Use TLS instead of SSL in Oracle AS WebCache 10g (10.1.2)

Hi,
We use Oracle AS Webcache as a reverse proxy for all our OAS/ADF web applications.
Our sysadmin blocked SSL v3 icw POODLE vulnerability. Is there any way we can use TLS (1.2) instead of SSL in the Oracle Webcache 10g?
Many thanks,
Abraham

We are having the same issue on production environment.
Since Thursday 20th november 2014, Google Chrome does not allow connections to websites using SSLv3. This is because the POODLE vulnerability as described here: https://www.us-cert.gov/ncas/alerts/TA14-290A
I've already followed the configuration on My Oracle Support (Doc ID 1936300.1) without success. But i didn't applied the Critical Patchs Updates yet as the presented note Doc ID 405972.1.
I'm wondering if you found any workarround for this problem or if we can help each other. I believe we are not alone.
Thanks,
Jeison.

Similar Messages

How to Setup SSL on Oracle Application Server 10g Release 2 (10.1..2)

Hi All,
Can anybody tell me How to setup the SSL on Oracle Application Server 10g Release 2 (10.1.2).
I have all the required documents like
1. Oracle Application Server Portal Server Configuration Guide.
2. Oracle Application Server Web Cache Configuration Guide.
3. Oracle Application Server SSO Administration Guide.
I tried to follow all this documents but still i am not able to set SSL for Oracle Portal Server.

The Portal Configuration Guide, available on OTN at http://www.oracle.com/technology/documentation/appserver1012.html does provide some very specific information on how to set up OracleAS Portal.
Section 6.3.2.1 Configuring SSL for OracleAS Portal describes various configurations, such as:
SSL to OracleAS Single Sign-On
SSL to OracleAS Web Cache
SSL Throughout OracleAS Portal
External SSL with Non-SSL Within Oracle Application Server
For larger enterprise configurations, you can refer to the Enterprise Deployment Guide.
Can you give a bit more background on what you are trying to set up? Which scenario, what sort of hardware, software versions, and so on.
Regards,
Pete

HT4864 "Note: If you receive errors using SSL, try using TLS instead."

My outgoing mail server works with .me when I enable TLS, but not SSL, any security issues?

Appreciate your reply. Please help me in my further questions.
We were using SSL to connect to their server till now, now they want to upgrade it, so they want us to use TLS1.0
In the link I see that TLS1.0 and others are installed but I do not see them on our server. I will have them install it.
Once we have TLS installed and enabled does Biztalk HTTP adapter use TLS 1.0 as default to connect to external system automatically or do I have to change the HTTP send receive port which has a certificate in it.
Also with which tool can I check if Biztalk is actually using TLS or SSL.

Https ssl config Oracle AS, webcache, portal...almost works

Hi,
I have searched the forums and I havent found anything that works for me.
I have Oracle infrastructure on one server, and Oracle App server/portal on another server. I can get as far as the http server showing the "welcome to oracle" page in https form. When I try to access a page in the portal (plsql) I get a blank page. It does convert the "https://myserver:xxxx//pls/portal/url/page/IRWEB/HOME
" to "https://myserver:xxxx/portal/page?_pageid=73,86254,73_86264:73_86316:73_8632...." but nothing comes up.
Also, it uses the Infrastructure server for single-sign-on...so I need to make the app server do the single sign-on. I've tried by adding /pls/orasso entry in DADS.conf of http server..
So as far as I can tell...the http server IS operating in https/ssl, but the single-sign-on and the pages in the portal are not.
I have to do everything manually since I am using 10.1.2 (no Oracle Collab Suite installed, so no SSLConfigTool and other assistants)
Here is what I've done to get https://myserver:xxxx/ to come up ok.
server 1: Oracle Infrastructure and Oracle database release 1 10.1.2.0.0
server 2: Oracle Application Server / Portal with webcache release 2 10.1.2
using Oracle Wallet for certificate,
http server -> process management "ssl-enabled",
http server -> advanced -> ssl.config: SSLWallet file:, SSLWalletPassword, virtual host for ssl
webcache -> added settings for ssl (I used the current entries for non-ssl as a guide for the ssl entries)
Interesting issue...with the ports in the ssl.conf file example:
Port 4459
Listen 4459
VirtualHose myserver.blah.edu:4450
Port 4458
When I get the blank page trying to use ssl and 4459, I can manually change the url in my browser to 4458 (or maybe its the other way around) and get this message: "Error: The portlet could not be contacted"
Is this a problem with webcache? Do I have to do any ssl config on the server with the database?
I've even tried disabling the webcache, both with the oracle sql script and through web interface but neither made a difference...same problem.
Any help would be greatly appreciated..I feel as if I'm almost there.
If I did not post enough info for accurate help, please ask what you need to know to provide help! Thanks in advance.

Hi,
Yes you can go for SSl configuration without re-installing any of the components.
Regards,
access_tammy

When Oracle BI Discoverer 10g will be released on AIX?

Hi
If anyone knows ?
I need it to prepare project plan.
thnx
slawonzo

Hi Asim,
The instructions for integrating Discoverer with IDM/Portal are in the Discoverer doc listed above. Most people shutdown the Discoverer 4i server, upgrade the EUL to 10g, then install the 10g Discoverer software and configure the apps to use it. Details are all in the doc.
1. Install Oracle Application Server 10g Release 2 (10.1.2.0.2)
1.1. Install OracleAS Identity Management Infrastructure 10g (10.1.4.0.1)
You must install OracleAS Identity Management Infrastructure 10g (10.1.4.0.1) on a standalone server or in a separate ORACLE_HOME on an existing application tier server node. Follow the instructions in the Oracle Application Server 10g Installation Guide for your operating system platform.
1.2. Install Oracle Application Server 10g Release 2 (10.1.2.0.2) type Business Intelligence and Forms
You must install Oracle Application Server 10g Release 2 (10.1.2.0.2) installation type Business Intelligence and Forms in a seperate ORACLE_HOME from the previously installed OracleAS Infrastructure. During installation of Oracle Application Server 10g Release 2 (10.1.2.0.2) type Business Intelligence and Forms you will be prompted for Oracle Internet Directory details. Please provide your Oracle Application Server 10g (10.1.4.0.1) Infrastructure hostname and port number as configured in step 1.1.
Also see the 10g OAS 11i installation guide for SSO instructions:
Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=233436.1
Make sure you review the SSO Exceptions list in Appendix A - Product-Specific SSO Exceptions. You will need to use the internal fnd_user non-SSO username/password for these products.
Here is the SSL doc for 11i and 10g Application Server.
Enabling SSL with Oracle Application Server 10g and the E-Business Suite
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=340178.1
Regards,
-Michael

URGENT: Deployment of ADF UIX application to Oracle App Server 10g

Hi,
Please let me know of documentation of how to deploy an ADF UIX application developed using Jdeveloper9.0.5.2 to Oracle Application Server 10g.
I have already created an WAR and EAR deployment profile. and also an ORacle APp server connection from the connections tab in Jdeveloper.
Thanks a lot.

Have a look at the JDeveloper online help (F1) there is a complete chapter about deploying:
http://helponline.oracle.com/jdeveloper/help/state/content/destination.2%7E9%7E1%7E6%7E/navSetId.jdeveloper/oldNavId.0/navId.0/oldNavSetId.jdeveloper/
Basically you need to deploy the ADF runtime libraries (use the ADF Runtime Installer), and then deploy your WAR.

Using SQL server instead of Olite in Oracle BPEL

I am now trying to use SQL 2000 server instead of Olite in Oracle BPEL. I couldn't find any instruction or admin config guide. Has anyone had any luck with this?
If anyone has any experience, please shed some light on this.
I am now able to get "domain_sqlserver" dll file populated into SQL server.
How di i configure BPEL to use SQL db instead of Olite? Do i need to set up database connections to work?
Thank you very much in advance.

Edwin,
Thank you so much for the info.
I have emailed to [email protected] for the question.
Up to now, i have done the followings:
1. I have successfully populated domain_sqlserver ito SQL 2000 with some modification.
2. I have also configured data-sources.xml under ..\integration\orabel\system\services\install\config and unser ..\integration\orabel\system\appserver\oc4j\j2ee\home\config to use MSFT SQL 2000 instead of Olite.
3. I have also commented out running kill_Olite.bat and start_olite.bat, and start SQL 2000 server.
4. Installed Data Direct JDBC driver
Could you please kindly point me what are the rest of configuration required in order to make it work?
Thank you so much.

LDAP setup with SSL - Can't use tls auth type

I'm trying to configure Solaris 10 to use ldap against my OpenLDAP server with SSL but whenever I try to set the authentication as tls:simple, it gives me an error :
# ldapclient mod -a authenticationMethod=tls:simple
Cannot specify LDAP port with tls
# ldapclient mod -a authenticationMethod=tls
Unable to set value: invalid authenticationMethod (tls)
Any ideas how to get this to work - I can do an ldapsearch if I supply a -H ldaps://ldapserver:636 so my certs in /var/ldap are good.
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=srv_login,ou=LDAPusers,dc=unix_srv,dc=energy.ge.com
NS_LDAP_BINDPASSWD= {NS1}c53708877bc6
NS_LDAP_SERVERS= 10.10.1.14:636
NS_LDAP_SEARCH_BASEDN= dc=unix_srv,dc=energy.ge.com
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SERVER_PREF= 10.10.1.14:636
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=unix_srv,dc=energy.ge.com?sub
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=unix_srv,dc=energy.ge.com?sub
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=Group,dc=unix_srv,dc=energy.ge.com?one
Thanks,
Jay

When using TLS you have to specify the FQN for the LDAP server and the port is ALWAYS 636.
Also, you need to setup up your client to use FQN as well (/etc/hosts).

How to Implement SSL with Oracle Applications R12 without using Load Balanc

How to Implement SSL with Oracle Applications R12.1.3 without using Load Balancer

Please refer to (Enabling SSL in Release 12 [ID 376700.1]).
Thanks,
Hussein

Ldap client in Solaris using TLS

I have installed an OpenLap server (version 2.2.13-2) in a Red Hat ES 4.
My LDAP clients are
- Linux (redhat and mandriva)
- Solaris 8 (with the last recommended path and 10893-62 path for ldapv2)
- Tru64 (5.1B)
If a use simple authentification all works fine (search in LDAP,
authentification and automount).
However, when I use TLS the Solaris LDAP client doesn't seem to work.
When I run the LDAP client the process freeze
With my Linux and Tru64 clients all work fine using LS.
I have downloaded the certificates from my LDAP server using Netscape browser.
I have copied cert7.db and key3.db in the "/var/ldap/directory" with a
"chmod 644" in this files.
I can do a "ldapsearch -x -ZZ objectclass=*" and this returns data.
The last logs of the ldap_cachemgr are:
Mon Nov 20 09:34:46.4425 Starting ldap_cachemgr, logfile /var/ldap/cachemgr.log
If I do a truss when I launch the client the
result was this:
lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
door_return(0x00000000, 0, 0x00000000, 0) (sleeping...)
lwp_cond_wait(0xFF0F34F0, 0xFF0F3500, 0xFF0ECD88) (sleeping...)
This is my ldap_client_file:
# Do not edit this file manually; your changes will be lost.Please use
ldapclient (1M) instead.
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= srvldap
NS_LDAP_SEARCH_BASEDN= dc=example,dc=com
NS_LDAP_AUTH= tls:simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= sub
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_CACHETTL= 3600
NS_LDAP_PROFILE= tls_profile
NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=Users,dc=example,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= group: ou=Groups,dc=example,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=Users,dc=example,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= auto_home:
automountMapName=auto_home,ou=Sun,ou=AutoFS,dc=example,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= auto_master:
automountMapName=auto_master,ou=Sun,ou=AutoFS,dc=example,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= auto.home:
nisMapName=auto.home,ou=Sun,ou=AutoFS,dc=example,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= auto.master:
nisMapName=auto.master,ou=Sun,ou=AutoFS,dc=example,dc=com?one
NS_LDAP_BIND_TIME= 10
I have launched ethereal so see network communications with my Solaris 8 client and the LDAP server.
And with this configuration the Solaris box only communicates with the LDAP server using LDAP port 389 and not LDAPS port 636.
I have done the same test with a linux and tru64 box and they use LDAPS port 636 to communicate with my LDAP server.
Does anyone have an idea on getting Solaris using TLS/SSL?
Thanks.

LDAP Setup and Configuration Guide
Solaris 8 2/04 Update Collection > LDAP Setup and Configuration Guide > 1. Overview > Solaris Name Services
[http://docs.sun.com/app/docs/doc/806-5580/6jej518ou?l=en&a=view&q=solaris+8+ldap]
Download this book in PDF (557 KB)
[http://dlc.sun.com/pdf/806-5580/806-5580.pdf]

How to get report in excel format instead of pdf from oracle forms.

Hi,
How to get report in excel format instead of pdf from oracle forms.
Form & Report developer 10g
report format .rdf

create a report using report builder.
call the report from form using the following procedure
DECLARE
     RO_Report_ID REPORT_OBJECT;
     Str_Report_Server_Job VARCHAR2(100);
     Str_Job_ID VARCHAR2(100);
     Str_URL VARCHAR2(100);
     PL_ID PARAMLIST ;
BEGIN
PL_ID := GET_PARAMETER_LIST('TEMPDATA');
     IF NOT ID_NULL(PL_ID) THEN
DESTROY_PARAMETER_LIST(PL_ID);
     END IF;
     PL_ID := CREATE_PARAMETER_LIST('TEMPDATA');
     RO_Report_ID := FIND_REPORT_OBJECT('RP2RRO');
     Add_Parameter(pl_id,'P_SUPCODE',TEXT_PARAMETER,:CONTROL.S_CODE);
Add_Parameter(pl_id,'P_INVOICE_NO',TEXT_PARAMETER,:CONTROL.IN_NO);
Add_Parameter(pl_id, 'PARAMFORM', TEXT_PARAMETER, 'NO');
     SET_REPORT_OBJECT_PROPERTY(RO_Report_ID, REPORT_FILENAME, 'INVOICE_REG_DETAILS.rep');
     SET_REPORT_OBJECT_PROPERTY(RO_Report_ID, REPORT_COMM_MODE, SYNCHRONOUS);
     SET_REPORT_OBJECT_PROPERTY(RO_Report_ID, REPORT_EXECUTION_MODE, BATCH);
     SET_REPORT_OBJECT_PROPERTY(RO_Report_ID, REPORT_DESTYPE, FILE);
     SET_REPORT_OBJECT_PROPERTY(RO_Report_ID, REPORT_DESFORMAT, 'SPREADSHEET');
     SET_REPORT_OBJECT_PROPERTY(RO_Report_ID, REPORT_SERVER, 'rep_dbserver_frhome1');
     Str_Report_Server_Job := RUN_REPORT_OBJECT(RO_Report_ID, PL_ID);
     Str_Job_ID := SUBSTR(Str_Report_Server_Job, LENGTH('rep_dbserver_frhome1') + 2, LENGTH(Str_Report_Server_Job));
     Str_URL      := '/reports/rwservlet/getjobid' || Str_Job_ID || '?server=rep_dbserver_frhome1';
     WEB.SHOW_DOCUMENT(Str_URL, '_SELF');
     DESTROY_PARAMETER_LIST(PL_ID);
END;

Trying to configure a Win 2003 Server to use TLS server authentication . . .

I am trying to
configure a Win 2003 Server to use TLS server authentication following Method 2 in KB 895443 - see below:-
Method 2: By using the Certificate Request Wizard
The following steps describe how to obtain a certificate from a Windows Server 2003 Certification Authority. You can also request a certificate from a Windows 2000
Certification Authority. Additionally, you must have Read permissions and Enroll permissions on the certificate template file to successfully request a certificate. Use this method if one or more of the following conditions are true:
You want to request a certificate from an Enterprise Certification Authority.
You want to request a certificate that is based on a template where the subject name is generated by Windows.
You want to obtain a certificate that does not require administrator approval before the certificate is issued.
To obtain a certificate, follow these steps:
Click Start, click Run, type mmc, and then click OK.
On the File menu, click Add/Remove Snap-in.
Click Add, click Certificates, and then click Add.
Click Computer account, and then click Next.
If you want to add a certificate to the local computer, click Local computer. If you want to add a certificate to a remote computer, click Another
computer, and then type the name of that remote computer in the Another computer box.
Click Finish.
In the Add Standalone Snap-in dialog box, click Close, and then click OK in the Add/Remove
Snap-in dialog box.
Under Console Root, click Certificates (Local Computer).
Note If you configured the Certificates MMC snap-in to manage a remote computer, click Certificates (servername)instead of Certificates (Local Computer).
On the View menu, click Options.
In the View Options dialog box, click Certificate purpose, and then click OK.
In the right pane, right-click Server Authentication, point to All Tasks, and then click Request New Certificate.
In the Certificate Request Wizard that starts, click Next.
In the Certificate types list, click Server Authentication, click to select the Advanced check box,
and then click Next.
In the Cryptographic Service Providers list, click Microsoft RSA SChannel Cryptographic Provider.
I get as far as step 11 and I get the error message:-
The wizard cannot be started because of one or more of the following conditions:
- There are no trusted certification authorities (CAs) available.
- You do not have the permissions to request certificates from the available CAs.
- The available CAs issue certificates for which you do not have permissions.
This is covered in KB 927066 – see below:-
To resolve the problem, follow these steps:
Verify that the CERTSVC_DCOM_ACCESS group exists in the domain that hosts the certification authority. This group is in the CN=Users container.
To do this, follow these steps:
Click Start, click Run,
type Dsa.msc, and then click OK.
In the left pane, click the Users container.
Verify that the CERTSVC_DCOM_ACCESS group is in the right
pane. If the CERTSVC_DCOM_ACCESS group is not in the right pane, go to step 4.
Verify that the CERTSVC_DCOM_ACCESS group includes the following member groups:
Domain Users
Domain Computers
If these member groups do not exist in the CERTSVC_DCOM_ACCESS group, go to step 4.
Note If users or computers in other domains need to enroll against the certification authority, you must also add those users and computers to the CERTSVC_DCOM_ACCESS group. If the current problem occurs on a domain
controller, you must also add the Enterprise Domain Controllers group to the CERTSVC_DCOM_ACCESS group. By default, domain controllers are not members of the Domain Computers global group. Therefore, domain controllers
do not have sufficient DCOM permissions.
Verify that the CERTSVC_DCOM_ACCESS group has the appropriate DCOM Access permissions and DCOM Launch and Activation permissions on the computer that hosts the certification
authority.
Click Start, point to Program,
point to Administrative Tools, and then click Component Services.
Expand the Component Services node.
Expand the Computers node.
Right-click the My Computer node, and
then click Properties.
Click the COM Security tab.
Under Access Permission, click Edit
Limits.
Verify that the CERTSVC_DCOM_ACCESS group has Allow Local Access and Allow
Remote Access permissions, and then click Cancel.
Under Launch and Activation Permissions, click Edit
Limits.
Verify that the CERTSVC_DCOM_ACCESS group has Allow Local Activation and Allow
Remote Activationpermissions, and then click Cancel.
Click Cancel, and then close the Component
Services console.
Settings may be incorrect if any one of the following conditions is true:
The CERTSVC_DCOM_ACCESS group does not exist.
The default membership of the CERTSVC_DCOM_ACCESS group is incorrect.
The CERTSVC_DCOM_ACCESS group does not have the correct permissions.
If any one setting is incorrect, run the following commands at a command prompt. Press ENTER after each command.
certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
net stop certsvc
net start certsvc
Repeat steps 1 through 3 to verify that all the settings are correct.
Note If the changes affect the group membership of the certification authority server, you must restart the server for the changes to take effect.
The only part of the above instructions which I have not been able to complete is:-
“you must also add the Enterprise Domain Controllers group to the CERTSVC_DCOM_ACCESS group”.
When I click on the CERTSVC_DCOM_ACCESS user then click the Members tab & go to add Enterprise Domain Controllers the option is not there.

Hi Nick,
Have you successfully set up an enterprise CA?
If yes, is the enterprise CA’s certificate located under the Trusted Root Certification Authorities store?
Best Regards,
Amy

Using A 3rd Part SSL Certificate on DS 6.3

Hello,
I have a DS 6.3 server whose purpose is to authenticate Solaris 10 clients. All of my clients have been configured to communicate with the DS 6.3 server via SSL/TLS on port 636. To do this, I simply copied the slapd-cert8.db, slapd-key3.db and secmod.db files from the alias directory on the DS 6.3 server to the /var/ldap directory on each client. After renaming the files (removing the slapd- from the name) and configuring each client to bind using tls:simple, via a profile, things work just fine.
However.....
I used the default certificate generated by DS 6.3 during the install of the product. Unfortunately this certificate is signed with weak algorithms, and failed an audit. I have tried replacing the certificate with a GoDaddy 3rd party cert, and a self-signed certificate created using openssl, but as soon as I copy the cert8/key3 databases to the client as described above, the client can no longer connect to the server. I've added the server cert from GoDaddy as well as their root cert using both the dsadm tools and the certutil tools. I've done the same with the certs that I generated via openssl. In both cases, the only error message I receive on the client is the "libsldap: Status: 81 Mesg: openConnection: simple bind failed - Can't contact LDAP server". Yet if I go back to using the default certificate generated by DS 6.3, everything works just fine.
Can anyone help with this?
Thanks in advance...

As you indicated, name resolution was the problem again, but in a different way. When I had the DS server configured to use my self-signed cert, I had the following entry in /etc/nsswitch.conf on my ldap client:
hosts: ldap [NOTFOUND=continue] files
Once I switched the DS server to using the 3rd Party (GoDaddy) cert, I was unable to ping the DS server by its FQDN, despite having that entry in my hosts file. I had to switch the /etc/nsswitch.conf on the client to look like this:
hosts: files [NOTFOUND=continue] ldap
Once I had done this, I was able to access the DS server from the client using the GoDaddy cert.
I tried this same configuration on another DS server and ran into one additional problem. this new DS server had some of the ciphers disabled per recommendation by our auditors. I could not my client to connect until I reconfigured the server to use all available ciphers. How can I tell which ciper the client and server want to use when communicating, so that I don't disable it? Is there any way to configure which cipher is used for SSL communication?
Thanks very much for your assistance

Enabling SSL for Oracle Enterprise Manager 10.1.3.1 is Failing!!!

Hi All,
I have followed the steps described in
http://download-uk.oracle.com/docs/cd/B31017_01//core.1013/b28940/em_app.htm#BABCEEAH.
However when I am trying to start the application server using 'opmnctl startall' the server is not starting and some timeout is getting generated in the log file.
Is it that enabling SSL will only make the EM console secured? Then how to enable SSL for other soa components like - BPEL,ESB,OWSM? Are there any documentations available?
Also please let me know how can I enable SSL for Oracle Application server console?
Please any advice will be appreciated. I am in the middle of a project delivery.
Thanks

Hi,
Let me first highlight the installation that I have done. I have installed SOA components with 'basic installation' mode.
The log file under <ORACLE_SOA_HOME>/opmn/config/ has generated the following stack:-
08/07/25 11:03:34 Start process
08/07/25 11:03:37 WARNING: XMLApplicationServerConfig.overwriteSiteConfigPort Port assignment is ignored: web-site not found in the server OC4JServiceInfo id: default-web-site protocol: http hostname: null port: 8890 description: null
08/07/25 11:03:37 WARNING: XMLApplicationServerConfig.overwriteSiteConfigPort Port assignment is ignored: web-site not found in the server OC4JServiceInfo id: secure-web-site protocol: https hostname: null port: 1156 description: null
08/07/25 11:03:47 log4j:WARN No appenders could be found for logger (wsif).
08/07/25 11:03:47 log4j:WARN Please initialize the log4j system properly.
08/07/25 11:03:53 WARNING: OC4J Service: ascontrol-web-site with protocol: https and port: 1156 was not declared in opmn.xml
08/07/25 11:03:53 Oracle Containers for J2EE 10g (10.1.3.1.0) initialized
08/07/25 11:03:53 WARNING: OC4J will not send ONS ProcReadyPort messages to opmn for service: OC4JServiceInfo id: default-web-site protocol: http hostname: null port: 8890 description: null
08/07/25 11:03:53 default-web-site hostname was null
08/07/25 11:03:53 WARNING: OC4J will not send ONS ProcReadyPort messages to opmn for service: OC4JServiceInfo id: secure-web-site protocol: https hostname: null port: 1156 description: null
08/07/25 11:03:53 secure-web-site hostname was null
On the command prompt I am getting the following error:-
opmn id=CALTP8BB32:6203
0 of 1 processes started.
ias-instance id=home.CALTP8BB32.cts.com
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ias-component/process-type/process-set:
default_group/home/default_group/
Error
--> Process (index=1,uid=301928631,pid=2944)
failed to start a managed process after the maximum retry limit
Log:
D:\product\SOASuite\opmn\logs\\default_group~home~default_group~1.log
--------------------------------------------------------------+---------
ias-component | process-type | pid | status
--------------------------------------------------------------+---------
OC4JGroup:default_group | OC4J:home | N/A | Down
ASG | ASG | N/A | Down
Please let me know where am I going wrong?
Thanks,
Mandrita.

Error using the test console of the Oracle Service Bus 11gR1

Hi I am facing a an issue while using the test console of the Oracle Service Bus 11gR1 .
Every time I try to execute a business service or a proxy service I end up getting the following message.
Error Accessing Test Configuration
*"Test Console" service is not running. Contact administrator to start this service.*
In fact to add to my frustration I am unable to execute any of my proxy services from outside clients like SOAPUI as well.
Is anyone else facing this too ??
Also every time the server starts I can see some diagnostic error messages on my Eclipse console.
*[ERROR] AdapterManager - ServletContainerAdapter manager not initialized correctly.*
Attached the whole log at the end below.
To provide an update on my trouble shooting
1. ) I tried to give the IntegrationAdmin and IntegrationDeployer roles to my admin user. in fact i also tried to give it all the possible privileges.
Result: Still the same error message.
Error Accessing Test Configuration
"Test Console" service is not running. Contact administrator to start this service.
2.) I have already tried to change the following entry <java:alsb-test-console-debug>true</java:alsb-test-console-debug> in my C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\alsbdebug.xml
I am also attaching the file contents here
<java:sb-debug-logger xmlns:java="java:com.bea.wli.debug">
<java:alsb-stages-transform-runtime-debug>false</java:alsb-stages-transform-runtime-debug>
<java:alsb-alert-manager-debug>false</java:alsb-alert-manager-debug>
<java:alsb-credential-debug>false</java:alsb-credential-debug>
<java:alsb-jms-reporting-provider-debug>false</java:alsb-jms-reporting-provider-debug>
<java:alsb-management-credential-debug>false</java:alsb-management-credential-debug>
<java:alsb-management-dashboard-debug>false</java:alsb-management-dashboard-debug>
<java:alsb-management-debug>false</java:alsb-management-debug>
<java:alsb-management-user-mgt-debug>false</java:alsb-management-user-mgt-debug>
<java:alsb-module-debug>false</java:alsb-module-debug>
<java:alsb-monitoring-aggregator-debug>false</java:alsb-monitoring-aggregator-debug>
<java:alsb-monitoring-debug>false</java:alsb-monitoring-debug>
<java:alsb-pipeline-debug>false</java:alsb-pipeline-debug>
<java:alsb-security-wss-debug>false</java:alsb-security-wss-debug>
<java:alsb-service-account-manager-debug>false</java:alsb-service-account-manager-debug>
<java:alsb-service-provider-manager-debug>false</java:alsb-service-provider-manager-debug>
<java:alsb-service-repository-debug>false</java:alsb-service-repository-debug>
<java:alsb-service-security-manager-debug>false</java:alsb-service-security-manager-debug>
<java:alsb-service-validation-debug>false</java:alsb-service-validation-debug>
<java:alsb-test-console-debug>true</java:alsb-test-console-debug>
<java:alsb-transports-debug>false</java:alsb-transports-debug>
<java:alsb-uddi-debug>false</java:alsb-uddi-debug>
<java:alsb-wsdl-repository-debug>false</java:alsb-wsdl-repository-debug>
<java:alsb-wspolicy-repository-debug>false</java:alsb-wspolicy-repository-debug>
<java:alsb-security-encryption-debug>false</java:alsb-security-encryption-debug>
<java:alsb-security-module-debug>false</java:alsb-security-module-debug>
<java:alsb-sources-debug>false</java:alsb-sources-debug>
<java:alsb-custom-resource-debug>false</java:alsb-custom-resource-debug>
<java:alsb-mqconnection-debug>false</java:alsb-mqconnection-debug>
<java:alsb-throttling-debug>false</java:alsb-throttling-debug>
<java:alsb-flow-resource-debug>false</java:alsb-flow-resource-debug>
<java:alsb-flow-transport-debug>false</java:alsb-flow-transport-debug>
<java:alsb-flow-deployment-debug>false</java:alsb-flow-deployment-debug>
<java:alsb-debugger-debug>false</java:alsb-debugger-debug>
<java:alsb-console-debug>false</java:alsb-console-debug>
<java:alsb-result-caching-debug>false</java:alsb-result-caching-debug>
<java:alsb-bpel-debug>false</java:alsb-bpel-debug>
<java:alsb-jca-framework-adapter-debug>false</java:alsb-jca-framework-adapter-debug>
</java:sb-debug-logger>
starting weblogic with Java version:
java version "1.6.0_18"
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode)
Starting WLS with line:
C:\Oracle\MIDDLE~1\home11g\JDK160~1\bin\java -client -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m -Dweblogic.Name=AdminServer -Djava.security.policy=C:\Oracle\MIDDLE~1\home11g\WLSERV~1.3\server\lib\weblogic.policy -Xverify:none -da -Dplatform.home=C:\Oracle\MIDDLE~1\home11g\WLSERV~1.3 -Dwls.home=C:\Oracle\MIDDLE~1\home11g\WLSERV~1.3\server -Dweblogic.home=C:\Oracle\MIDDLE~1\home11g\WLSERV~1.3\server -Ddomain.home=C:\Oracle\MIDDLE~1\home11g\USER_P~1\domains\OSB_DO~1 -Dcommon.components.home=C:\Oracle\MIDDLE~1\home11g\ORACLE~1 -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Djrockit.optfile=C:\Oracle\MIDDLE~1\home11g\ORACLE~1\modules\oracle.jrf_11.1.1\jrocket_optfile.txt -Doracle.domain.config.dir=C:\Oracle\MIDDLE~1\home11g\USER_P~1\domains\OSB_DO~1\config\FMWCON~1 -Doracle.server.config.dir=C:\Oracle\MIDDLE~1\home11g\USER_P~1\domains\OSB_DO~1\config\FMWCON~1\servers\AdminServer -Doracle.security.jps.config=C:\Oracle\MIDDLE~1\home11g\USER_P~1\domains\OSB_DO~1\config\fmwconfig\jps-config.xml -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Digf.arisidbeans.carmlloc=C:\Oracle\MIDDLE~1\home11g\USER_P~1\domains\OSB_DO~1\config\FMWCON~1\carml -Digf.arisidstack.home=C:\Oracle\MIDDLE~1\home11g\USER_P~1\domains\OSB_DO~1\config\FMWCON~1\arisidprovider -Dweblogic.alternateTypesDirectory=C:\Oracle\MIDDLE~1\home11g\ORACLE~1\modules\oracle.ossoiap_11.1.1,C:\Oracle\MIDDLE~1\home11g\ORACLE~1\modules\oracle.oamprovider_11.1.1 -Dweblogic.jdbc.remoteEnabled=false -Dweblogic.management.discover=true -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=C:\Oracle\MIDDLE~1\home11g\patch_wls1033\profiles\default\sysext_manifest_classpath;C:\Oracle\MIDDLE~1\home11g\patch_oepe1033\profiles\default\sysext_manifest_classpath;C:\Oracle\MIDDLE~1\home11g\patch_ocp353\profiles\default\sysext_manifest_classpath weblogic.Server
<30-Jun-2010 16:22:43 o'clock BST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) Client VM Version 16.0-b13 from Sun Microsystems Inc.>
<30-Jun-2010 16:22:47 o'clock BST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.3.0 Fri Apr 9 00:05:28 PDT 2010 1321401 >
<30-Jun-2010 16:22:48 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<30-Jun-2010 16:22:48 o'clock BST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<30-Jun-2010 16:22:49 o'clock BST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\AdminServer.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<30-Jun-2010 16:22:49 o'clock BST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\AdminServer.log00005. Log messages will continue to be logged in C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\AdminServer.log.>
<30-Jun-2010 16:22:49 o'clock BST> <Notice> <Log Management> <BEA-170019> <The server log file C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\AdminServer.log is opened. All server side log events will be written to this file.>
<30-Jun-2010 16:22:56 o'clock BST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<30-Jun-2010 16:22:58 o'clock BST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\access.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<30-Jun-2010 16:22:58 o'clock BST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\access.log00005. Log messages will continue to be logged in C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\access.log.>
<30-Jun-2010 16:23:06 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY>
<30-Jun-2010 16:23:06 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<30-Jun-2010 16:23:59 o'clock BST> <Warning> <JDBC> <BEA-001110> <No test table set up for pool "wlsbjmsrpDataSource". Connections will not be tested.>
<30-Jun-2010 16:23:59 o'clock BST> <Warning> <JDBC> <BEA-001552> <The Logging Last Resource (LLR) data source wlsbjmsrpDataSource will not function when it is a participant in a global transaction that spans multiple WebLogic Server instances because remote JDBC support is disabled. LLR will function in single-server configurations.>
<30-Jun-2010 16:25:35 o'clock BST> <Alert> <OSB Security> <BEA-387068> <There is no PKI credential mapper provider configured in your security realm. Service key provider management will be disabled. Configure a PKI credential mapper provider if you need service provider support. This is typically the case if you have Oracle Service Bus proxy services with web service security enabled or outbound 2-way SSL connections.>
<30-Jun-2010 16:25:40 o'clock BST> <Warning> <WliSbTransports> <BEA-381917> <MQ Transport could not be registered due to : Missing MQ Library>
[ERROR] AdapterManager - ServletContainerAdapter manager not initialized correctly.
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\OSB_domain.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\OSB_domain.log00005. Log messages will continue to be logged in C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\OSB_domain.log.>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7001 for protocols iiop, t3, ldap, snmp, http.>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.128.2.170:7001 for protocols iiop, t3, ldap, snmp, http.>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "AdminServer" for domain "OSB_domain" running in Development Mode>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
This is really putting me off and its really disappointing to see all these issues in this new release.
How can oracle let a release slip in with such a Major Issue.
Please can any one help or provide a work around atleast.
Regards
Nitin

I guess till version 10gr3.1 you only needed to start one server and it allowed to access both admin and service bus console.Yes, in 11g as well you may access the admin and OSB console by just starting the admin server but in 11g OSB configuration gets deployed on OSB server (managed server) and test service also runs over this server.
Are you saying there is some other server I need to start just for running the test console ????Yes. Managed server osb_server1 needs to be started for deploying, testing and accessing OSB resources.
As If the OSB server was not running how can I check my published services, modify them and do all the bits and pieces after opening the open the service bus console but not just test them???You can modify and save your configuration without staring OSB server but if you will check in change centre then all the changes being done without starting OSB server will remain in partially activated state.
I have been using the service bus for 3 years and I have never faced any such issue.With each new release you may get new features and with a major release like 11g, architecture and functionality may change.
If it all there is some other server I need to start then whats the process to do so ??Open command prompt. Navigate to $Domain_Home/bin and run command
startManagedWeblogic.cmd <nameOfManagedServer>
for eg. -
D:\OFMW11g\mw\user_projects\domains\ofmw_domain\bin>startManagedWebLogic.cmd osb_server1
Once this server is up and running, try using test console.
Regards,
Anuj

Use TLS instead of SSL in Oracle AS WebCache 10g (10.1.2)

Similar Messages

Maybe you are looking for