Last Revision Date: 16-JAN-2003
  PURPOSE ------- This note explains how to set up SSL with Portal. There are several ways to configure SSL with Portal. This note uses SSL only between the browser and WebCache. The communication between the Webcache/Apache or PPE/Webcache is done in HTTP. This installation is a lot less CPU extensive than a full SSL configuration. Please note the configuration outlined here is not currently certified for Portal 9.0.2; however, it is fully supported by Oracle Support and Development. This means that this configuration was not tested by the Portal QA Department within Oracle. The difference in the QA test was that all components of the configuration were in SSL mode. SCOPE & APPLICATION ------------------- This note is intended for Portal administrators. This note is based on Unix. The Windows NT configuration is very similar. HISTORY ------- Version 1.0: SSL with a Unix shell script Version 1.1: Comment about the Webcache HTTP port How to configure SSL with Portal 9.0.2 -------------------------------------- Step 1 - Prerequisite --------------------- A. Get a SSL certificate ------------------------ IAS v2 is given with dummy certificates. You can use them. If you wish to use real SSL certificates, follow a note to configure SSL with Webcache like : - Note 161863.1 - Configuring WebCache with SSL - NT/2000 - Note 165305.1 - Configuring WebCache with SSL - Unix B. Password of the database schemas of portal --------------------------------------------- You need to have the passwords of the following database users: Database user Your passwords ---------------------------------------------- portal orasso orasso_ps orasso_pa These passwords are normally randomized during the installation of IAS V2. To find them, please follow one of these notes: - Note 206514.1 : IAS 9.0.2 : How to get the portal passwords to run the PTLASST script (Windows) - Note 199633.1 : Script to determine orasso password in 9iAS 9.0.2 on Unix - Note 205984.1 : Script to determine orasso password in 9iAS 9.0.2 on Windows C. Ports -------- During this installation, you will need to know a lot of ports of IAS V2. Please collect this information, before to begin. You can see the port list by going to the homepage of the midtier and of the infrastructure web page and clicking on the tab Port. You can also read the file portlist.ini that resides in both ORACLE_HOME in the directory $ORACLE_HOME/install. Here is the list, you need: Name of the port My port numbers Your port numbers --------------------------------------------------------------------- Midtier Web Cache HTTP port 7783 Midtier Web Cache HTTPS port 4459 Midtier Web Cache Admin port 4000 Midtier Web Cache Invalidation port 4001 --------------------------------------------------------------------- Infrastructure Oracle HTTP Server port 7784 Infrastructure Oracle HTTPS Server port 4460 Infrastructure Internet Directory(non-SSL) 4039 --------------------------------------------------------------------- D. Backups ---------- You should take a backup of your IAS installation in case that you want to revert all the changes done here and/or if you make a mistake during the configuration. The only good way to do a backup of IAS 9.0.2 is to have a full backup of the both ORACLE_HOMES of the Infrastructure and of the MidTier. Step 2 - Configure Portal to run in SSL --------------------------------------- 1) Edit the Webcache configuration Go to the administration port > http://hostname:web_admin_port/ > Typically http://hostname:4000/ Login: administrator/administrator Go to General Configuration / Site to Server Mapping -> Change the rule WebCache SSL - HTTP SSL -> Below the title Select "Application Web Servers" -> Check the checkbox with HTTP -> Uncheck the one with HTTPS -> Submit On the top of Webcache admin screen, press on <Apply the changes> Then restart WebCache. 2) Edit the dads.conf (in $MIDTIER_ORACLE_HOME/Apache/modplql/conf) Add a new line in the DAD: <Location /pls/portal> PlsqlCGIEnvironmentList REQUEST_PROTOCOL=HTTPS,SERVER_PORT=4459 Where 4459 is the HTTPS port of the MIDTIER. 3) Modify the web.xml of the portal application ($MIDTIER_ORACLE_HOME/j2ee/OC4J_Portal/applications/portal/portal/WEB-INF) Add several parameters to the page servlet (PPE). [...] <servlet> <servlet-name>page</servlet-name> [...] <init-param> <param-name>useWebCache</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>useScheme</param-name> <param-value>http</param-value> </init-param> <init-param> <param-name>usePort</param-name> <param-value>7783</param-value> </init-param> </servlet> [...] Where 7783 is the HTTP port of Webcache. Step 3 - Run the PTLASST ------------------------ Because of bug 2659809, we will remove an entry in OID before to run the PTLASST script. This entry will be recreated by PTLASST. Because of bug 2654938, we will reconfigure Webcache after PTLASST. Run this script, and modify the environment variables with the values found above. This scripts does 3 things: 1) It configures SSO/DAS to run in the infrastructure HTTPS port 2) It configures Portal in HTTPS mode, and associates Portal with SSO in HTTPS. 3) Restart OC4J and HTTP processes of the MIDTIER and INFRASTRUCTURE - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - portal_ssl.sh - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - export INFRA_ORACLE_HOME=/u01/oracle/product/infra902 export MIDTIER_ORACLE_HOME=/u01/oracle/product/ias902 export INFRA_SID=iasdb export MIDTIER_SID=ias902 export PORTAL_SID=$INFRA_SID export PORTAL_TNS=iasdb export MIDTIER_HTTP_PORT=7783 export MIDTIER_HTTPS_PORT=4459 export WEBCACHE_INV_PORT=4001 export WEBCACHE_ADM_PORT=4000 export INFRA_HTTP_PORT=7784 export INFRA_HTTPS_PORT=4460 export OID_PORT=4039 export EM_PORT=1810 export PORTAL_PASSWORD=ABCDEFGH export ORASSO_PASSWORD=ABCDEFGH export ORASSO_PA_PASSWORD=ABCDEFGH export ORASSO_PS_PASSWORD=ABCDEFGH export HOSTNAME=machine.domain.com export IAS_PASSWORD=ABCDEFGH export ORAENV_ASK=NO export ORACLE_SID=$INFRA_SID . oraenv unset ORAENV_ASK echo '******** PART 1 - SSO IN SSL **********' export LD_LIBRARY_PATH=$INFRA_ORACLE_HOME/lib:$LD_LIBRARY_PATH export PATH=$INFRA_ORACLE_HOME/jdk/bin:$PATH export PATH=$ORACLE_HOME/bin:$PATH # This step will change the URL used to login by default for # all partner application cd $INFRA_ORACLE_HOME/sso/bin ./ssocfg.sh HTTPS $HOSTNAME $INFRA_HTTPS_PORT # This step add a new partner application to SSO. # It associates the new URL used by OIDDAS with SSO. cd $INFRA_ORACLE_HOME/sso/lib java -jar $ORACLE_HOME/sso/lib/ossoreg.jar -host $HOSTNAME -port 1521 -sid $INFRA_SID -site_name ssl_$HOSTNAME -success_url https://$HOSTNAME:$INFRA_HTTPS_PORT/osso_login_success -cancel_url https://$HOSTNAME:$INFRA_HTTPS_PORT/ -logout_url https://$HOSTNAME:$INFRA_HTTPS_PORT/osso_logout_success -home_url https://$HOSTNAME:$INFRA_HTTPS_PORT/ -start_date 08012002 -admin_id oracle -ip_check false -config_mod_osso true -oracle_home_path $INFRA_ORACLE_HOME -u root -sso_server_version v1.2 echo '---------------------' echo 'Change the URL of DAS' echo '---------------------' rm das.ldif echo 'dn:cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext' > das.ldif echo 'changetype:modify' >> das.ldif echo 'replace:orcldasurlbase' >> das.ldif echo orcldasurlbase:https://$HOSTNAME:$INFRA_HTTPS_PORT/ >> das.ldif ldapmodify -h $HOSTNAME -p $OID_PORT -D "cn=orcladmin" -w "$IAS_PASSWORD" -f das.ldif echo '******** PART 2 - PORTAL IN SSL **********' echo '-----------------------' echo 'Delete an entry in LDAP' echo '-----------------------' ldapdelete -h $HOSTNAME -p $OID_PORT -D "cn=orcladmin" -w "$IAS_PASSWORD" "orclApplicationCommonName=PORTAL,cn=Portal,cn=Products,cn=OracleContext"
  echo '-------------' echo 'Configure SSL' echo '-------------' export ORACLE_HOME=$MIDTIER_ORACLE_HOME $MIDTIER_ORACLE_HOME/assistants/opca/ptlasst.csh -mode MIDTIER -i custom -s portal -sp $PORTAL_PASSWORD -c $HOSTNAME:1521:$PORTAL_SID -sdad portal -o orasso -op $ORASSO_PASSWORD -odad orasso -host $HOSTNAME -ssl -port $MIDTIER_HTTPS_PORT -ldap_h $HOSTNAME -ldap_p $OID_PORT -ldap_w $IAS_PASSWORD -pwd $IAS_PASSWORD -sso_c $HOSTNAME:1521:$PORTAL_SID -sso_h $HOSTNAME -sso_p $INFRA_HTTPS_PORT -ultrasearch -oh $MIDTIER_ORACLE_HOME -mc false -mi true -chost $HOSTNAME -cport_i $WEBCACHE_INV_PORT -cport_a $WEBCACHE_ADM_PORT -wc_i_pwd invalidator -emhost $HOSTNAME -emport $EM_PORT -pa orasso_pa -pap $ORASSO_PA_PASSWORD -ps orasso_ps -pp $ORASSO_PS_PASSWORD -pd portal_dblink -p_tns $PORTAL_TNS -s_tns $PORTAL_TNS -verbose -portal_only $MIDTIER_ORACLE_HOME/assistants/opca/ptlasst.csh -mode SSOPARTNERCONFIG -i custom -s portal -sp $PORTAL_PASSWORD -c $HOSTNAME:1521:$PORTAL_SID -sdad portal -o orasso -op $ORASSO_PASSWORD -odad orasso -host $HOSTNAME -ssl -port $MIDTIER_HTTPS_PORT -sso_c $HOSTNAME:1521:$PORTAL_SID -sso_h $HOSTNAME -sso_p $INFRA_HTTPS_PORT -pa orasso_pa -pap $ORASSO_PA_PASSWORD -ps orasso_ps -pp $ORASSO_PS_PASSWORD -p_tns $PORTAL_TNS -s_tns $PORTAL_TNS -verbose -silent echo '--------' echo 'WebCache' echo '--------' export ORACLE_HOME=$INFRA_ORACLE_HOME sqlplus portal/$PORTAL_PASSWORD@$PORTAL_TNS @$MIDTIER_ORACLE_HOME/portal/admin/plsql/wwc/cachseed.sql $HOSTNAME $WEBCACHE_INV_PORT $WEBCACHE_ADM_PORT invalidator on portal echo '********** Part 3 - restart the MIDTIER **************' export ORAENV_ASK=NO export ORACLE_SID=$MIDTIER_SID . oraenv unset ORAENV_ASK echo '--- MIDTIER: stop all the dcm processes' cd $ORACLE_HOME/dcm/bin dcmctl stop -v echo '--- MIDTIER: clear the PLSQL cache' rm -Rf $ORACLE_HOME/Apache/modplsql/cache/plsql echo '--- MIDTIER: start all the dcm processes' dcmctl start -v export ORAENV_ASK=NO export ORACLE_SID=$INFRA_SID . oraenv unset ORAENV_ASK echo '--- INFRA: stop all the dcm processes' cd $ORACLE_HOME/dcm/bin dcmctl stop -v echo '--- INFRA: start all the dcm processes' dcmctl start -v - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SECURITY COMMENTS ----------------- This configuration has HTTP port of Webcache reachable from outside. Webcache has no way to limit the use of a port to a specific machine or IP address. This is not a real issue because the goal of SSL is not to avoid that people access your server but that people intercept the data sent between the browser and the webserver. But in case that you/your customer is very sensible about security and want a webserver with SSL only (what is very rare), you may want to add a firewall in front of Webcache to block the HTTP port. RELATED DOCUMENTS ----------------- Note 161863.1 - Configuring WebCache with SSL - NT/2000 Note 165305.1 - Configuring WebCache with SSL - Unix
  </PRE>

• Installing SSL Certificate for ITS WGate with sapgenpse

  Hello.
  We have setup Web Dispatcher and ITS WGate on the same host. Dispatcher accepts connections from 443 and ITS accepts connections from 8000.
  We have done SSL Settings for Web Dispatcher with sapgenpse successfully.
  But as WGate is running on Microsoft IIS Server, we couldn't install the same certificate response to Microsoft IIS. Is there a way to install certificate for ITS Server with sapgenpse tool or IIS Server's tool?
  Or should we demand another SSL response from CA generated from Microsoft IIS Server?
  Thanks in advance.
  Edited by: teknikdanisman on Jan 15, 2010 10:42 AM

  I have solved the problem. I have exported the SSL key with sapgenpse in format P12 and imported from IIS.