Testing new SSL configurtaion on ebs

Similar Messages

• New SSL certificate is not being displayed correctly in FF, error: ssl_error_rx_unexpected_server_key_exch

  I have installed a new SSL cert with associated chained root onto my SSL module.
  The certificate and its chain have been verified by verisign as being ok.
  The certificate handshake and exchange works fine on several other browser and OS combinations except FF. Unfortunately out customer base is heavily focussed on FF.
  Working (old certificate)
  https://eproc-europe.electrocomponents.com/emea/form-interface
  Not working (new certificate)
  https://eproc-americas.electrocomponents.com/amer/form-interface
  Any assistance would be greatly appreciated
  Regards
  Chris

  You can try to disable libPKIX support in Firefox, but it is not recommended to leave it disabled on the long run for security and vulnerability reasons.
  *<b>about:config</b> page: security.use_mozillapkix_verification = false
  Note that support for the security.use_mozillapkix_verification pref to disable PKIX has been removed in Firefox 33.

• Enabling SSL in oracle EBS 12.0.6

  Dear All,
  I want to enable SSL (secure socket layer). in oracle ebs R12,
  Application is 12.0.6
  Web/Apache server is 10.1.3
  Form and reports server 10.1.2
  Database server 10.2.0.4.0
  there is required any upgrade patch before enable ssl ?
  Thanks & Regards
  Ravi Kumar

  Hi Ravi,
  This is a duplicated thread, and you have raised a similar thread before..
  Enabling SSL in oracle EBS 12.0.6
  there is required any upgrade patch before enable ssl ?
  You environment will support configuring SSL.
  Please see note:
  Enabling SSL in Oracle E-Business Suite Release 12 (Doc ID 376700.1)
  Best Regards,

• Changing hostname on Callmanager 6.1 and generate new SSL

  I'm looking to change the hostname of our Callmanager because of a change in the naming convention for all our servers.
  Is it as easy as it seems or are there any precautions I need to be aware of?
  My thoughts were to just Change hostname under Cisco Unified CM Configuration for both PUB and SUB
  Since I use mostly IP address for most of my configuration, are there anything else I need to be concerned about?
  Also, how do I generate a new SSL cert based on this change so admins and users won't get a certificate mismatch prompt?
  Thanks!

  Hi Ken,
  Thought you might want to see this
  CSCtf23432 Bug Details Bug #11 of 38 | < Previous | Next >
  CUCM Hostname change does not update self-signed certificates
  None
  Symptom:
  After a hostname change, self-signed certificates are not regenerated.  Web browser may indicate
  that the CUCM certificate is not valid.
  Conditions:
  hostname change procedure.
  Workaround:
  From the os admin page:
  1) security->certificate management
  2) select "find"
  3) for all the self-signed certs (identified by the description field),
  select regenerate.
  Further Problem Description:
  n/a
  Status
  Fixed             
  Severity
  3 - moderate
  Last Modified
  In Last Year        
  Product
  Cisco Unified Communications Manager (CallManager)         
  Technology
  1st Found-In
  7.1(2)       
  Fixed-In
  8.0(2.98000.25)
  8.0(2.10000.4)
  7.1(4.98000.167)
  8.0(2.98000.31)
  8.0(2.10000.24)
  7.1(5.10000.12)
  Cheers!
  Rob

• CSS - 11506 - Adding New SSL Services on Single SSL Modules

  Hi,
  We are having one pair of CCS 11506 currently SSL services are running on slot4 with single SSL module.Now we are planning to add one more SSL application with different certificates & keys on different VIP.
  Can we use the same slot4 for new application & using different certicates & keys on same SSL modules.Your reponse is appriecated

  Hi Sean,
  Thanks for replying back just want few clarifcations in configuration part.
  1. If new vlan is given for new application then how to point routes to the new vlan as default routes to exisitng vlan is already present.
  2. I've prepare sample config template with details steps & let us know will it work & if changes is required kindly let us know.
  1.# ftp-record ssl_record 192.168.19.21 johndoe "abc123"
  /home/johndoe
  2.# copy ssl sftp ssl_record import rsacert.pem PEM "passwd123"
  Connecting
  Completed successfully
  3.# copy ssl sftp ssl_record import rsakey.pem PEM "passwd123"
  Connecting
  Completed successfully
  4.Enter configuration mode.
  # config
  (config) #
  4. To use RSA public key exchange and authentication:
  a. Associate the imported RSA certificate with a file.
  (config) # ssl associate cert myrsacert1 rsacert.pem
  b. Associate the imported RSA key pair with a file.
  (config) # ssl associate rsakey myrsakey1 rsakey.pem
  5. Compare the public key in the associated certificate with the public key
  stored with the associated private key and verify that they are identical.
  (config) # ssl verify myrsacert1 myrsakey1
  Certificate mycert1 matches key mykey1
  ssl associate rsakey NEWKEY newkey.pem
  ssl associate cert NEWCERT newcert.pem
  !************************* INTERFACE *************************
  interface 3/3
  description "****WEB SIDE****"
  bridge vlan _ID_X.X.X.X
  bridge port-fast enable
  interface 3/4
  bridge vlan_ID_Y.Y.Y.Y
  bridge port-fast enable
  description "****PIX SIDE****"
  !************************** CIRCUIT **************************
  circuit VLAN_ID_X
  ip address A.A.A.A B.B.B.0
  ip virtual-router 2 priority 101 preempt
  ip redundant-interface 3 C.C.C.C
  ip critical-service 3 chk-con-pix_Y.Y.Y.Y
  ip critical-service 3 chk-con-web_X.X.X.X
  circuit VLAN_ID_Y
  ip address D.D.D.D E.E.E.0
  ip virtual-router 4 priority 101 preempt
  ip redundant-vip 4 F.F.F.F
  ip critical-service 4 chk-con-pix_Y.Y.Y.Y
  ip critical-service 4 chk-con-web_X.X.X.X
  !*********************** SSL PROXY LIST ***********************
  ssl-proxy-list NEW
  ssl-server 20
  ssl-server 20 vip address F.F.F.F
  ssl-server 20 cipher rsa-with-rc4-128-sha F.F.F.F 81
  ssl-server 20 cipher rsa-with-rc4-128-md5 F.F.F.F 81
  ssl-server 20 rsacert NEWCERT
  ssl-server 20 rsakey NEWKEY
  active
  !************************** SERVICE **************************
  service FRONT_SSL
  type ssl-accel
  slot 4
  keepalive type none
  add ssl-proxy-list NEW
  active
  service WEBSERVER-03
  ip address G.G.G.G
  redundant-index 3
  protocol tcp
  port 80
  active
  service WEBSERVER-04
  ip address H.H.H.H
  redundant-index 4
  protocol tcp
  port 80
  active
  service chk-con-pix_Y.Y.Y.Y
  keepalive type script ap-kal-pinglist "N.N.N.N"
  ip address J.J.J.J
  keepalive frequency 2
  keepalive maxfailure 2
  keepalive retryperiod 2
  active
  service chk-con-web_X
  ip address K.K.K.K
  keepalive type script ap-kal-pinglist "P.P.P.P"
  keepalive frequency 2
  keepalive maxfailure 2
  keepalive retryperiod 2
  active
  !*************************** OWNER ***************************
  owner NEW
  content BACKNEW_HTTP
  vip address F.F.F.F
  add service WEBSERVER-03
  add service WEBSERVER-04
  protocol tcp
  port 81
  url "/*"
  redundant-index 5
  no persistent
  active
  content FRONTENDNEW_SSL
  vip address F.F.F.F
  protocol tcp
  port 443
  application ssl
  add service FRONT_SSL
  active
  content NEW
  url "//www.ABC.com/*"
  vip address F.F.F.F
  protocol tcp
  port 80
  redundant-index 4
  redirect "https://ABC.com"
  active
  your reply on this would be highly appericated.

• New SSL certificate with 2048 bit shows error: (Fehlercode: sec_error_unknown_issuer)

  installed a new SSL certificate with 2048 bit encryption (as is now required by issuer of certificate). Everything is OK with IE, FF shows error: (Fehlercode: sec_error_unknown_issuer)
  == URL of affected sites ==
  https://www.dongil.at/

  I have also tried all the solutions mentioned - but no luck.
  I wrote to Geotrust support and the pointed out that I needed the intermediate certificate and provided me with this url:
  https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422
  Please note, this intermediate certificate was *not* the same is linked to above - seems like there are 2 different intermediate certificates, depending on what type of certificate you got from Geotrust.
  Just to recap - if you got yourself a "QuickSSL, QuickSSL Premium or SSL Trial"-certificate (like me) then use this intermediate:
  https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422
  If you got a "True BusinessID or Enterprise SSL"-certificate, you should use this:
  https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1423
  - Lasse

• CSM not accepting new SSL connections

  Hi,
  Could some one please help on me on this.
  My CSM is not accepting any new SSL connections for around 4 hours now. I have manaully rebooted the CSM now and it seems to be working fine.
  Teh CSM was working fine without any problem and I have not done any changes on the module. I would like to know why suddenly CSM not operational?
  Is ths hardware issue or software?
  I am running 4.1(3) software versin on the CSM.
  Thanks in advance. Your help would be highly appriciated.
  Regards
  Alex.

  Hi Alex,
  We would need to see a failed connection on the CSM's port-channel to see at what point the connection fails and multiple showtechs taken during the issue to see what, if any, error counters were incrementing.  Without this kind of data, there is no way to tell what the root cause of the failures were.
  Given that a reload of the module recovered the connectivity, it is likely not a hardware issue.
  In the event that this was to reoccur, I would recommend the following action plan:
  Get a showtech from the Supervisor
  Using SPAN, start a capture on the CSM port-channel.  The source interface of your monitor session would be Po<256 + csm-slot>.  For example, if the CSM is in slot 4, then the source interface of your  monitor session would be Po260.
  Let one or more connections fail
  Stop the capture
  Get a second showtech from the Supervisor.
  Also, as a proactive measure, I would strongly recommend an upgrade to the latest CSM 4.2(x) or 4.3(x) software as the 4.1 code is very old and there have been many bug fixes since then.4.2(13) would be a good choice, unless you need features of the 4.3(x) stream.
  Also, note that the CSM is now End-of-Life, as well as the 4.1(x) software.  Any bug fixes that are implemented until the End-of-Engineering support will only go into the 4.2(x) and 4.3(x) streams.
  Hope this helps,
  Sean

• Load testing of Web ADI in EBS R12

  Hi,
  I am currently testing Oracle E-Business Suite R12. Has anyone load tested the Web ADI integrator for Oracle EBS R12? What tool did you use?
  Did you use QTP or Oracle ATS functional testing? I was not able to do a POC using LoadRunner or OATS load test tool.
  Basically Web ADI is an integration that allows data to be uploaded/downloaded between Oracle EBS R12 and local excel.
  Any help is appreciated.
  Regards
  CP
  Edited by: oracletest on 14-May-2012 07:17

  Hi,
  I have found that OATS does not work easily with Web ADI in my case.
  Regards
  CP

• Lync front end connectivity test fails (SSL certificate / URL problem)

  We have a weird problem in our installation where Lync keeps complaining about connectivity issues to external reach proxy on our front end server.
  The event log error codes are 41024 and 41026.
  Here's the error from the snooper utility: 
  TL_ERROR(TF_COMPONENT) [0]1A14.0EE4::12/12/2014-10:31:30.901.0000000d (DataMCURunTime,DataProxies.ProcessResponse:1197.idx(601))
  (0000000001595A27)Failed poking Proxy error=[The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.], type=[ExternalReachProxy], url=[https://dunords36.du.local:4443/Reach/DataCollaborationRelayWebService.svc]
  The problem is that it makes the test with the INTERNAL FQDN (dunords36.du.local) and thus the SSL trust fails as the certificate is for our EXTERNAL FQDN on the front end server! I have verified this by testing the above URL with the external address and
  the internal one. With the external one the certificate is OK.
  If you're wondering; we do not use a reverse proxy. Instead we just have the firewall change the port and forward the traffic to our front end server. Our lync setup is a NAT'ed setup.
  I know about the security risks so this is not what the discussion is about.
  I can't find anywhere where i can change the above behaviour and tell lync to make the test on the correct, external FQDN. The settings in the topology builder all seems to be OK. And as you can see it does make the test on port 4443 which in our topology
  builder is configured for our external FQDN.

  Hi,
  Would you please elaborate your Lync Server environment (Standard Edition or Enterprise Edition)?
  Please double check if you enter the correct external base URL on Lync Topology.
  Please also check if the SAN of FE Server certificate correctly.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• How Can I Test New Apple Cinema Display?

  My new 30" Apple Cinema Display arrived today but the arrival of my MacBook Pro is still 4 weeks out (I ordered both at the same time for dual warranty purposes). I cannot hook this ACD to my wife's 12" PB and the only other computer that may have the ability is my daughter's new iMac Intel Core Duo (but I'm not sure if it will power the 30" ACD). I would like to test for stuck or dead pixels. Can I plug the AC cord into an outlet and no video connection then power on or will this show no pixel anomolies, or worse, cause potential harm to my display? Anyone? Thanks to all that may reply.
  PS: I threatened to cancel my order unless the Supervisor allowed me time to evaluate the new monitor the full 2 weeks AFTER the arrival of my MacBook Pro, so I have plenty of time, just no computer to run the darn thing!
  PowerBook G4 12" aluminum & iMac Intel Core Duo   Mac OS X (10.4.5)   Apple 30" Cinema Display w/ iLift LCD monitor arm

  I think pretty much any Mac with DVI will drive the 30" ACD, just not at the native resolution. You will get 1280x800. But if you are just looking at a solid full screen of a single color, for the purpose of trying to spot dead/stuck pixles, the low res shouldn't make any difference at all for such purposes.

• Generating a new SSL cert for Murmurd in light of Heartbleed

  Hello all,
  I'm sure there are some server operators out there who want to renew their keys and certificates generated and used by OpenSSL in light of the Heartbleed exploit.
  Since I just figured out how to force murmur to regenerate a new key and certificate, I thought I'd share with you in case you also want to.
  (1) shutdown your running murmurd instance
  (# systemctl stop murmur)
  (2) Find the config database and make a backup.
  (# cp -a /var/lib/murmur/murmur.sqlite /var/lib/murmur/murmur.sqlite.bak)
  (3) Open the database to edit
  (# sudo sqlite3 /var/lib/murmur/murmur.sqlite)
  (4) Time for some SQL!
  First, let's view all existing certificates and keys.
  (sqlite> select * from config
  The output is something like this:
  1|certificate|-----BEGIN CERTIFICATE-----
  <REDACTED>
  -----END CERTIFICATE-----
  1|key|-----BEGIN RSA PRIVATE KEY-----
  <REDACTED>
  -----END RSA PRIVATE KEY-----
  You'll see a bunch of BASE64 encoding between the BEGIN and END statements.
  I only have one server defined, hence the 1 in both database rows, which refers to the server_id. If you have more than one server instance, then I presume you'll have more rows, and they'll have different server_ids.
  (5) Now, it's time to delete the key and certificate, which forces murmur to regenerate them on it's next start up. If you want to generate a custom certificate and key, there's an adequate how-to here https://wiki.archlinux.org/index.php/Mu … ertificate
  If you have multiple servers defined, you'll want to be careful here: if you don't want to regenerate the SSL certificate and keys for all server instances, make sure to only delete the specific server_ids you want to update.
  (sqlite> delete from config where server_id=1;)
  Update the server_id=1 to be whatever server_id you want to change. I only have one server, so I just deleted that.
  (6) Quit out of the sqlite3 program
  (sqlite> .quit)
  (7) Restart your murmur server
  (# systemctl start murmur)
  If you do a
  # systemctl status murmur
  you'll see in the logs that it regenerates the SSL certificate on startup.
  I hope this was helpful.
  And, if this is the wrong forum for this, please let me know and I can remove it. Or if you're a kindly mod, perhaps you could move it for me?

  This should be in the Wiki so it can be easily found and used.

• Testing new Installation of WL Platform 8.1

  Hi,
  We are deploying WebLogic 8.1 Platform in our company. We just installed it and
  would like to make sure everything is working fine.
  What are the tests conducted to make sure all components of the platform (Portal,
  Workshop, Integrator, JRockit and Server) are all installed and configured correctly?
  Are there any standard suites of tests that are performed commonly in the WebLogic
  world when a new installation is done?
  Thanks,
  Anjali

  "Mark Griffith" <[email protected]> wrote in message
  news:[email protected]..
  | I already asnwered this on another newsgroup, please don't cross post and
  if
  | you do include all the newsgroups on the to line of a single post.
  | mbg
  |
  |
  | "Anjali Khanna" <[email protected]> wrote in message
  | news:[email protected]..
  | >
  | > Hi,
  | >
  | > We are deploying WebLogic 8.1 Platform in our company. We just installed
  | it and
  | > would like to make sure everything is working fine.
  | >
  | > What are the tests conducted to make sure all components of the platform
  | (Portal,
  | > Workshop, Integrator, JRockit and Server) are all installed and
  configured
  | correctly?
  | >
  | >
  | > Are there any standard suites of tests that are performed commonly in
  the
  | WebLogic
  | > world when a new installation is done?
  | >
  | > Thanks,
  | > Anjali
  | >
  |
  |
  Top posting is also considered improper also. You mean do not "multipost"
  vs. crosspost also. This is the appropriate forum, so could you elaborate
  on where you put this other info?
  ken k

• Test: NEW soundblaster z DRIVER ( SBZ_CD_L13_1_00_28 )

  creative has launched new SBZ_CD_L13_1_00_28 driver for soundblaster z seris in december 2014..i installed it immedialty with hope more performance improvements.. but
  testing the new driver was a huge dissapointment for me. my advise is DO NOT INSTALL it.. there is big performance problem with this driver.. when i install the driver​,i saw serious fps drops in games, espicially when alchemy enabled. at first i thought this happend because of new graphic card drivers but it wasnt. when i reinstall previous driver of soundblaser z the problem was solved.. my cpu boosted , no fps drops and works great with alchemy as well.. i think creative will relaunch new driver soon..

  Yes sure;
  -Gigabyte h61m-s2pv mainboard
  -gigabyte Gtx 650ti nvida graphics card
  -creative soundblaster z sound card
  -intel i5-3470 cpu
  -8gb kingston ddr3 hyperx ram
  -120 gb kingston ssd drive
  -500gb samsung 7200rpm hdd drive
  -windows 8.1 64bit
  I like my soundblaster z because of its performance.. It doesnt matter what sound settings you use, soundblaster process all audio without overload my cpu.. But with new driver i feel like the cpu usage has increased.. This easly can be seen espicially when alchemy enabled.. Im not talking about specific game.. My all games are affected.. Pes15, grid autosports, call of duty advNced warfare.. I reinstall priveous driver.. Problem solved ..i got again Nice performance with quality sounds what i expected form my soundblaster..

• Howto test new or modified network infrastructures with standardized testing methods?

  Hi,
  I'm sure many of you regularly do tests of new or modified network infrastructures before going live. And you developed detailed plans and schedules how to test, how I did too.
  Does anybody know if there exist standardized testing methods for this cases?
  Like recommendations how to check features, performance, hardware failures, convergence times, software updates, network management etc.?
  Does Cisco offer information concerning that?
  Especially for software testing there exist many methods to check if it's working properly, but for technical it infrastructures I did not find any informations.
  Best Regards
  Thorsten

  Thorsten
  I guess you are looking for something like this -
  http://www.ciscopress.com/store/enterprise-network-testing-testing-throughout-the-network-9781587141270
  should say I don't own the book or have ever read it.
  I have never come across a set of standardised testing methods in the same way software has but that's is not particularly surprising when you consider networking as an industry is a long way behind other parts of IT in that respect.
  We are all still using CLI for most of our jobs :-)
  I suspect with SDN that there will be a far more extensive range of testing tools available in the long run but we aren't there yet.
  Personally I do pretty much what you already have. When I was involved in design we had proof of concept labs where we could test it would actually work and which often fed back into the design.
  Then we had to test it with the existing production environment to see how it impacted on what we already had.
  If all that went well we then pretty much knew what tests we needed to run when we implemented it into production.
  Jon

• Testing new sip trunk for an upgraded system....

  Hey all,
  Hoping I can get a quick direction on this.....
  We are upgrading our call center servers and need to point a few test toll free numbers.
  I have already created a test sip trunk....here's where it all gets muddy for me. What do I need to do to route 4 specific toll free numbers to hit this specific sip trunk instead of going to our current one?
  Any docs and verbal guidance would be appreciated.
  Thanks in advance all!

  Ok,  so here's what i did....
  I created the following >>> RG with new server as member>RL with the new RG as member>RP
  We already have a RP of 5[1-9]XXX which matches the DNIS of the 4 toll free numbers we are using for this test, so I just went ahead and created an exact match RP of 59796. (I'll create the other 3 if I can get this to work)
  Before I created all this, the call went to our sales dept like designed. After creating it, now I get a "this number has been disconnected" message. What did I miss?