Ssl handshake log api

Similar Messages

• IPlanet 6.0 - Enabling HTTP logging to debug SSL Handshake

  Hello all,
  We have a IPlanet 6.0 web server instance which receives secure HTTP requests from client systems. We are experiencing a SSL handshake failure. We have ensured that the correct certificates are installed at both ends.
  A wireshark trace at the web server shows that the Client Hello was received successfully and a Server Hello was never sent. Our conjecture is that this could be because the cipher suites do not match. It could be extremely useful to us if we could enable appropriate levels of logging and/or add JVM options to log the HTTP/SSL handshake transactions.
  Can someone help us with the additional logging? If there are questions that I can answer, please let me know.
  Thanks,
  Sourabh

  6.0 is EOL (dead). Please upgrade to 7.0.
  I can answer SSL protocol questions as far as they apply to 7.0, but don't have any information about 6.0 specifically.
  The JVM is not involved in SSL protocol handling. In general for diagnostics, always set the Web Server error log to verbose. That said in this case it probably won't help much, but can't hurt.
  If the client hello is being silently ignored there is some higher level problem going on. Either the server has crashed or is hung or maybe it never received the client request or maybe its response was lost (a misbehaving firewall dropping packets, for example). This is not a case of merely having no common ciphersuite, the server would still have sent a failure response if it was able to do so.
  It might not reveal much more than wireshark did, but first thing I'd try (after upgrading to 7.0 ;-), is run the connection attempt through ssltap and see what it reports.

• How do I log SSL Handshaking?

  How do I log SSL Handshaking? I saw refer to a ssl_engine_log, but I cant find one on my server.
  HTTP Server 10g(10.1.3.1.0)

  I am using OHS 2.0. The SSL communication is in the ErrorLog. I see logs when my server acts as the server, but not when it acts a client.
  How do log communication when my server is the client in the SSL authenication process?
  I hope this makes sense, because I am bad when it comes to explaining things :-)

• How to log SSL Handshaking

  How do I log SSL Handshaking? I saw refer to a ssl_engine_log, but I cant find one on my server.
  HTTP Server 10g(10.1.3.1.0)

  I am using OHS 2.0. The SSL communication is in the ErrorLog. I see logs when my server acts as the server, but not when it acts a client.
  How do log communication when my server is the client in the SSL authenication process?
  I hope this makes sense, because I am bad when it comes to explaining things :-)

• SSL Handshake Error in Android (ADF Mobile)

  Hi Guys,
  Now I am tried to using "https" Web service with my application, but seems show SSL handshake error specially in Android only, iOS is totally working.
  Log from Android is
  09-27 18:09:03.252: I/System.out(30444): [SEVERE - oracle.adfmf.framework - adf.mf.internal - logError] Request:  {classname: oracle.adfmf.framework.api.Model; method: processBatchRequests; params: [0: false][1: [0: {classname: oracle.adfmf.framework.api.Model; method: evaluateMethodExpression; params: [0: #{bindings.AgentAuthenCDKey.execute}][1: [0: {.type: oracle.adfmf.amx.event.ActionEvent; }]][2: void][3: [0: oracle.adfmf.amx.event.ActionEvent]]; }]]; } exception:  {message: SSL handshake failure; errorCode: 409; .type: oracle.adfmf.framework.exception.AdfInvocationRuntimeException; .exception: true; severity: ERROR; errorCategory: WEBSERVICE; }
  How to solved this one ?
  ** If my android didn't connect to internet, it still show "SSL handshake error" too, that so weird !

  Hi,
  Sorry to bump this, but I have the exact same problem. "SSL Handshake Error" when calling SSL enabled web services - works fine on iOS, but not on Android, which implies to me a problem with the framework rather than my certificate?
  : D/CVM(985): [SEVERE - oracle.adfmf.framework - Utility - invoke] InvocationTargetException Error: ERROR [oracle.adfmf.framework.exception.AdfInvocationRuntimeException] - SSL handshake failure
  I'm on JDeveloper 11.1.2.4, ADF Mobile Framework 11.1.2.4.39.64.51.
  Are there any known issues with ADF Mobile/SSL on Android?
  Any help is much appreciated.
  Rich.

• Weblogic server 10.3.5 error during SSL handshake

  Please some one help to figure the issue with following logs.
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33092690>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33095418>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33092490 SSL Version data invalid>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
  <16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
  java.lang.Exception: New alert stack
       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
       at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
       at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
       at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  >
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33092690>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33095215 SSL Version data invalid>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
  <16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
  java.lang.Exception: New alert stack
       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
       at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
       at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
       at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  >
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33095418>
  I just created domain with http and https ports. I installed an web app. When I am trying to access the app from browser through https the above error is occurring.
  Please somebody help me.
  Thanks in advance.
  SK

  This message indicates that the SSL connection is closed successfully. It is a warning message and normal to see in the logs when you enable the SSL debug flags. This is an expected behavior. If you see alerts when SSL debug is NOT ENABLED then it is a real alert and we need to take care of those issues. Also, it is not a real alert, it is a caught and handled exception from the certicom code which is not harmful and should be ignored, just because you have enabled the SSL debug flag. Once you turn it off, you won't see it in the logs.
  Edited by: sharmela on Jan 22, 2013 4:55 AM

• EAP-TLS or PEAP authentication failed during SSL handshake

  Hi Pros,
                 I am a newbie in the ACS 4.2 and EAP-TLS implementation, with that being said. I face an issue during a EAP-TLS implementation. My search shows that this kind of error message is already certificate issue;However, I have deleted and recreated the certificate in both ACS and the client with the same result. I have deleted and re-install the certchain as well.
  When I check my log in the failed attemps, there is what I found:
  Date
  Time
  Message-Type
  User-Name
  Group-Name
  Caller-ID
  Network Access Profile Name
  Authen-Failure-Code
  Author-Failure-Code
  Author-Data
  NAS-Port
  NAS-IP-Address
  Filter Information
  PEAP/EAP-FAST-Clear-Name
  EAP Type
  EAP Type Name
  Reason
  Access Device
  Network Device Group
  06/23/2010
  17:39:51
  Authen failed
  000e.9b6e.e834
  Default Group
  000e.9b6e.e834
  (Default)
  EAP-TLS or PEAP authentication failed during SSL handshake
  1101
  10.111.22.24
  25
  MS-PEAP
  wbr-1121-zozo-test
  Office Networ
  06/23/2010
  17:39:50
  Authen failed
  [email protected]
  Default Group
  000e.9b6e.e834
  (Default)
  EAP-TLS or PEAP authentication failed during SSL handshake
  1098
  10.111.22.24
  25
  MS-PEAP
  wbr-1121-zozo-test
  Office Network
  [email protected] = my windows active directory name
  1. Why under EAP-TYPE it shows MS-PEAP not EAP-TLS? I did configure EAP-TLS....
  2. Why sometimes it just shows the MAC of the client for username?
  3. Why  it puts me in DEFAULT-GROUP even though i belongs to a group well definy in the acs?
  2. Secondly, When I check in pass authentications... there is what i saw
  Date
  Time
  Message-Type
  User-Name
  Group-Name
  Caller-ID
  NAS-Port
  NAS-IP-Address
  Network Access Profile Name
  Shared RAC
  Downloadable ACL
  System-Posture-Token
  Application-Posture-Token
  Reason
  EAP Type
  EAP Type Name
  PEAP/EAP-FAST-Clear-Name
  Access Device
  Network Device Group
  06/23/2010
  17:30:49
  Authen OK
  groszozo
  NOC Tier 2
  10.11.10.105
  1
  10.111.22.24
  (Default)
  wbr-1121-zozo-test
  Office Network
  06/23/2010
  17:29:27
  Authen OK
  groszozo
  NOC Tier 2
  10.11.10.105
  1
  10.111.22.24
  (Default)
  wbr-1121-zozo-test
  Office Network
  In the output below, it says that the user is authenticate and it puts the user in the right group with the right username, but the user never really authenticate. Maybe for the first few seconds when I initiate the connection.
  Before I forget, the suppliant is using WIN XP and 802.1x is enable. I even uncheck not verify the server and the ACS under External User Databases, I did  check ENABLE EAP-TLS machine authentication.
  Thanks in advance for your help,
  Crazy---

  Any ideas on this guys?? In my end, i've been reading some docs... Things started to make sens to me, but I still cannot authenticate, still the same errors. One more thing that catch my  attention now is the time it takes to open a telnet session to cisco device which has the ACS for auth server.
  My AD(Active Direct) and the ACS server are local same subnet(server subnet). Ping to the ACS from my desktop which is in different subnet is only take 1ms. To confirm that the issue is the ACS server, I decided to use another server in remote location, the telnet connection is way faster than the local ACS.
  Let's brain storm together to figure out this guys.
  Thanks in advance,
  ----Paul

• EAP-TLS or PEAP authentication failed during SSL handshake error

  I have 2 Windows 2003 ACS 3.2 servers. I am in the process of upgrading them to ACS 4.0. I am using them for WPA2/PEAP wireless authentication in a WDS environment. I recently upgraded one to ACS 4.0 and ever since that time some (not all) of my Windows XP clients have started to not be authenticated and logging the error "EAP-TLS or PEAP authentication failed during SSL handshake" on the ACS 4.0 server. During the upgrade (which was successful) I did change the Certificate since the current one was going to expire November 2007.
  The clients that do not authenticate on the ACS 4.0 server I can point to the ACS 3.2 server and they successfully authenticate there. I am able to resolve the issue by recreating the Windows XP PEAP profile for the wireless network and by getting a new client Cert. But, I have a couple of questions:
  Is the "EAP-TLS or PEAP authentication failed during SSL handshake" error due to the upgrade to ACS 4.0 or to the fact that I changed the Certificate, or both?
  Can this error ("EAP-TLS or PEAP authentication failed during SSL handshake") be resolved without me touching every Windows XP client (we have over 250+)?
  Thanks for the help

  My experience suggests that the problem is the certificate.
  I'm running ACS 3.3.
  I received the same error message when my clients copied the certificate to the wrong location, or otherwise did not correctly follow the provided instructions.
  Correctly following the instructions led to a successful connection and no more error message.

• SSL error logging into Financial Reporting Studio

  We are using Financial Reporting 11.1.2.1, patch 120. We terminate SSL at a load-balancing appliance, therefore, none of the Hyperion services have SSL enabled.
  Users were able to log into Financial Reporting Studio (FRS) using https://servername:port successfully until we installed a new digital certificate in the virtual IP on the load-balancing appliance. Now when the users try to log into FRS, a SSL handshake error is written to the client log file. See below for full error.
  We have restarted all Hyperion services and verified that browser access to the EPM environment is working using https. We also tried uninstalling the FRS client and reinstalling, but get the same error.
  The original digital certificate was not imported on the Hyperion servers or client machines. The new digital certificate has not been imported either.
  Oracle Support said that we need to create a keystore file on each client machine and import the new digital certificate.
  Wondering if anyone else has run into this issue or can explain why we would need to import the new cert on each client, when we never had to import the original cert on the client?
  We also verified that if we revert back to the original cert on the load-balancer, the users can log into FRS.
  Thanks,
  Robin
  FRClientLogging.log:
  [2012-05-15T09:39:19.438-06:00] [EPMFR] [ERROR] [] [oracle.EPMFR.core] [tid: main] [ecid: 0000JTH9owO5EgG6yzFg6G1FgbYb000000,0] [SRC_CLASS: com.hyperion.reporting.registry.FRSystem] [SRC_METHOD: getObjectFromURL] [[
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
       at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:506)
       at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
       at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
       at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
       at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
       at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
       at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
       at com.hyperion.reporting.registry.FRSystem.getObjectFromURL(Unknown Source)
       at com.hyperion.reporting.registry.FRSystem.lookupHsServer(Unknown Source)
       at com.hyperion.reporting.javacom.HsServer.getServer(Unknown Source)
       at com.hyperion.reporting.javacom.HsHelper.getServer(Unknown Source)
  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:294)
       at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:200)
       at sun.security.validator.Validator.validate(Validator.java:218)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014

  fixed by creating local keystore on each client machine, importing the certificate into the keystore and adding the following registry entry on each client machine:
  -Djavax.net.ssl.trustStore=full path to keystore file.
  registry entry added to HKEY_LOCAL_MACHINE\SOFTWARE\Hyperion Solutions\Hyperion Reports\HReports\JVM
  still no answer from Oracle Support as to why it was necessary to do this for the new certificate when we did not have to do this for the original certificate.

• Nodemanager ssl handshake wls9.2

  I started Adminserver and Nodemanager manually.
  When I try to see the Nodemanager status in the adminconsole I get:
  I/O error while reading domain directory: java.io.FileNotFoundException: Domain directory 'C:\win32app\bea\weblogic92\common\nodemanager' invalid (domain salt file not found)
  The Nodemanager logfile says:
  <30.01.2007 09:52:01> <Warning> <Uncaught exception in server handler: javax.net.ssl.SSLHandshakeException: [Security:090476]Invalid/unknown SSL header was received from peer localhost - 127.0.0.1 during SSL handshake.>
  javax.net.ssl.SSLHandshakeException: [Security:090476]Invalid/unknown SSL header was received from peer localhost - 127.0.0.1 during SSL handshake.
  and
  <30.01.2007 09:52:29> <Warning> <I/O error while reading domain directory: java.io.FileNotFoundException: Domain directory 'C:\win32app\bea\weblogic92\common\nodemanager' invalid (domain salt file not found)>
  java.io.FileNotFoundException: Domain directory 'C:\win32app\bea\weblogic92\common\nodemanager' invalid (domain salt file not found)
       at weblogic.nodemanager.server.DomainManager.initialize(DomainManager.java:71)
       at weblogic.nodemanager.server.DomainManager.<init>(DomainManager.java:43)
       at weblogic.nodemanager.server.NMServer.getDomainManager(NMServer.java:239)
       at weblogic.nodemanager.server.Handler.handleDomain(Handler.java:210)
       at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:105)
       at weblogic.nodemanager.server.Handler.run(Handler.java:66)
       at java.lang.Thread.run()V(Unknown Source)
  startNodemanager.cmd has not been changed.
  What I saw is, that Nodemanager is running with jRockit, my Adminserver is running on the wls92 jdk150_04.
  What is wrong ?
  Thanks Thomas

  Tried changing parameters -
  DomainsFile=D\:\\bea10\\WEBLOG~1\\common\\NODEMA~1\\nodemanager.domains
  LogLimit=0
  PropertiesVersion=10.0.0.0
  javaHome=d\:\\bea10\\jrockit90_150_06
  AuthenticationEnabled=true
  NodeManagerHome=D\:\\bea10\\WEBLOG~1\\common\\NODEMA~1
  JavaHome=d\:\\bea10\\jrockit90_150_06\\jre
  LogLevel=INFO
  DomainsFileEnabled=true
  StartScriptName=
  ListenAddress=
  NativeVersionEnabled=true
  ListenPort=5556
  LogToStderr=true
  SecureListener=true
  LogCount=1
  StopScriptEnabled=false
  QuitEnabled=false
  LogAppend=true
  StateCheckInterval=500
  CrashRecoveryEnabled=false
  StartScriptEnabled=false
  LogFile=D\:\\bea10\\WEBLOG~1\\common\\NODEMA~1\\nodemanager.log
  LogFormatter=weblogic.nodemanager.server.LogFormatter
  ListenBacklog=50
  but same error -
  <Feb 8, 2007 10:10:42 AM> <INFO> <Secure socket listener started on port 5556>
  <Feb 8, 2007 10:10:52 AM> <INFO> <jmsdomain> <States = {AdminServer=UNKNOWN, man
  2=UNKNOWN, man1=UNKNOWN, domain_bak=UNKNOWN}>
  <Feb 8, 2007 10:10:55 AM> <Warning> <I/O error while reading domain directory: j
  ava.io.FileNotFoundException: Domain directory 'D:\bea10\weblogic100tp\common\no
  demanager' invalid (domain salt file not found)>
  java.io.FileNotFoundException: Domain directory 'D:\bea10\weblogic100tp\common\n
  odemanager' invalid (domain salt file not found)
  at weblogic.nodemanager.server.DomainManager.initialize(DomainManager.ja
  va:81)
  at weblogic.nodemanager.server.DomainManager.<init>(DomainManager.java:5
  3)
  at weblogic.nodemanager.server.NMServer.getDomainManager(NMServer.java:2
  52)
  at weblogic.nodemanager.server.Handler.handleDomain(Handler.java:218)
  at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:109)
  at weblogic.nodemanager.server.Handler.run(Handler.java:66)
  at java.lang.Thread.run()V(Unknown Source)
  Regards,
  Sid

• Ssl handshake error when activating changes in admin console

  An error occurred during activation of changes, please see the log for details.
  [Deployer:149150]An IOException occurred while reading input.; nested exception is: javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from 10.26.176.83 - 10.26.176.83 was not trusted causing SSL handshake failure.; nested exception is: javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from 10.26.176.83 - 10.26.176.83 was not trusted causing SSL handshake failure.
  [Security:090477]Certificate chain received from 10.26.176.83 - 10.26.176.83 was not trusted causing SSL handshake failure.
  WLS 10.3 on Windows 2008: I configured one of my managed servers for SSL and I'm able to reach deployments via browser and the keystore/certificate chain I have setup. However, I'm getting the above error in Admin Console all over the place. I am unable to commit configuration changes without deleting the SSL managed server. The admin server is still HTTP via 7001. I'm not sure where to look to resolve this issue. Any ideas appreciated.

  It seems like you did not update the trust store of your AdminServer. It acts as a ssl client of your managed server and cannot verify its identity certificate.

• SOAP-ENV:IOException; msg=SSL handshake failed: SSLProtocolErr

  Getting following error while invoking webservice over ssl.
  "SOAP-ENV:IOException; msg=SSL handshake failed: SSLProtocolErr"
  We generated webservice java stub using JDeveloper based on wsdl provided to us from 3rd party. We are able to test this webservice successfully without ssl . Once ssl is enabled by the 3rd party webservice provider we faced
  "java.lang.UnsatisfiedLinkError: no njssl9 in java.library.path" error in JDeveloper.
  In JDeveloper we were able to resolve this by following details provided at
  Lehmann's web log on "Securing a Web Service - Client SSL" (http://radio.weblogs.com/0132036/2004/02/13.html ).
  We then run the same java stub from oracle application server 9iAS 1.0.2.2.2. This is when we get error
  "SOAP-ENV:IOException; msg=SSL handshake failed: SSLProtocolErr"
  Debugging further we see that in 9iAS we have following in our class path.
  ..iAS/jlib/jssl-1_1.jar:..iAS/jlib/javax-ssl-1_1.jar:..iAS/soap/webapps/soap/WEB-INF/lib/soap.jar
  we took the same files and added to libraries in JDeveloper and are able to reproduce the same error in JDeveloper. We turned on Debug on oracle.jssl.debug and with that we see following details
  instantiate the hashtable
  SocketTable write Enter fdin 1
  SocketTable write offset 0 length 72
  SocketTable write: 72 bytes
  SocketTable read Enter
  SocketTable read: 1 bytes
  SocketTable read Enter
  SocketTable read: 2 bytes
  SSLSocketImpl close Thread:main
  In close removing fd 1Thread main
  [SOAPException: faultCode=SOAP-ENV:IOException; msg=SSL handshake failed: SSLProtocolErr...
  Any suggestions on how to resolve this error in oracle application server 9iAS ?
  Note: We run Oracle E-Business Suite on this same 9iAS so any change we make should not impact the oracle applications running on this server.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

  hi,
  thi sis very simple soloution for this. open the wsdl into the internet explorer. when wsdl file open save this wsdl with the .xml extension. when u want to make dat contorl or web sekelton or proxy dont use the hhtps:// ????????/ url give the path there for the .xml file which u save for this. i am sure u will invoke all the services which is provoider by the web service.
  have nice day
  best regards

• OCS SSL handshake

  Hi !
  I have a server running OCS 10G Release 1, in a single box layout.
  I have the OCS running in SSL mode and i have the same server acting as a Certificate Authority.
  I'm able of logging using SSL in the workspaces,calendar,real time conference, but in the real time conference , if i try to upload a document i have this error :
  SSL Handshake Failed.
  The certificate submitted by the site has either expired or is not trusted by the iMeeting server.
  Please request your iMeeting server administrator to update the Trusted Signer Certificates Database with the certificate for the site you are visiting.
  Any tips?
  Best regards,
  Bruno Sousa

  Hi there,
  We are currently migrating to OCS.
  We have a postfix+clam+spamassassin working instalation, and we are keeping it.
  The OCS in my company will be more for having one interface that is standard to alot of things, like calendar, personal and shared ones, workspaces, webdav acess from anywhere, with a Windows application or with some internet browser.
  For now i will have OCS doing relay to my postfix server , so the postfix will be my SMTP gateway with all the advantages of it.
  Best regards,
  Bruno Sousa

• ASA 5505 SSL VPN LOG failed

  %ASA-6-725001: Starting SSL handshake with client outside:58.211.122.212/3293 for TLSv1 session.
  %ASA-6-725003: SSL client outside:58.211.122.212/3293 request to resume previous session.
  %ASA-6-725002: Device completed SSL handshake with client outside:58.211.122.212/3293
  %ASA-6-113012: AAA user authentication Successful : local database : user = admin
  %ASA-6-113009: AAA retrieved default group policy (SSLCLientPolicy) for user = admin
  %ASA-6-113008: AAA transaction status ACCEPT : user = admin
  %ASA-7-734003: DAP: User admin, Addr 58.211.122.212: Session Attribute aaa.cisco.grouppolicy = SSLCLientPolicy
  %ASA-7-734003: DAP: User admin, Addr 58.211.122.212: Session Attribute aaa.cisco.username = admin
  %ASA-7-734003: DAP: User admin, Addr 58.211.122.212: Session Attribute aaa.cisco.tunnelgroup = SSLClientProfile
  %ASA-6-734001: DAP: User admin, Addr 58.211.122.212, Connection Clientless: The following DAP records were selected for this connection: DfltAccessPolicy
  %ASA-4-716023: Group <SSLCLientPolicy> User <admin> IP <58.211.122.212> Session could not be established: session limit of 2 reached.
  %ASA-4-716007: Group <SSLCLientPolicy> User <admin> IP <58.211.122.212> WebVPN Unable to create session.
  %ASA-6-302013: Built inbound TCP connection 137616 for outside:58.211.122.212/3294 (58.211.122.212/3294) to identity:61.155.55.66/443 (61.155.55.66/443)
  %ASA-6-302013: Built inbound TCP connection 137617 for outside:58.211.122.212/3295 (58.211.122.212/3295) to identity:61.155.55.66/443 (61.155.55.66/443)
  %ASA-6-725001: Starting SSL handshake with client outside:58.211.122.212/3294 for TLSv1 session.
  %ASA-6-725003: SSL client outside:58.211.122.212/3294 request to resume previous session.
  %ASA-6-725001: Starting SSL handshake with client outside:58.211.122.212/3295 for TLSv1 session.
  %ASA-6-725003: SSL client outside:58.211.122.212/3295 request to resume previous session.
  Red error what is the reason? Only appears in the window 2003 server.

  ciscoasa# show   activation-key 
  Serial Number:  JMX1314Z1UV
  Running Activation Key: 0x9625fa6a 0x68e90200 0x38c3adac 0xaa0448d0 0x4b3815b6
  Licensed features for this platform:
  Maximum Physical Interfaces    : 8        
  VLANs                          : 3, DMZ Restricted
  Inside Hosts                   : 10       
  Failover                       : Disabled
  VPN-DES                        : Enabled  
  VPN-3DES-AES                   : Enabled  
  SSL VPN Peers                  : 2        
  Total VPN Peers                : 10       
  Dual ISPs                      : Disabled 
  VLAN Trunk Ports               : 0        
  Shared License                 : Disabled
  AnyConnect for Mobile          : Disabled 
  AnyConnect for Cisco VPN Phone : Disabled 
  AnyConnect Essentials          : Disabled 
  Advanced Endpoint Assessment   : Disabled 
  UC Phone Proxy Sessions        : 2        
  Total UC Proxy Sessions        : 2        
  Botnet Traffic Filter          : Disabled 
  This platform has a Base license.
  The flash activation key is the SAME as the running key.
  ciscoasa#
  Sure ？it was licence question？

• SSL handshake failed: X509CertChainIncompleteErr - How to call secure WS?

  Hi all, I'm trying to use a third party web service over SSL. I'm using jdk 1.5.0_11 and jDev 10.1.3.0.4.
  Here is what I've done so far:
  1 - I generated a web service proxy using jDev's wizard.
  2 - I created a simple keystore with keytool with the following cmd:
  keytool -genkey -keystore techdspc.keystore -storepass ****** . I copied the .keystore file in my project under the src directory.
  3 - I used the wizard "Secure Proxy" on my web service with the following options:
  - "Use x509 to authenticate"
  - I specified my newly created keystore file as the keystore path as well as the password.
  - I left the default choice to all the other options.
  Once the files were all created by the wizard, I tried out the proxy and got the following error:
  ATTENTION: Unable to connect to URL: https://test.eai.adpclaims.com/WSProxy/WS_Proxy.asmx due to java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
  java.rmi.RemoteException: ; nested exception is:
       HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
       at audatex3.runtime.WSProxySoap_Stub.transmit(WSProxySoap_Stub.java:679)
       at audatex3.WSProxySoapClient.transmit(WSProxySoapClient.java:83)
       at audatex3.WSProxySoapClient.main(WSProxySoapClient.java:43)
  The owner of the Web Service told me that the error is without a doubt on the proxy side. Si my question is: What am I doing wrong?
  Your help will be greatly appreciated.
  thanks!

  I tried generating an other keystore with a slightly different cmd and I still get the same error so this does not seem to be the problem...
  Any ideas?¸
  Thanks