SSL TEST IN R12

Similar Messages

• SSL issue on R12

  I am trying to implement SSL in our R12 environment, initially we have decided to use trail certificates as we are in testing phase,i am following document Enabling SSL in Release 12 [ID 376700.1], i had successfully created server.crt from OWM then i submitted to verisign site and i receive server certificate from Verisign, now i am struck up with Step 5 - Import your Server Certificate to the Wallet.
  OS: OEL 4.7
  EBS:12.0.4
  while importing certificate , on the OWM--> Menu Operations --import User certificate, here i am getting error.
  here is error message:
  User certificate installation failed
  Possible errors:
  -imput was not valid certificate
  -No matching certificate request was found
  -CA certificate needed for certificate chain not found,please install first.
  Edited by: NewEBSDBA on May 2, 2011 11:04 PM

  after long struggle, i am able to download certificate and successfully deploy to applications however, login page is not displaying, i am gettinge error, here is error log
  [Tue May  3 16:42:21 2011] [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 29040 (server dev.upg.com:4443, client 192.168.1.7)
  [Tue May  3 16:42:21 2011] [error] mod_ossl: Unknown error
  [Tue May  3 16:42:21 2011] [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 28864 (server dev.upg.com:4443, client 192.168.1.7)
  [Tue May  3 16:42:21 2011] [error] mod_ossl: SSL IO error [Hint: the client stop the connection unexpectedly]
  [Tue May  3 16:42:21 2011] [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 29014 (server dev.upg.com:4443, client 192.168.1.7)
  [Tue May  3 16:42:21 2011] [error] mod_ossl: Unknown error
  [Tue May  3 16:42:27 2011] [error] [client 192.168.1.7] mod_security: Access denied with code 405. Pattern match "!(GET|HEAD|POST)" at REQUEST_METHOD. [uri ""] [unique_id TcBos8CoAQUAAG@KrEc]
  [Tue May  3 16:42:36 2011] [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 29040 (server dev.upg.com:4443, client 192.168.1.7)
  [Tue May  3 16:42:36 2011] [error] mod_ossl: Unknown error
  [Tue May  3 16:42:36 2011] [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 28864 (server dev.upg.com:4443, client 192.168.1.7)
  [Tue May  3 16:42:36 2011] [error] mod_ossl: SSL IO error [Hint: the client stop the connection unexpectedly]
  [Tue May  3 16:42:36 2011] [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 29014 (server dev.upg.com:4443, client 192.168.1.7)
  [Tue May  3 16:42:36 2011] [error] mod_ossl: Unknown error
  [Tue May  3 16:51:06 2011] [notice] FastCGI: process manager initialized (pid 29784)
  [Tue May  3 16:51:07 2011] [notice] Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server configured -- resuming normal operations
  [Tue May  3 16:51:07 2011] [notice] Accept mutex: fcntl (Default: fcntl)
  [Tue May  3 16:53:32 2011] [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 29014 (server dev.upg.com:4443, client 192.168.1.7)
  [Tue May  3 16:53:32 2011] [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 29040 (server dev.upg.com:4443, client 192.168.1.7)
  [Tue May  3 16:53:32 2011] [error] mod_ossl: Unknown error
  [Tue May  3 16:53:32 2011] [error] mod_ossl: Unknown error
  [Tue May  3 16:53:32 2011] [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 28864 (server dev.upg.com:4443, client 192.168.1.7)
  [Tue May  3 16:53:32 2011] [error] mod_ossl: SSL IO error [Hint: the client stop the connection unexpectedly]
  [Tue May  3 16:53:35 2011] [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 29040 (server dev.upg.com:4443, client 192.168.1.7)
  [Tue May  3 16:53:35 2011] [error] mod_ossl: Unknown error
  [Tue May  3 16:53:35 2011] [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 28864 (server dev.upg.com:4443, client 192.168.1.7)
  [Tue May  3 16:53:35 2011] [error] mod_ossl: SSL IO error [Hint: the client stop the connection unexpectedly]
  [Tue May  3 16:53:35 2011] [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 29014 (server dev.upg.com:4443, client 192.168.1.7)
  [Tue May  3 16:53:35 2011] [error] mod_ossl: Unknown error
  [Tue May  3 16:53:40 2011] [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 29040 (server dev.upg.com:4443, client 192.168.1.7)
  [Tue May  3 16:53:40 2011] [error] mod_ossl: Unknown error
  [Tue May  3 16:53:40 2011] [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 28864 (server dev.upg.com:4443, client 192.168.1.7)
  [Tue May  3 16:53:40 2011] [error] mod_ossl: SSL IO error [Hint: the client stop the connection unexpectedly]
  [Tue May  3 16:53:40 2011] [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 29014 (server dev.upg.com:4443, client 192.168.1.7)
  [Tue May  3 16:53:40 2011] [error] mod_ossl: Unknown error
  56,1

• SSL test in Oracle Application Server 10.1.2

  Hi ,
  we are using one Oracle Application Server Web Cache 10.1.2 as our web server.This redirects users to the Application Server.(EBS 12.0.4)
  Now we need to implement SSL to secure user credentials.So i am planing to implement SSL in our web cacahe server.Will this be enough to secure user credentials??I dont have any idea.Please help.
  Moreover our web cache is not configured in SSL during the time of installation.Can any body suggest me a place from where i could get one demo Certificate to put it onto my web server and test the SSL confiration.EBS has provided one demo for application tier(inside $ORACLE_HOME/apache/certs/).
  But we will have to implement in web cahe tier not in application tier.
  We are using EBS 12.0.4 in Hp-Ux v11.23.

  Hi susmit;
  Please chekc below note which could be helpful for your issue:
  SSL Primer on Using OpenSSL as a Certificate Authority with E-Business Suite (with a Windows Example) [ID 1175193.1]
  Enabling SSL in Release 12 [ID 376700.1]
  R12.0.6+ : Oracle Application Object Library SSL Test Transaction Data Test [ID 732282.1]
  R12.0.[3-4] : Oracle Application Object Library SSL Test Transaction Data Test [ID 564066.1]
  Regard
  Helios

• Need some hel in SSL Configuration in R12

  Hi All,
  I am facing challenges in configuring SSL in R12. I am not able to get bigger picture of the SSL Configuration. If any body does this before please share you knowledge
  Thanks in Advance.
  Reddy

  Hi Hussein
  The below are the steps I am trying to implement.
  Section 3 : Middle Tier Setup
  The default location for the wallet in Release 12 is $INST_TOP/certs/Apache. This directory contains a wallet with demo certificates. If you wish to use these certificates for testing start with Step 8 below to configure SSL
  Decided to test the application with demo certificates.
  Step 8: Update the Context File.
  Updated the context file as per the recommendations.
  Step 9 - Run Autoconfig
  Finished
  Section 4: Database Tier Setup
  Here I got confused. Whether to proceed or not ?
  Thanks
  Reddy

• Command-line SSL test in WLS6.1

  With Weblogic 6.0, I used to be able to test if SSL
  was working on the command-line by using this
  command:
  java –Dssl.debug weblogic.Admin -username name -password pw -url
  https://localhost:7002 PING
  This used to work fine.
  But now with WLS 6.1, the weblogic.Admin command
  refuses the protocol https and the port 7002. There's
  probably a bug. It's giving me an error:
  Failed to connect to http://localhost:7001 due to:
  [java.net.ConnectException: No server found at HTTP://localhost:7001]
  These commands work fine though:
  java weblogic.Admin -username name -password pw -url t3://localhost:7001
  PING
  java weblogic.Admin -username name -password pw -url localhost PING
  How else would you test SSL on the command-line?
  Don't tell me "write a utility", cuz none of my clients
  will want to do that. I have to find something
  that is ready to use out-of-the-box.
  Thanks a lot!
  Emmanuel

  This works perfectly!
  java -Dssl.debug=true
  -Dweblogic.security.SSL.ignoreHostnameVerification=true weblogic.Admin
  -username name -password pwd -url t3s://localhost:7002 PING
  BTW, I forgot to turn on the tunneling, so that's why
  accessing with http didn't work. (By default tunneling
  is off, so only t3 works for weblogic.Admin.)
  Thanks a lot, I'll be using this.
  Emmanuel
  Bernhard Hollunder wrote:
  Emmanuel Proulx wrote:
  With Weblogic 6.0, I used to be able to test if SSL
  was working on the command-line by using this
  command:
  java –Dssl.debug weblogic.Admin -username name -password pw -url
  https://localhost:7002 PING
  This used to work fine.
  But now with WLS 6.1, the weblogic.Admin command
  refuses the protocol https and the port 7002. There's
  probably a bug. It's giving me an error:
  Failed to connect to http://localhost:7001 due to:
  [java.net.ConnectException: No server found at HTTP://localhost:7001]
  The solution to your problem is rather simple:
  Just use -Dweblogic.security.SSL.ignoreHostnameVerification=true
  Best regards
  Bernhard
  ArcStyler - award-winning J2EE/EJB development
  -> CyberOne Award 2001
  -> Crossroads A-List Excellence Award 2001
  -> IBM Solution Excellence Award
  -> European Information Society Technologies Prize 2001
  -> Free trial-version at http://www.ArcStyler.com
  ------ < iO > ---------------------------------------------------
  Interactive Objects Software GmbH
  Dr. Bernhard Hollunder
  Basler Str. 65
  79100 Freiburg, Germany
  Tel: [+49]-761-40073-41, Fax: [+49]-761-40073-73
  mailto:[email protected]
  http://www.io-software.com

• Need help in using DemoIdentity for SSL testing

  Hi everybody,
  What I want to achieve:
  I want to test a web service over HTTPS using DemoIdentity.
  What I've done:
  1- From Server->AdmingServer->Keystores, I configured AdminServer to use DemoIdentity and DemoTrust Keystores.
  2- From Server->AdmingServer->SSL, I configured it to Use Server Certs so that I don't have to define a Service Key Provider.
  3- I created the Business Service with HTTPS endpoint.
  What I got:
  1- the backend system is showing an error that peer (OSB) did not send certificate.
  2- in AmdinServer log, I see that OSB has successfully loaded DemoIdentity and DemoTrust. But after backend sends a certificate request, I see this line:
  Returning no identity certificates, because certificate request message contains no CA names
  My questions:
  What does this mean? what am I doing wrong?
  I've been trying to do this test for the past two weeks with lots of failed attempts. I've read almost all of the manuals regarding security and WLS and OSB.
  Please respond with something from your experience, don't refer me to manuals :)
  Thanks in advance

  Hi Faisal, thanks for the response.. here is what you asked for..
  1- Webservice client is a Proxy Service in OSB server. And the Webservice is accessed through another system (IBM Datapower).
  2- It's one way. Only my server needs to send it's certificate to them.
  3- SSL debug is enabled. and here is the log: (I'll post config.xml in the following reply)
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <RuntimeRouterCache> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1288516674015> <BEA-000000> <1 hits received: 1 hits to main cache, 0 hits to soft cache, 0 misses.>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Info> <OSB Kernel> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1288516674078> <BEA-398202> <
  [OSB Tracing] Outbound request was sent.
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Info> <Security> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1288516674078> <BEA-090888> <SSL client running within the server does not have a certificate; it will use the servers certificate.>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674078> <BEA-000000> <SSLContextManager: reusing SSL context of channel DefaultSecure>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674078> <BEA-000000> <SSLContextManager: loading server SSL identity>
  Loading DemoIdentity successfully I suppose..####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674078> <BEA-000000> <Reusing cached identity certs for keystore C:\ORACLE~1\WLSERV~1.3\server\lib\DemoIdentity.jks, and alias DemoIdentity>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674078> <BEA-000000> <SSLSetup: loading trusted CA certificates>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674140> <BEA-000000> <clientInfo has new style certificate and key>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674171> <BEA-000000> <Filtering JSSE SSLSocket>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674171> <BEA-000000> <SSLIOContextTable.addContext(ctx): 3535296>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674171> <BEA-000000> <SSLSocket will be Muxing>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674171> <BEA-000000> <write SSL_20_RECORD>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674171> <BEA-000000> <isMuxerActivated: false>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <27491827 SSL3/TLS MAC>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <27491827 received HANDSHAKE>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <isMuxerActivated: false>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <27491827 SSL3/TLS MAC>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <27491827 received HANDSHAKE>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 721604240
  Issuer:C=SA, O=MCIT, OU=Yesser, CN=gsb-s-dpr
  Subject:C=SA, O=MCIT, OU=Yesser, CN=gsb-s-dpr
  Not Valid Before:Sun Aug 10 14:23:33 GMT+03:00 2008
  Not Valid After:Wed Aug 10 14:23:33 GMT+03:00 2011
  Signature Algorithm:SHA1withRSA
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <validationCallback: validateErr = 0>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> < cert[0] = Serial number: 721604240
  Issuer:C=SA, O=MCIT, OU=Yesser, CN=gsb-s-dpr
  Subject:C=SA, O=MCIT, OU=Yesser, CN=gsb-s-dpr
  Not Valid Before:Sun Aug 10 14:23:33 GMT+03:00 2008
  Not Valid After:Wed Aug 10 14:23:33 GMT+03:00 2011
  Signature Algorithm:SHA1withRSA
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <weblogic user specified trustmanager validation status 0>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <SSLTrustValidator returns: 0>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Trust status (0): NONE>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Performing hostname validation checks: XXXXXXXXXXX>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <isMuxerActivated: false>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <27491827 SSL3/TLS MAC>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <27491827 received HANDSHAKE>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <HANDSHAKEMESSAGE: CertificateRequest>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
  The following line shows the message I was talking about!####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Returning no identity certificates, because certificate request message contains no CA names.>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <write HANDSHAKE, offset = 0, length = 7>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <........... Eating Exception ..........
  java.security.NoSuchAlgorithmException: Algorithm MD5 not available
       at javax.crypto.Mac.getInstance(DashoA13*..)
       at com.certicom.tls.provider.Mac.getInstance(Unknown Source)
       at com.certicom.tls.ciphersuite.SecurityParameters.makeKeys(Unknown Source)
       at com.certicom.tls.ciphersuite.SecurityParameters.deriveKeys(Unknown Source)
       at com.certicom.tls.ciphersuite.SecurityParameters.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.generateSecurityParameters(Unknown Source)
       at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.doRSAKE(Unknown Source)
       at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
       at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at com.certicom.tls.record.WriteHandler.write(Unknown Source)
       at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
       at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
       at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
       at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:249)
       at com.bea.wli.sb.transports.http.HttpOutboundMessageContext.setRequestPayload(HttpOutboundMessageContext.java:266)
       at com.bea.wli.sb.transports.http.HttpOutboundMessageContext.send(HttpOutboundMessageContext.java:302)
       at com.bea.wli.sb.transports.http.HttpTransportProvider.sendMessageAsync(HttpTransportProvider.java:564)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.wli.sb.transports.Util﷼ 3.76 (﷼ 3.76 ($1.))invoke(Util.java:82)
       at $P﷼ 3.76 ($1.)roxy49.sendMes﷼ 3.76 ()﷼ 3.76 ($1.)sageAsync(Unknown Source)
       at com.bea.wli﷼ 3.76 ().sb.transports.﷼ 0 ($000)LoadBalanceFailoverLi﷼ 3.76 ($1.)stener.sendMessageAsync﷼ 0 ()(LoadBalanceFailoverListener.jav﷼ 3.76 ($1.)a:148)
       at com.bea.w﷼ ﷼ 755.86 ($201)3.76 ()li.sb.transports.LoadBalanceFailoverList﷼ 7.52 ($2.)ener.sendMes﷼ 3.76 ()sageToServiceAsync(Loa﷼ 3.76 ($1.)dBalanceFailover﷼ 3.76 ($1.)Listener.java:543)
       at com.bea.﷼ 755.86 ()wli.sb.t﷼ 3.76 ($1.)ransports.﷼ 0 ($000)LoadBalanceFailoverL﷼ 7.52 ()istener.sendMessageToService(Loa﷼ 3.76 ($1.)dB﷼ 3.76 ()alanceF﷼ 3.76 ($1.)ailoverListener.java:478)
       at com.﷼ 3.76 ()bea.wli.sb.transports.TransportManage﷼ 755.86 ($201)rImp﷼ 3.76 ()l.sendMessageToService(﷼ 7.52 ($2.)TransportManagerImpl.java:544)
       at c﷼ 0 ()om.bea.wli.sb.transports.TransportManagerImpl.sendMe﷼ 3.76 ()ssageAsync(TransportManagerImpl.java:422)
       at com.be﷼ 3.76 ()a.wli.sb.pipeline.PipelineContextImpl.doDispatch(PipelineContextImpl.﷼ 755.86 ()java:583)
       at com.bea.wli.sb.pipeline.﷼ 7.52 ()PipelineContextImpl.dispatch(PipelineContextImpl.java:498)
       at stages.routing.runtime.RouteRuntimeStep.processMessage(RouteRuntimeStep.java:128)
       at com.bea.wli.sb.pipeline.debug.DebuggerRuntimeStep.processMessage(DebuggerRuntimeStep.java:74)
       at com.bea.wli.sb.stages.StageMetadataImpl$WrapperRuntimeStep.processMessage(StageMetadataImpl.java:346)
       at com.bea.wli.sb.pipeline.RouteNode.doRequest(RouteNode.java:106)
       at com.bea.wli.sb.pipeline.Node.processMessage(Node.java:67)
       at com.bea.wli.sb.pipeline.PipelineContextImpl.execute(PipelineContextImpl.java:866)
       at com.bea.wli.sb.pipeline.Router.processMessage(Router.java:191)
       at com.bea.wli.sb.pipeline.MessageProcessor.processRequest(MessageProcessor.java:75)
       at com.bea.wli.sb.pipeline.RouterManagerrun(RouterManager.java:508)
       at com.bea.wli.sb.pipeline.RouterManagerrun(RouterManager.java:506)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(Unknown Source)
       at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
       at com.bea.wli.sb.pipeline.RouterManager.processMessage(RouterManager.java:505)
       at com.bea.wli.sb.test.service.ServiceMessageSender.send0(ServiceMessageSender.java:263)
       at com.bea.wli.sb.test.service.ServiceMessageSender.access(ServiceMessageSender.java:68)
       at com.bea.wli.sb.test.service.ServiceMessageSenderrun(ServiceMessageSender.java:125)
       at com.bea.wli.sb.test.service.ServiceMessageSenderrun(ServiceMessageSender.java:123)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(Unknown Source)
       at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
       at com.bea.wli.sb.test.service.ServiceMessageSender.send(ServiceMessageSender.java:128)
       at com.bea.wli.sb.test.service.ServiceProcessor.invoke(ServiceProcessor.java:441)
       at com.bea.wli.sb.test.TestServiceImpl.invoke(TestServiceImpl.java:169)
       at com.bea.wli.sb.test.client.ejb.TestServiceEJBBean.invoke(TestServiceEJBBean.java:136)
       at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl.invoke(TestService_sqr59p_EOImpl.java:572)
       at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_WLSkel.invoke(Unknown Source)
       at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
       at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:345)
       at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
       at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_1030_WLStub.invoke(Unknown Source)
       at com.bea.alsb.console.test.TestServiceClient.invoke(TestServiceClient.java:179)
       at com.bea.alsb.console.test.actions.DefaultRequestAction.invoke(DefaultRequestAction.java:117)
       at com.bea.alsb.console.test.actions.DefaultRequestAction.execute(DefaultRequestAction.java:70)
       at com.bea.alsb.console.test.actions.ServiceRequestAction.execute(ServiceRequestAction.java:80)
       at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
       at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access(PageFlowRequestProcessor.java:97)
       at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
       at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
       at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
       at com.bea.alsb.console.common.base.SBConsoleRequestProcessor.processActionPerform(SBConsoleRequestProcessor.java:91)
       at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
       at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
       at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
       at com.bea.alsb.console.common.base.SBConsoleRequestProcessor.process(SBConsoleRequestProcessor.java:191)
       at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
       at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
       at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:256)
       at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
       at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:133)
       at com.bea.alsb.console.common.base.SBConsoleActionServlet.doGet(SBConsoleActionServlet.java:49)
       at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
       at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1129)
       at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:687)
       at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.processActionInternal(ScopedContentCommonSupport.java:142)
       at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.processAction(StrutsStubImpl.java:76)
       at com.bea.portlet.adapter.NetuiActionHandler.raiseScopedAction(NetuiActionHandler.java:111)
       at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedAction(NetuiContent.java:181)
       at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedAction(NetuiContent.java:167)
       at com.bea.netuix.servlets.controls.content.NetuiContent.handlePostbackData(NetuiContent.java:225)
       at com.bea.netuix.nf.ControlLifecyclevisit(ControlLifecycle.java:180)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:324)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
       at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:130)
       at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
       at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
       at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:352)
       at com.bea.netuix.nf.Lifecycle.runInbound(Lifecycle.java:184)
       at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:159)
       at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:388)
       at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
       at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:199)
       at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:251)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
       at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(Unknown Source)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Will use default Mac for algorithm MD5>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674250> <BEA-000000> <Alert received from peer, notifying peer we received it: com.certicom.tls.record.alert.Alert@509382>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Warning> <Security> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1288516674250> <BEA-090497> <HANDSHAKE_FAILURE alert received from XXXXXXXXXXX. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hostname verification settings.>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674250> <BEA-000000> <close(): 13890207>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674250> <BEA-000000> <close(): 13890207>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674250> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 3535296>
  ####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Info> <OSB Kernel> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1288516674250> <BEA-398205> <
  [OSB Tracing] Outbound request caused an exception
  Service Ref = Yesser_MCI_CRService/BusinessService/YesserCR_Business
  URI = https://XXXXXXXXXXX
  Error Message = [Security:090497]HANDSHAKE_FAILURE alert received from XXXXXXXXXXX. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hostname verification settings.
  Payload =

• J2SE adapter engine and SSL testing

  Hi there,
  We are currently doing a B2B scenario whereby SAP XI sends a message to the J2SE adapter engine in the DMZ and then that sends the message via HTTPS / SSL to the receiving service....
  In order to test that the HTTPS / certificate etc worked I wrote a small Java application and dialled out of the network. I inserted the DER file into my CACERTS file on my local machine using the keytool as a "trusted certificate". The Java application worked 100% and did the SSL handshake fine and POSTED the data fine as well......
  Now I am no expert in the J2SE adapter engine but decided to try testing the same SSL connection using the J2SE adapter engine from my LOCAL machine with me dialled out onto the Internet.
  I logged into the J2SE adapter engine and imported the same DER file into the engine  (actually inserted into the "truststore.jks" file). I them went into the "Test Environment" of the J2SE adapter and have been trying to test.....
  I have a few questions:
  1. Do I have to use a P12 or PFX file for this sort of communication? Reason I ask is that with the Java application all I needed was the DER file?
  2. In the full blown scenario do I have to have SSL configured between XI and the J2SE adapter engine as well? Or can that stay as HTTP?
  My basic config for the test is roughly:
  WS.targetURL=https://someserver:4433/soap/someInbox
  WS.SOAPAction=CustomSoapAction
  SSLauthentication=true
  Do I really need the following two?
  SSLcertificate=somecert.p12
  SSLcertificatePassword=somepassword
  From my logic all I should need if the DER file loaded into the J2SE adapter which I have done......
  Has anyone done successfull SSL / HTTPS testing from the J2SE adapter engine using the "Test Environment"?
  Any advise would be greatly appreciated
  Kind regards
  Lynton

  Hi
  Not a answer to your question but why use the J2SE adapter engine in the DMZ and why not the J2EE Decentral Adapter Engine?
  Regards
  Bhavesh

• Adobe Document Service (ADS) ssl test - How to ?

  Hello,
  I've set up ADS with Basic Authentication using - and when i test using the
  "test" function ---> rpdata -
  > send ---> ADSUser + Password  - it works fine.
  Even the practical tests of developing PDF docs and displaying them in the portal are fine.
  Now i try to configure ssl for the webservice connection cause the portal is now
  configured to use https (with self-signed cert).
  My questions are:
  1. Do i have to change the com.sap.tc.webdynpro.adsproxy.AdsProxySec*ConfigPort_Document port to 50003 ? or should i leave it 50001 ?
  2. Do i have a way to test the ssl configuration ?
  Thx
  Adi

  Hi Deszo,
  Could you tell me how i can check the connection between my local machine and the central ADS?
  As i mentioned in the post, pls take a look at the post i did in the Adobe IF forum.
  Thx in advance
  Kind regards,
  Maarten.

• DR Test for R12

  Sawwan,
  Can you please tell me metalink notes for DR test, our envi is R12.0.6 and db is 10.2.0.4
  Can you please share me your experience
  Thanks
  Danny

  Danny,
  Please refer to these documents (If you do not have RAC implemented, just skip RAC steps).
  Note: 452056.1 - Business Continuity for Oracle Applications Release 12 on Database Release 10gR2 - Single Instance and RAC
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=452056.1
  Note: 753241.1 - Case Study : Configuring Standby Database(Dataguard) on R12 using RMAN Hot Backup
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=753241.1
  I have configured Data Guard on 11i/R12 using Metalink documents, the steps are straightforward and never had issues during the implementation.
  Regards,
  Hussein

• Refreshing DEV from TEST in R12

  Hi all,
  I'm planning to Refresh a Development instance from a Test instance. Both the source and Target are within the same server.
  I'm following the Note: 406982.1- Cloning Oracle Applications Release 12 with Rapid Clone. Here, I'm refering to
  Section 4: Advanced Cloning Options Section
  3. Configure the target system.
  Now my question is do I need to use the existing target system xml file during the Post Clone using the syntax
  perl adcfgclone.pl dbTier [Database target context file]
  perl adcfgclone.pl appsTier [APPL_TOP target context file]
  or
  Should I run the
  perl adcfgclone.pl dbTier
  perl adcfgclone.pl appsTier
  1. I'm confused here as I'm not sure if I get Port already in use error if I use the later method as I'm going to reuse the existing port numbers.
  2. Also, it would be great if you let me know How to arrive at Database and APPS port numbers. As I know there is a thumb rule to calculate the same.
  Regards,
  Mahesh

  Now my question is do I need to use the existing target system xml file during the Post Clone using the syntax
  perl adcfgclone.pl dbTier [Database target context file]
  perl adcfgclone.pl appsTier [APPL_TOP target context file]
  or
  Should I run the
  perl adcfgclone.pl dbTier
  perl adcfgclone.pl appsTier To refresh the instance you need to pass the context file name and directory. If you do not, you will be prompted to enter the values again and new context file will be created for you.
  1. I'm confused here as I'm not sure if I get Port already in use error if I use the later method as I'm going to reuse the existing port numbers. If the instance you are trying to refresh already exists, then you should not worry about the port numbers as the DEV instance will use the same ones (based on the values you have in the context files you are passing).
  2. Also, it would be great if you let me know How to arrive at Database and APPS port numbers. As I know there is a thumb rule to calculate the same. Get the port numbers from the context files. If the database port number is 1521, this means you are using port pool 0, if the port is 1522 the port pool is 1 (1521 + 1, and so on). The same thing for the application (port 8000 indicates port pool 0, 8001 indicates port pool 1, ..etc).
  FAQ: Cloning Oracle Applications Release 11i [ID 216664.1] -- 21. What is the port pool? What if I want to give a specific value to a Server Port?
  Thanks,
  Hussein

• Simple SSL test: failing with "The certificate is not trusted ..."

  WebLogic 10.3.4 on Win7.
  I created a new domain and enabled SSL,with listen ports 7001 and 7002 for http and https respectively.
  I deployed a trivial webapp whose main page runs in http, but it opens an iframe with https for a different page in the app.
  I loaded the main page, but the iframe fails to load, giving the following error:
  The certificate is not trusted because no issuer chain was provided.
  (Error code: sec_error_unknown_issuer)
  What is the easiest path to get this working?

  Hi David,
  I dont think that the Demo Certificate shall cause the issue.You can enable the SSL debug in weblogic and check what exactly is wrong,while loading the iframe window.
  Error code: sec_error_unknown_issuer
  Moreover,you can try to add the root certificate to your IE browser and check it
  Tools -> Internet options -> content ->Certificates ->
  After your import,You can verify the same by checking it from the list and then verify by accessing it again

• Testing new SSL configurtaion on ebs

  Hi,
  I have recently configured SSL on our R12 ebs with discoverer 11g.
  I was able to login successfully.
  I would like to know what testing i should do, to make sure there is no issue if i move the configuration to PROD environment?
  Thanks and regards,

  Hi,
  Sorry for the delay,
  The above MOS note: 376700.1, gives you details not only of how to setup but you can use it as a verification note. Please confirm using the respeective note:
  To check whether the wallet has been set up properly, execute the following command using apps schema:
  select utl_http.request('[address to access]', '[proxy address]', 'file:[full path to wallet directory]', null) from dual;
  where:
  '[address to access]'= the url for your Oracle Applications Rapid Install Portal.
  '[proxy address]' = the url of your proxy server, or NULL if not using a proxy server.
  'file:[full path to wallet directory]' = the location of your wallet directory.
  The final parameter is the wallet password, which is set to null by default.
  Example:
  SQL>select utl_http.request('https://www.oracle.com:4443','http://proxy.com:80', 'file:/d1/oracle/db/tech_st/10.2.0/appsutil/wallet', null) from dual;
  After you have made the necessary configuration in the context file, did the autoconfig run successfully without error?
  B.Regards,

• SSL error in EBS R12.1.3

  hi
  I configured SSL in my R12.1.3. I referred 376700.1 metalink id . First time it successful and again i did the same thing in another server but it shows error in firefox like
  Secure Connection Failed
  An error occurred during a connection to server1.yantro.com:4462.
  Cannot communicate securely with peer: no common encryption algorithm(s).
  (Error code: ssl_error_no_cypher_overlap)
  The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
  Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
  What is the problem, is it browser issue or our configuration issue , i dont have any idea , pls suggest ur solutions
  Thanks

  Secure Connection Failed
  An error occurred during a connection to server1.yantro.com:4462.
  Cannot communicate securely with peer: no common encryption algorithm(s).
  (Error code: ssl_error_no_cypher_overlap)Please see these docs.
  Troubleshooting Oracle HTTP Server with SSL and Common Errors in Oracle Application Server 10g (10.1.2-10.1.3) [ID 829217.1]
  SSL call to NZ function nzos_Handshake failed with error 29040 [ID 473047.1]
  The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
  Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
  What is the problem, is it browser issue or our configuration issue , i dont have any idea , pls suggest ur solutionsHave you tried to use a different machine/browser?
  Please make sure you bounce all the services and run AutoConfig without errors.
  Thanks,
  Hussein

• SSL Certificate for Software LifeCycle Management

  Dear Friends,
  We have Solution Manger 70 with EhancementPack 1 (Java 7.01 SP4). Trying to configure the Software LifeCycle Management and I am stuck at the first stage i.e. generating SSL SSL Certificate.
  Here is what I have done and please let me know on how to proceed...
  - Installed SAP Cryptographic libraries, all the necessary Profile parameters and activated HTTPS...
  - STRUSTSSO2 --> Created SSL Server PSE
  - Generated the Certificate Requests for the SSL Server PSE
  - Copied the Certificate Request.
  - Opened the https://service.sap.com/tcs site
  - Requested for SSL Test Server Certificate by pasting the Copied the Certificate Request and generated the certificate response in a "PKCS # 7 Certificate Chain" format.
  - Copied the Generated Imported Certficate from SAP Trust center Site, and Imported the Certificate response for SSL Server using STRUSTSSO2.
  What else I am missing here?????????
  How to generate the Import Certifcate in a crt file format for SSL client (Anonymous or Standard) PSE's?????????
  Kindly help me with these issue ASAP.
  Thank you,
  Nikee

  Users are prompted to accept the certificate from the WLC because the clients do not have a trusted root certificate for the certificate that is installed on the WLC. The SSL certificate on the WLC is not in the list of certificates that the client system trusts. There are two ways to stop the generation of this web-browser security alert popup window:
  a) Use the self-signed SSL certificate on the WLC and configure the client stations to accept the certificate
  b) Generate a CSR and install a certificate that is signed by a source (a third-party CA) for which the clients already have the trusted root certificates installed. For more information on this read http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

• Connecting Using SSL Authentication Without Username and Password

  Hi,
  We're on RedHat Linux 4.0 using 10.2.0.3 (server/client). We're trying to figure out a way to connect to the database using instantclient and JDBC-OCI and SSL authentication without using a username or password. According to the documentation this should be possible but no sample code is given.
  LD_LIBRARY_PATH is set /opt/app/oracle/product/10.2.0/db_1/lib:/usr/lib:/home/oracle/instantclient where the instantclient was installed from the 10.2.0.1 client software
  and we are using JDK version 1.6.0_03.
  We're also referencing the following paper:
  http://www.oracle.com/technology/tech/java/sqlj_jdbc/pdf/wp-oracle-jdbc_thin_ssl_2007.pdf
  We've got our client and server wallets configured and the sample code we tried looks like this:
  import java.sql.*;
  import java.sql.*;
  import java.io.*;
  import java.util.*;
  import oracle.net.ns.*;
  import oracle.net.ano.*;
  import oracle.jdbc.*;
  import oracle.jdbc.pool.*;
  import java.security.*;
  import oracle.jdbc.pool.OracleDataSource;
  public static void main(String[] argv) throws Exception {
  DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
  Security.addProvider(new oracle.security.pki.OraclePKIProvider());
  System.setProperty("oracle.net.tns_admin", "/opt/app/oracle/product/10.2.0/db_1/network/admin");
  String url = "jdbc:oracle:thin:@orcl";
  java.util.Properties props = new java.util.Properties();
  props.setProperty("oracle.net.authentication_services","(TCPS)");
  props.setProperty("javax.net.ssl.trustStore",
  "/opt/app/oracle/product/10.2.0/db_1/admin/wallet/server/cwallet.sso");
  props.setProperty("javax.net.ssl.trustStoreType","SSO");
  props.setProperty("javax.net.ssl.keyStore", "/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client/cwallet.sso");
  props.setProperty("javax.net.ssl.keyStoreType","SSO");
  props.put ("oracle.net.ssl_version","3.0");
  props.put ("oracle.net.wallet_location", "(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client)))");
  System.out.println("At Here...");
  OracleDataSource ods = new OracleDataSource();
  //ods.setUser("scott");
  //ods.setPassword("tiger");
  ods.setURL(url);
  ods.setConnectionProperties(props);
  System.out.println("At Here1...");
  Connection conn = ods.getConnection();
  System.out.println("At Here2...");
  Statement stmt = conn.createStatement();
  ResultSet rset = stmt.executeQuery("select 'Hello Thin driver SSL "
  + "tester ' from dual");
  while (rset.next())
  System.out.println(rset.getString(1));
  rset.close();
  stmt.close();
  conn.close();
  When this code is compiled and run, the following error is thrown:
  Exception in thread "main" java.sql.SQLException: invalid arguments in call
  at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)
  If a username and password is supplied, the code works. So does anyone have a working of using SSL to authenticate without supplying username/password?
  Thanks
  mohammed

  Hi,
  I just solved this. I noticed from another thread that I was not using the OCI driver (see below):
  String url = "jdbc:oracle:thin:@pki14";
  Once I changed it to:
  String url = "jdbc:oracle:oci:@pki14";
  The code worked perfectly. One more setting that you'll have to do is to create the user you want to connect as externally:
  create user scott identified externally as
  'CN=acme, OU=development, O=acme, C=US';
  grant connect,create session to scott;
  Note that the DN should be the same as the SSL certificate that you created in your wallet.
  hth
  mohammed