SSL Server without Server Cert
The SSL specification http://wp.netscape.com/eng/ssl3/3-SPEC.HTM
Section 7.5 Handshake protocol overview
says
That Server Certificates are optional. Is it possible in JSSE to create a SSL Server Socket and start accepting clients without a Server Certificate ?.
Any samples/help appreciated.
regards
Rajesh
Look here:
http://forum.java.sun.com/thread.jsp?forum=2&thread=410373
Good luck!
Grant
Similar Messages
-
How to install yosemite on lion server without server application
I have osx 10.7.5 (that's all it says when I click about this app, but I know the computer was installed with lion with server app originally). I don't need nor want the server app, and am happy to remove it one way or another. Server is currently disabled. I want to know how to upgrade to mavericks or yosemite without any server aspect at all. Can it be done? I have googled until my head has exploded and am none the wiser. Most people seem to be unsuccessful. I did previously try to install mavericks when it came out but it came up with some random scary message and I cancelled it.
Both my mac mini 2011 disks are in use for different reasons - one tends to be more operational such as the operating system and apps, the other to save all my photos, videos and files mainly. I have a separate ext hard drive for time machine back ups.
I have no tech skills whatsoever, so baby language please. Be specific. Outline EVERY step in simple language. Or I will cry!
Thanks!
JodiThere's nothing special you have to do. Just upgrade. The Server app won't come back.
-
How used single ssl for tow exchange server without clustering
how used single ssl for tow exchange server without clustering
exchange 2003 std fron-end server
used for add new server for owa failover or standbyOlivia, hopefully by now you have solved your issue but just for the sake of answering that question here so that people having the same issue can later find it I'll go through the motions:
there are a couple of ways you can achieve this.
A. get a certificate for free out there
B. generate your own self signed "fake" certificate.
certutil will certainly let you do this, here's how:
1. First, create a file/directory layout to store your certificates
mkdir -p /path/to/certificates/selfsignedCA2. Initialize a database for the certificate you want to create
certutil -N -d /path/to/certificates/selfsignedCA -P "ca-"3. Create a self-signed CA certificate
certutil -S -x -n "ca-cert" -s "cn=SelfSigned CA Certificate,dc=yourSuffix" -t CTPu -v 120 -d /path/to/certificates/selfsignedCA -P "ca-" -5Note: when prompted, select choice (5) SSL CA and 'y' for critical extensions
4. Export the your newly created self-signed CA certificate in PEM format
certutil -L -d /path/to/certificates/selfsignedCA -P "ca-" -n "ca-cert" -a > /path/to/certificates/selfsignedCA.pemthat should get you going
-=arnaud=- -
Can port 25 be used for SSL-enable SMTP server ?
Hi,
Our customer is using port 25 for a SSL-enabled SMTP server without certificate. When our email client tried to connect to it, the following exception thrown:
DEBUG SMTP: exception reading response: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
Since we don't want to ask our customer to change their port configuration unless absolutely necessary, we did some tests with our own SSL-enabled SMTP server that uses certificate. Here is what I got:
1) with port 25, got the same exception as above;
2) with port 465, worked fine;
3) with any other randomly pick up valid port, worked fine.
This made me wonder if 25 is for non SSL SMTP server ONLY. By the way, I'm using Javamail 1.3.4 and JSDK 1.4.2_02. My question is whether we can configure javamail so that port 25 can be used by SSL-enabled SMTP server?
Your help will be appreciated.Yes, port 25 is intended for non-SSL servers only, although that doesn't
prevent a client from making a plain text connection and then using the
STARTTLS command to switch the connection to SSL/TLS. JavaMail 1.4
supports that usage.
You can configure JavaMail to use port 25 for SSL connections if you
really want to. JavaMail 1.3.x requires you configure an appropriate
socket factory to get SSL connections; you can configure whatever port
you want for use with that socket factory. -
Can't get SMTP working with SSL on Panther Server
mail client is mail.app
mail server on panther server (ie the default one)
all works fine without SSL
if i turn on the SSL option for IMAP in mail.app, it works
but if I turn on the SSL option for SMTP, it doesn't.
Mail.app tells me that "Starting TLS failed on SMTP server"
the server SMTP log tells me "Lost connection after STARTTLS"
Means nothing to me.
What do I do / hit / press / delete / click / copy / edit?
I'm guessing that TLS here is not the Times Literary Supplement, right?
Thanks for help and stuff
G5 1.6GHzIn Server Admin, make sure you set SMTP to 'use' not to 'require'
Otherwise other servers won't be able to send mail to you.
You still need to authenticate with whatever your server requires.
In Outgoing Mail Server 'Server Settings':
Port should be default of 25 unless you decide to setup an alternate port (a very good idea, but save that for later)
Set Authentication to whatever your server requires (same as when not using ssl)
Jeff -
Webdispatcher SSL load balance server mismatch errors
We are setting up a webdispatcher to access an Enterprise Portal with multiple instances. Currently it is working but we are having to overide host mismatches. in webdispacther log we see
[Thr 4856] Mon Mar 07 11:38:02 2011
[Thr 4856] MatchTargetName("aaa.mycompany.com", "CN=bbb.mycompany.com, OU=xxx, O=ooo, L=ccc, SP=sss, C=US") FAILS
[Thr 4856] SSL NI-sock: local=##.21.13.137:50746 peer=##.21.13.131:51001
[Thr 4856] <<- ERROR: SapSSLSessionStart(sssl_hdl=0000000008565100)==SSSLERR_SERVER_CERT_MISMATCH
The Portal instances are on
aaa.mycompany.com
bbb.mycompany.com
Currently have a CA approved certificate for each server installed in the portal. Dispatcher on aaa uses aaa cert, dispatcher on bbb uses bbb cert.
Message server is on aaa, but it will load balance and place you on either instance.
have following related parameters
wdisp/ssl_encrypt = 2
wdisp/ssl_auth = 2
wdisp/ssl_cred = C:\usr\sap\XXX\W00\sec\XXX.pse
wdisp/ssl_certhost = aaa.mycompany.com
wdisp/ssl_ignore_host_mismatch = TRUE
C:\usr\sap\XXX\W00\sec\XXX.pse has ssl cert of both aaa and bbb servers.
All seems to be working, as users are load balancing. They are not getting certificate mismatches in their browser anymore. We are getting the SSSLERR_SERVER_CERT_MISMATCH errors, but the messages do not seem to cause an issue since we have wdisp/ssl_ignore_host_mismatch set.
Can we eliminate those mismatch errors instead of masking the problem with wdisp/ssl_ignore_host_mismatch?
Should each portal instance have their own ssl cert, or is there a way to use one cert such as the aaa.mycompany.com cert on each portal instance? It seems like that might eliminate the mismatch errors. However, what happens when you go directly to the bbb.mycompany.com portal instance? there is a certificate error if you specify aaa's and you go to bbb. I was wondering if the wdisp/ssl_auth and wdisp/ssl_certhost are valid in the portal system so that each server uses the aaa server and certificate. I could not tell if this parameter is valid for java-only portal systems.
Thanks for your help.
Edited by: Fett Patrick on Mar 7, 2011 8:35 PMThank you Martin for your prompt reply. Can you clarify please, can we use the wdisp/ssl_certhost parameter in the instance profiles of the portal instances? I wasn't sure if that is only valid for webdispatchers or can also be used in abap/java systems?
We orginally had the aaa server certificate listed for each dispatcher in the portal under ssl provider runtime server identity. That caused a browser "certificate error" when accessing the bbb server. So we then installed an ssl certificate for bbb for its dispatcher. We could then go to either server with no browser "certificate mismatch" error.
Then when we added the webdispatcher, we started getting the server mismatch errors at the webdispatcher level. If the wdisp/ssl_certhost can be used in the portal profiles, then that would hopefully resolve direct access or via web dispatcher aceess mismatches. I.E. only the aaa ssl certificate would be used and parameters would be set at both the webdispatcher and portal profiles
Thanks, Pat. -
NetStorage server without eDirectory installed on Linux OES2-SP2
Hello Forums
I was wondering if NetStorage can be working on a Single
SLES10-SP3/OES2-SP2, server without actually having eDirectory on the
server itself but pointing the NetStorage configuration to any server
holding a R/W replica of eDirectory, by this making the NetStorage
easier to move to e.g. DMZ, e.t.c, or just making it a simpler setup for
the NetStorage.
I have tried this with 2 servers, one server with eDir installed and one
where only NetStorage is "ticked" under the OES Install and Configuration.
I can get as far as getting the login page up byt aint able to authenticate.
for the Certificate i took the pem file from the server i points to and
place in the /etc/ssl/servercerts/xxx.pem
Well i think i read sometime this was possible without eDirectory
actually on the NetStroage server, could be i'm Wrong.
Any ideas on this would be great.
Thanks
- MichaelAny OES2 server HAS to have eDirectory on it (that I'm aware of to function properly). However, you may be asking the question in the wrong way. Not sure how you'd login to iManager on the OES2 server to manage NetStorage if the eDir database isn't on there.
You MAY be wanting to know if the OES2 server needs an eDirectory REPLICA on it (there's a big difference).
If that's what you REALLY are asking, then the answer is:
No, you do not need an eDir replica on the server that runs NetStorage. In fact, you could even put the NetStorage server into its own tree if you had to (it's a little more complex to setup at that point, but it CAN be done).
I hope this helps. -
Procedure for Certificates if implementing Terminating SSL at web server
Hello Gurus,
We have implemented "Terminating SSL at Web Server" and have generated Certificates for the Server which hosts OHS. My doubt is
Do we need to generate Certificates for all the server that has EPM components or if it is correct if we generate Certificate only for OHS server.
Also if we also want to implement SSL for Essbase and making use of Wildcard Certs, can we add the ailas name for Essbase server to the SAN and use the same wallet on the server hosting Essbase server?
Thanks.I meant @Policy(uri = "policy:Wssp1.2-2007-Https.xml") Also I read this article which is talking about the policy file http://chrismuir.sys-con.com/node/1075471/mobile
Couple of questions:
1. As I said in my last thread, since Verisign certificate is installed in the web server, I can view the certificate details in the browser for any https requests to that server instead of just for this webservice request. How to block/filter other requests from using the certificate when involed using https?
2. When do we need policy files?
Edited by: user8115570 on Feb 6, 2012 2:55 PM -
ERROR http: 5: Unable to initialize ssl connection with server, aborting co
HI EXPERTS,
one of my database give me below error when i start its dbconsole. and after failure it give me meassge
TZ set to Asia/Karachi
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
https://test:5500/em/console/aboutApplication
Starting Oracle Enterprise Manager 10g Database Control ..............................................................
........ failed.
Logs are generated in directory /u01/oracle/product/10.2/cnichol_cpuplt/sysman/log
and in trace file name "emdctl.trc" below error is logged.
ERROR http: 5: Unable to initialize ssl connection with server, aborting connection attempt
ERROR ssl: nzos_Handshake failed, ret=29024
and trace file named "emagent.trc" give below error
2010-10-04 19:12:25 Thread-88238992 ERROR http: 11: Unable to initialize ssl connection with server, aborting connection attempt
2010-10-04 19:12:25 Thread-88238992 ERROR pingManager: nmepm_pingReposURL: Cannot connect to https://test:5500/em/upload/: retStatus=-1
2010-10-04 19:12:38 Thread-88238992 ERROR upload: Error in uploadXMLFiles. Trying again in 300.00 seconds.
dbconosle URL is
https://test:5500/em/console/aboutApplication
Operating system is Redhat linux AS 5.3
what is the possible cause of this failure any one can guide me.
thanx in Advance
regards,
Edited by: AMIABU on Oct 4, 2010 7:28 AMoracle@bcm-laptop:~$ emctl
Oracle Enterprise Manager 11g Database Control Release 11.2.0.1.0
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
Oracle Enterprise Manager 10g Database Control commands:
emctl start | stop dbconsole
emctl status | secure | setpasswd dbconsole
emctl config dbconsole -heap_size <size_value> -max_perm_size <size_value>
emctl status agent
emctl status agent -secure [-omsurl <http://<oms-hostname>:<oms-unsecure-port>/em/*>]
emctl getversion
emctl reload | upload | clearstate | getversion agent
emctl reload agent dynamicproperties [<Target_name>:<Target_Type>]....
emctl config agent <options>
emctl config agent updateTZ
emctl config agent getTZ
emctl resetTZ agent
emctl config agent credentials [<Target_name>[:<Target_Type>]]
emctl gensudoprops
emctl clearsudoprops
Blackout Usage :
emctl start blackout <Blackoutname> [-nodeLevel] [<Target_name>[:<Target_Type>]].... [-d <Duration>]
emctl stop blackout <Blackoutname>
emctl status blackout [<Target_name>[:<Target_Type>]]....
The following are valid options for blackouts
<Target_name:Target_type> defaults to local node target if not specified.
If -nodeLevel is specified after <Blackoutname>,the blackout will be applied to all targets and any target list that follows will be ignored.
Duration is specified in [days] hh:mm
emctl getemhome
emctl ilint
Em Key Commands Usage :
emctl config emkey -emkeyfile <emkey.ora path> [-force] [-sysman_pwd <sysman password>]
emctl config emkey -emkey [-emkeyfile <emkey.ora path>] [-force] [-sysman_pwd <sysman password>]
emctl config emkey -repos [-emkeyfile <emkey.ora path>] [-force] [-sysman_pwd <sysman password>]
emctl config emkey -remove_from_repos [-sysman_pwd <sysman password>]
emctl config emkey -copy_to_repos [-sysman_pwd <sysman password>]
emctl status emkey [-sysman_pwd <sysman password>]
Secure DBConsole Usage :
emctl secure dbconsole -sysman_pwd <sysman password> [-passwd_file <abs file loc>]
[-host <slb hostname>] [-sid <service name>] [-reset] [-secure_port <secure_port>]
[-root_dc <root_dc>] [-root_country <root_country>] [-root_state <root_state>] [-root_loc <root_loc>]
[-root_org <root_org>] [-root_unit <root_unit>] [-root_email <root_email>]
[-wallet <wallet loc>] [-wallet_pwd <wallet pwd>] [-trust_certs_loc <certs loc>]
emctl secure status dbconsole
Register Targettype Usage :
emctl register oms targettype [-o <Output filename>] <XML filename> <rep user> <rep passwd> <rep host> <rep port> <rep sid> OR
emctl register oms targettype [-o <Output filename>] <XML filename> <rep user> <rep passwd> <rep connect descriptor> -
How write rmi-iiop over ssl with weblogic server 6.1 - No server found
//New
Hello,
I have written an appication like this:
- An EJB server running on Weblogic server 6.1
(named: BankServerHome)
-A java client calling the BankServer.
Platform: windows 2000 - jdk1.3
Now I want to secure the communication with SSL protocol.
I have done this:
-generate a key peer with weblogic service named certificate.
-send the CSR to a CA and place the answer into the weblogic
server certificate directory.
-update path for ServerCertificateChainFileName,
ServerCertificateFileName, ServerKeyFileName into config.xml.
-launch weblogicServer
-> server certificate is recognized
-> listening port 7001 and 7002.
(-stop weblogicServer!)
At now, all is all right, errors come hereafter:
Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
"To use RMI over IIOP over SSL with a Java client, do the following:
2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
connections. Be sure to specify the port on which WebLogic Server listens for
SSL connections. For an example of a class that extends the
java.rmi.server.RMISocketFactory class, see Listing 4-22.
3. Run the ejbc compiler with the -d option.
4. Add your extension of the java.rmi.server.RMISocketFactory class to the
CLASSPATH of the Java client.
5. Use the following command options when starting the Java client:
-xbootclasspath/a:%CLASSPATH%
-Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
-Dssl.certs=directory location of digital certificate for Java client
-Dssl.key=directory location of private key for Java client"
At step 3. I found into documentation that -d is linked to a directory name.
When I run ejbc with this option -d I have the message:
"ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
% So what option can I use to run ejbc for secure usage?
At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
this pointed class is not instanciated.
Then I can not create a socket with my client.
The folowing exception is raised:
javax.naming.CommunicationException [Root exception is java.net.ConnectException:
No server found at T3S://localhost:7002]
So, my questions are:
% Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
the server?
My java client part, managing connection is:
-------------------BEGIN OF CONNECTION MANAGER-------------------
Properties env = new Properties ();
// Shouldn't have to do this, but for now you must
if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
env.put ("java.naming.provider.url", "t3s://localhost:7002");
InitialContext context = new InitialContext (env);
BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
BankServer = bssh.create();
-------------------END OF CONNECTION MANAGER-------------------
I have also try
env.put ("java.naming.provider.url", "corbaloc:iiop://localhost:7002");
but it throws the following error
javax.naming.InvalidNameException: url does not conatin !!!
% What is the code for the java client allowing connection with the ejb?
% And better, can I have a sample example for rmi-iiop over ssl?
(...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
speak ssl!)
Any help will be appreciate from you...
Best Regards.
Oliver"oliver" <[email protected]> writes:
The SSL support is poorly doc'd right now. We have fixed this and
updated the way you do things in SP2. Please either wait for SP2 or
contact support.
andy
I have written an appication like this:
- An EJB server running on Weblogic server 6.1
(named: BankServerHome)
-A java client calling the BankServer.
Platform: windows 2000 - jdk1.3
Now I want to secure the communication with SSL protocol.
I have done this:
-generate a key peer with weblogic service named certificate.
-send the CSR to a CA and place the answer into the weblogic
server certificate directory.
-update path for ServerCertificateChainFileName,
ServerCertificateFileName, ServerKeyFileName into config.xml.
-launch weblogicServer
-> server certificate is recognized
-> listening port 7001 and 7002.
(-stop weblogicServer!)
At now, all is all right, errors come hereafter:
Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
"To use RMI over IIOP over SSL with a Java client, do the following:
2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
connections. Be sure to specify the port on which WebLogic Server listens for
SSL connections. For an example of a class that extends the
java.rmi.server.RMISocketFactory class, see Listing 4-22.
3. Run the ejbc compiler with the -d option.
4. Add your extension of the java.rmi.server.RMISocketFactory class to the
CLASSPATH of the Java client.
5. Use the following command options when starting the Java client:
-xbootclasspath/a:%CLASSPATH%
-Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
-Dssl.certs=directory location of digital certificate for Java client
-Dssl.key=directory location of private key for Java client"
At step 3. I found into documentation that -d is linked to a directory name.
When I run ejbc with this option -d I have the message:
"ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
% So what option can I use to run ejbc for secure usage?
At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
this pointed class is not instanciated.
Then I can not create a socket with my client.
The folowing exception is raised:
javax.naming.CommunicationException [Root exception is java.net.ConnectException:
No server found at T3S://localhost:7002]
So, my questions are:
% Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
the server?
My java client part, managing connection is:
-------------------BEGIN OF CONNECTION MANAGER-------------------
Properties env = new Properties ();
// Shouldn't have to do this, but for now you must
if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
env.put ("java.naming.provider.url", "t3s://localhost:7002");
InitialContext context = new InitialContext (env);
BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
BankServer = bssh.create();
-------------------END OF CONNECTION MANAGER-------------------
I have also try
env.put ("java.naming.provider.url", "corbaloc:iiop://localhost:7002");
but it throws the following error
javax.naming.InvalidNameException: url does not conatin !!!
% What is the code for the java client allowing connection with the ejb?
% And better, can I have a sample example for rmi-iiop over ssl?
(...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
speak ssl!)
Any help will be appreciate from you...
Best Regards.
Oliver -
How write rmi-iiop over ssl with weblogic server 6.1?
Hello,
I have written an appication like this:
- An EJB server running on Weblogic server 6.1
(named: BankServerHome)
-A java client calling the BankServer.
Platform: windows 2000 - jdk1.4
Now I want to secure the communication with SSL protocol.
I have done this:
-generate a key peer with weblogic service named certificate.
-send the CSR to a CA and place the answer into the weblogic
server certificate directory.
-update path for ServerCertificateChainFileName,
ServerCertificateFileName, ServerKeyFileName into config.xml.
-launch weblogicServer
-> server certificate is recognized
-> listening port 7001 and 7002.
(-stop weblogicServer!)
At now, all is all right, errors come hereafter:
Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
"To use RMI over IIOP over SSL with a Java client, do the following:
2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
connections. Be sure to specify the port on which WebLogic Server listens for
SSL connections. For an example of a class that extends the
java.rmi.server.RMISocketFactory class, see Listing 4-22.
3. Run the ejbc compiler with the -d option.
4. Add your extension of the java.rmi.server.RMISocketFactory class to the
CLASSPATH of the Java client.
5. Use the following command options when starting the Java client:
-xbootclasspath/a:%CLASSPATH%
-Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
-Dssl.certs=directory location of digital certificate for Java client
-Dssl.key=directory location of private key for Java client"
At step 3. I found into documentation that -d is linked to a directory name.
When I run ejbc with this option -d I have the message:
"ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
% So what option can I use to run ejbc for secure usage?
At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
this pointed class is not instanciated.
Then I can not create a socket with my client.
The folowing exception is raised:
javax.naming.CommunicationException [Root exception is java.net.ConnectException:
No server found at T3S://localhost:7002]
So, my questions are:
% Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
the server?
My java client part, managing connection is:
-------------------BEGIN OF CONNECTION MANAGER-------------------
Properties env = new Properties ();
// Shouldn't have to do this, but for now you must
if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
env.put ("java.naming.provider.url", "t3s://localhost:7002");
} else {
env.put ("java.naming.provider.url", "rmi://localhost:7002");
InitialContext context = new InitialContext (env);
BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
BankServer = bssh.create();
-------------------END OF CONNECTION MANAGER-------------------
% What is the code for the java client allowing connection with the ejb?
% And better, can I have a sample example for rmi-iiop over ssl?
(...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
speak ssl!)
Any help will be appreciate from you...
Best Regards.
Oliver"oliver" <[email protected]> writes:
First off 1.4 isn't supported as yet. That is probably part of the problem.
You also must use a corba URL from the client in order for this to work for instance:
If you are using WLInitialContextFactory:
corbaloc:iiop:localhost:7001/NameService
If you are using CNCtxFactory:
iiop://localhost:7001
Using rmi: is the wrong thing to do - that will use jrmp or t3.
However, I suggest that you raise a call with support since there is
some other trickiness with getting SSL working. We hope to have this
much improved in SP2.
andy
Hello,
I have written an appication like this:
- An EJB server running on Weblogic server 6.1
(named: BankServerHome)
-A java client calling the BankServer.
Platform: windows 2000 - jdk1.4
Now I want to secure the communication with SSL protocol.
I have done this:
-generate a key peer with weblogic service named certificate.
-send the CSR to a CA and place the answer into the weblogic
server certificate directory.
-update path for ServerCertificateChainFileName,
ServerCertificateFileName, ServerKeyFileName into config.xml.
-launch weblogicServer
-> server certificate is recognized
-> listening port 7001 and 7002.
(-stop weblogicServer!)
At now, all is all right, errors come hereafter:
Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
"To use RMI over IIOP over SSL with a Java client, do the following:
2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
connections. Be sure to specify the port on which WebLogic Server listens for
SSL connections. For an example of a class that extends the
java.rmi.server.RMISocketFactory class, see Listing 4-22.
3. Run the ejbc compiler with the -d option.
4. Add your extension of the java.rmi.server.RMISocketFactory class to the
CLASSPATH of the Java client.
5. Use the following command options when starting the Java client:
-xbootclasspath/a:%CLASSPATH%
-Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
-Dssl.certs=directory location of digital certificate for Java client
-Dssl.key=directory location of private key for Java client"
At step 3. I found into documentation that -d is linked to a directory name.
When I run ejbc with this option -d I have the message:
"ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
% So what option can I use to run ejbc for secure usage?
At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
this pointed class is not instanciated.
Then I can not create a socket with my client.
The folowing exception is raised:
javax.naming.CommunicationException [Root exception is java.net.ConnectException:
No server found at T3S://localhost:7002]
So, my questions are:
% Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
the server?
My java client part, managing connection is:
-------------------BEGIN OF CONNECTION MANAGER-------------------
Properties env = new Properties ();
// Shouldn't have to do this, but for now you must
if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
env.put ("java.naming.provider.url", "t3s://localhost:7002");
} else {
env.put ("java.naming.provider.url", "rmi://localhost:7002");
InitialContext context = new InitialContext (env);
BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
BankServer = bssh.create();
-------------------END OF CONNECTION MANAGER-------------------
% What is the code for the java client allowing connection with the ejb?
% And better, can I have a sample example for rmi-iiop over ssl?
(...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
speak ssl!)
Any help will be appreciate from you...
Best Regards.
Oliver -
Configuring SSL for SOA Server
Hi All,
I wrkin on SOA suite 11g. I am tryin to implement transport level security. Firstly 1-way authentication and than 2-way mutual authentication. For that I need to enable the SSL for SOA server which is managed by the WLS admin server. As per my knowledge the WLS comes with demoidentity and demotrust keystores. If I need to configure the SSL for SOA server do i need to create new keystores and CA,s or I can use the demo keystores.
Now, in case i need to create new keystores than can i do the same using keytool utility. Additionally, is it possible to make CA using keytool utility? If yes, kindly provide me some links about how to do the same.
Thanks in advance.Hi Shomit,
If I need to configure the SSL for SOA server do i need to create new keystores and CA,s or I can use the demo keystores.You can use the Demo keystores for dev purpose but it is NOT recommended to use demo keystores for production use.
in case i need to create new keystores than can i do the same using keytool utilityYes, you can do it using Keytool utility.
is it possible to make CA using keytool utility?Actually you can generate a self-signed cert and use that as a CA for signing CSR's.
kindly provide me some links about how to do the sameYou should get everything here -
http://download.oracle.com/docs/cd/E14571_01/web.1111/e13707/ssl.htm#i1200848
Regards,
Anuj -
Shutdown Manged server without Admin
Hi All,
I have a requirement to Restart Managed servers via NodeManager but without AdminServer.
Using WLST I could start Managedserver using NM. (nmConnect, nmStart).
But for Stopping a Managedserver without Admin. I see the option nmKill. But I dont want to kill the process rather want to do a proper shutdown.
Was looking at few docs in oracle site, which says can shutdown a managedsevr using Node Manager to which it is connected. Means first connect(...) then Shutdown().
BUt is it possible to connect to managed server using WLST when Admin is not Available?
If not above is a possible way to shutdown, resume a managed server without Adminserver.
Weblogic11g is the version I have installed.
ThankYou,
Swapna'I could see a command connect but its only for connecting to a AdminServer'
It is actually the same. (some example are given here: http://download.oracle.com/docs/cd/E13222_01/wls/docs90/config_scripting/reference.html#1005383)
Note that when your managed server is running on somehost and 8001, you can use the following:
wls:/offline> connect('adminusername','adminpassword','t3://somehost:8001');
Connecting to t3://somehost:8001 with userid adminusername ...
Successfully connected to managed Server 'soa_server1' that belongs to domain 'base_domain'.
Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.
wls:/base_domain/serverConfig> shutdown();
Shutting down the server soa_server1 with force=false while connected to soa_server1 ...
Disconnected from weblogic server: soa_server1
Disconnected from weblogic server:
wls:/offline> -
How to delete a file on web server without using FTP
Hi All
I hv given a facility to a site user to upload some files..
And an interface to web administrator to view all the files..
I want to know how can i write a code in JSP which allow the web administrator to delete any of that file which is not of his/her interest through provided interface only.
OR
Is it possible to delete a particular file from web server without getting login into FTP account
Thanxnew File(strFileName).remove;
Simply as this.
Don't forget to import java.io.FileInputStream. -
How to handle file on application server without coading?
HI all,
can anybody tell me How to handle file on application server without coading? Is there any solution?
Thanks in advance.> can anybody tell me How to handle file on application server without coading? Is there any solution?
what is that you want to handle. what you do if you don't code ...
Maybe you are looking for
-
Hi, i want to make a connection on yamaha keyboard on video out to ipad 3 , can I do that ? Thx.
-
Why is my iPad is not showing up in the Devices list in iBook Author?
Why is my iPad not showing up in the Devices list in iBook Author? iBook ver is up to date. iTunes sees the iPad. What gives... Message was edited by: drydruid
-
Hello, I copied txn F-28 to ZF28 and Post Incoming Payment using Payment Advice Number ( Idoc ). But when i display document using FB03, in Environment Menu there is option Payment Usage is disabled. How do i enable this menu option. Thanks. Hitesh
-
Audio randomly playus back out of sync
One of the FCPs at a place I work at has a strange audio sync problem. It's an 8-core MacPro running the latest versions of FCP and Snow Leopard. It has a Kona LHe card with the latest firmware. Editing is done using IMX50 codec, SD PAL. Monitoring i
-
Good day, I am trying to configure Data guard on downloaded copy of Oracle 9i, to understand how it works. My question is can I configure Data Guard on this version or it is possible only on purchased version of Oracle 9i. Regards Anshuman