Using OSE with SSL

Similar Messages

• Problem using HTTPService with SSL

  I have seen a lot of messages talking about problems with
  HTTPService and SSL (https) regarding Flex 1.5.
  What I would like to know is if there are any similar issues
  in Flex 2? I am using HTTPService to access an https address
  through a reverse proxy and am getting an IO error (streaming
  error) for reasons beyond me. The first thing I want to know is
  whether there are any obvious bugs or required work-arounds when
  using HTTPService with SSL.
  thanks

  I had problems with IE6+HTTPS+Flex 2.
  I had to set the HTTP header on server side.
  Cache-Control
  no-store, no-cache, must-revalidate, post-check=0,
  pre-check=0
  Java code:
  response.setHeader("Cache-Control", "no-store, no-cache,
  must-revalidate, post-check=0, pre-check=0");
  Lacito

• Can't send using SMTP with SSL on Exchange 2003

  We have an exchange 2003 server. The iPhone is configured for IMAP w/SSL for incoming and works fine. When we have SSL turned on on the outgoing SMTP, we get the message "Cannot send mail. Check the account settings for the outgoing server mail.domain.com". With SSL turned off, it works fine.
  I set up outlook on a PC to use IMAP/SMTP w/ SSL and it works fine. I can send and recieve with no errors.
  We're sure the user name and password entered for the outgoing are correct.
  What else could be causing the iPhone not to send, but where Outlook works fine?

  The new phone at the Verizon store had the exact same symptoms.  Ergo...the problem was in my server.
  So...if anyone else has this problem (can't send file attachments)...go to Exchange Server (I'm running 2007..settings on other version are slightly different), server settings, find the send hub. Click on it then look for the Exchange Active Sync tab and click it. Check the Ignore Client Certificates. This may only apply to those who run self generated SSL certs on thier Exchange Server...cheap **bleep**. LOL
  I swear...last week, before buying this Thunderbolt my OG Droid sent file attachments just fine.  Somehow I inadvertantly set the Active Sync to accept client certificates.  To err is human...to blame it on Verizon is more so.  LOL
  Nate

• RMI with SSL problem (cross post under RMI too)

  Hi,
  I'm having problems using RMI with SSL. I posted in the RMI forum originally but now realise the problems are with the SSL really.
  Perhaps someone who follows this forum could help.
  See post:
  http://forum.java.sun.com/thread.jsp?forum=58&thread=409347
  Thanks.

  There's more dukes in the other thread too.

• SOAP with SSL in weblogic 5.1

  Hello!
  Any idea of using SOAP with SSL in weblogic 5.1.?? My webservice works properly
  when I use http, but it doesn't work with http.
  It's very important to me, to get a solution for this problem!!
  Many thanks.
  Best regards,
  Rafa.

  Hi Rafa,
  Can you possibly upgrade? WLS 5.1 does not have a built-in web services
  stack. WLS 7 and WLS 8.1 make this very easy.
  You might try searching back in this newsgroup using the header search
  of "5.1"
  For starters, see:
  http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.developer.interest.webservices&item=1894&utag=
  HTHs,
  Bruce
  Rafa Nocete wrote:
  >
  Hello!
  Any idea of using SOAP with SSL in weblogic 5.1.?? My webservice works properly
  when I use http, but it doesn't work with http.
  It's very important to me, to get a solution for this problem!!
  Many thanks.
  Best regards,
  Rafa.

• How can i Use SERVLET with RMI to avoid trust certificate

  I know that for begining RMI, you must launch the server and the client.
  for the server i use :
  java -Djavax.net.ssl.trustStore=server.keystore -Djavax.net.ssl.keyStore=server.keystore -Djavax.net.ssl.keyStorePassword=server TestServer
  for the client I use :
  java -Djavax.net.ssl.trustStore=client.keystore -Djavax.net.ssl.keyStore=client.keystore -Djavax.net.ssl.keyStorePassword=client TestClient
  and all work fine.
  but i want to use a servlet for rmi client and i wrote this:
  public class AppelServlet extends HttpServlet
       public void doPost(HttpServletRequest request, HttpServletResponse response)
       throws ServletException, IOException
            try
                 System.out.println("Registering secure RMI socket factory ...");
                 java.rmi.server.RMISocketFactory.setSocketFactory(new SecureRMISocketFactory());
            TestRemote test = (TestRemote) Naming.lookup("rmi://127.0.0.1:7123/TestClient");
  String reponse=test.toLowerCase("HELLO WORLD");
                 System.out.println("la reponse est : "+reponse);
       catch (Exception e)
            System.out.println("test client exception: " +e);
  PrintWriter out = response.getWriter();
            response.setContentType("text/html");
  and i have the following error on tomcat:
  Registering secure RMI socket factory ...
  test client exception: java.rmi.ConnectIOException: error during JRMP connection
  establishment; nested exception is:
  javax.net.ssl.SSLHandshakeException: Couldn't find trusted certificate
  i think i must precise how to indicate the truststore like in the first case.
  help me please.
  hamdi

  Hi,
  Try doing the following steps.
  Assuming you have a certificate obtained
  Export the certificate into a .cer file.
  On IE, goto tools->internet options->content->certificates, and export to a .cer file.
  Using keytool of java import the certificate to the store that can be used doing the following command.
  keytool -import -alias <ailas> -file < .cer filename> -keystore <storename here>
  set the javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword properties at the command prompt using the command below.
  java -Djavax.net.ssl.trustStore=<storename> -Djavax.net.ssl.trustStorePassword=<password> <classname>
  Let me know if this helped.
  Also take a look at this link for using RMI with SSL
  http://java.sun.com/products/jdk/1.2/docs/guide/rmi/SSLInfo.html
  Regards,
  Roopasri Vittal
  Developer Technical Support
  Sun Microsystems
  http://sun.com/developers/support

• ICal managed client with SSL

  Hi folks,
  I already crawled the forum, inet and other sources but I still got no solution nor feasible workaround for a managed client to use iCal with SSL.
  My mac mini is on SL server 10.6.7 and I configure iCal in server admin to use SSL on port 8443 with a self-signed certificate.
  For address book this approach is working fine unfortunately it doesn't help with iCal.
  My managed client is setup after binding to the server with address book on SSL and iCal without SSL on port 8008.
  What the heck do I need to configure in order to get my managed clients setup automatically to iCal SSL?
  Please help me. I'm really desperate.
  Thanks,
  Manolo

  Can someone provide me with a hint?
  Always if I connect my network account to the SL server iCal is setup to use http on port 8008.
  thanks

• AD password sync with SSL

  Hello everyone
  The following note is in AD Password sync.connector documentation:
  Note: It is strongly recommended that you configure SSL
  communication between the connector and Oracle Identity Manager
  in your production environment.
  However, the configuration of secure client operation (using SSL at the
  server) affects all clients. This means that if you use SSL to secure
  Oracle Identity Manager communication with the connector, then the
  Oracle Identity Manager Design Console and any other custom clients
  must also communicate with Oracle Identity Manager using SSL.
  I've installed the connector and configured SSL and it is working fine. Design console can still connect to OIM without using SSL. What is this note all about?
  Thanks

  Because you have enabled both SSL and non-SSL port. Once you will disable the non-ssl (recommended in prod) you will not able to access the Design Console.
  I am struggling to use PassSync with SSL. I have two DCs and I imported the certificate on both DCs. Installed the PassSync Connector with Use SSL value to "Yes" and giving OIM SSL port and OIM host name. However, PassSync is not working and log is showing OIM is down. I tested the https url of OIM from both DCs and able to access from there. Do you have any idea what could be the cause?
  Thanks

• Oracle with SSL

  Hello,
  I'm trying to set up a testing environment to use Oracle with SSL. I would like to connect to the database using SSL (local naming with SSL), and create a globally identified user.
  I'm a beginner in this matter, so I am looking for some clues from more experienced people.
  I have 10.2 Enterprise Edition database running on Linux.
  I created a wallet in which I want to keep certificates. But for obvious reasons if I create a certificate, I can't register it in CA. Is Oracle offering any certificates for testing purposes? if yes, where could I find any?
  Thanks in advance,
  Aliq

  Hello, again.
  I think I did what was to do using both German article and documentation and in the end:
  I can connect on a server (Linux) to the instance
  I can't connect to the instance from client(WinXP),
  after sqlplus system/****@sorcl I get an error:
  ORA-28860: Fatal SSL error
  sqlnet.log says:
  Fatal NI connect error 28860, connecting to:
  (DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=192.168.122.60)(PORT=1562))(CONNECT_DATA=(SERVICE_NAME=orcl)(CID=(PROGRAM=C:\oracle\product\10.2.0\db_1\bin\sqlplus.exe)(HOST=myhost)(USER=aliq))))
  Tns error struct:
  ns main err code: 12560
  TNS-12560: TNS:protocol adapter error
  ns secondary err code: 0
  nt main err code: 28860
  TNS-28860: Message 28860 not found; product=NETWORK; facility=TNS
  Oracle error 1: 28860
  ORA-28860: Fatal SSL error
  nt secondary err code: 542
  nt OS err code: 0
  Any help, please?
  Aliq

• Problem POP with SSL for hosted domain !

  Hi Sun!
  With default domain, i can use POP with SSL but for hosted domain, I can't use POP with SSL and received a message +-ERR [AUTH] Authentication failed!+
  In file PopProxyAService.cfg on MMP server, I uncomment line default:HostedDomains yes but it's not work
  Please help me solve this problem!
  ./imsimta version
  Sun Java(tm) System Messaging Server 7u2-7.02 64bit (built Apr 16 2009)
  libimta.so 7u2-7.02 64bit (built 02:28:03, Apr 16 2009)
  Using /opt/sun/comms/messaging64/config/imta.cnf (compiled)
  SunOS SMSG 5.10 Generic_138889-08 i86pc i386 i86pc
  Thanks!

  I have found problem!
  Hosted domain that can not be used IMAPs and POPs because I have moved from other mail systems
  When I created another account on this hosted domain, this user can use POPs and IMAPs normal. But old users can't use POPs IMAPs
  I don't know why old users can't use POPs and IMAPs ?
  Error log in front-end MMP:
  [07/Apr/2010:08:37:15 +0700] SMSG PopProxy[8284]: General Notice: (id 1943) User [email protected] user access denied
  [07/Apr/2010:08:37:15 +0700] SMSG PopProxy[8284]: General Notice: (id 1943) badguy xx.xx.xx.xx now has 3 badness
  [07/Apr/2010:08:37:18 +0700] SMSG PopProxy[8284]: General Error: (id 1943) client socket IO error: Error 0 (0)

• I am getting the ssl error when trying to use launchpad on ssl, i can access adminui through ssl with no errors but launchpad says "unable to find valid certification path to requested target"

  Hi I desperately need help  to fix this error. I installed Adobe LCES4 with ssl enabled and i can access the adminui and workspace on the browser but he problem is when i try connecting to launchpad using https on the server even doing the simple thing like converting document to pdf throws the following error.
  any help will be appreciated
  DSC Invocation Resulted in Error: class com.adobe.idp.DocumentError : javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target : javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  thanks

  We tried adding certificate in trustore.jks file, but it was not successful.
  What error you are getting while importing the certificate?
  Just perform below steps once:
  Download required certificate first
  Run CMD as administrator> move to SUP_HOME\Servers\UnwiredServer\Repository\Security
  Paste this syntex.
  keytool -importcert -alias customerCA -file <certificatefilename>.crt -storepass changeit -keystore truststore.jks -trustcacerts

• OEL ldap client setup with SSL against OID using either ldaps or starttls

  Hi, I've got OID 11.1.1.1.0 running with SSL enabled on port 3132. It's running in mode 2, SSL Server Authentication mode (orclsslauthentication is set to 32). I'd like to setup my OEL 5.3 and Solaris 10 ldap clients to connect to OID using SSL for user authentication. I have everything already working on the non-SSL port (3060), but I need to switch over to SSL. So far I can't get it to work on either OEL or Solaris. Does anyone out there know how to configure the client to use SSL?
  Here's my /etc/ldap.conf file on OEL 5.3.
  timelimit 120
  bind_timelimit 120
  idle_timelimit 3600
  nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
  URI ldaps://FQDN:3132/
  port 3132
  ssl yes
  host FQDN
  base dc=DOMAIN,dc=com
  pam_password clear
  tls_cacertdir /etc/oracle-certs
  tls_cacertfile /etc/oracle-certs/oid-test-ca.pem
  tls_ciphers SSLv3
  # filter to AND with uid=%s
  pam_filter objectclass=posixaccount
  #The search scope
  scope sub
  I have /etc/nsswitch.conf set to check for files first, then ldap
  passwd: files ldap
  shadow: files ldap
  group: files ldap
  Here's my /etc/openldap/ldap.conf file
  URI ldaps://FQDN:3132/
  BASE dc=DOMAIN,dc=com
  TLS_CACERT /etc/openldap/cacerts/oid-test-ca.pem
  TLS_CACERTDIR /etc/openldap/cacerts
  TLS_REQCERT allow
  TLS_CIPHERS SSLv3
  The oid-test-ca.pem is a self-signed cert from the OID server. I also have the hash file configured.
  4224de9f.0 -> oid-test-ca.pem
  I can run ldapsearch using ldaps and it works fine.
  ldapsearch -v -d 1 -x -H ldaps://FQDN:3132 -b "dc=DOMAIN,dc=com" -D "cn=user,cn=users,dc=DOMAIN,dc=com" -w somepass -s sub objectclass=* | more
  But when I run the 'getent passwd' command, it only shows me my local user accounts and none of my ldap accounts. I also can't SSH in using a ldap account.
  Solaris 10 is actually a whole other beast...I'm using the native Solaris ldap client (not PADL based) and I don't think it even works with SSL unless you're using the default ports (389/636).
  Does anyone out there know how to setup the client-side for ldap authentication using SSL? Any tips, howto docs, or advice are appreciated. Thanks!

  Hello again...
  after some research and work together with Oracle Support I found out how to get it to work:
  1. You have to create your own ConfigSet in OID using
  SSL-Server-Authentication
  (OpenSSL seems not to support SSL-encryption-only).
  The following link shows on how to do that:
  http://otn.oracle.com/products/oid/oidhtml/oidqs/html_masters/a_port01.htm
  2. Add the following lines to your $HOME/ldaprc
  TLS_CACERT /home/frank/oid-caroot.pem
  TLS_REQCERT allow
  TLS_CIPHERS SSLv3
  ssl on
  tls_checkpeer no
  oid-caroot.pem is the CA-Root Certificate you got
  during step 1
  3. you should now be able to use ldapsearch using SSL
  If you still can't connect using SSL you may have run into another issue with OpenSSL which affects systems using OpenSSL version 0.9.6d and above. The problem seems to be caused by an security fix which may not be compliant with the SSL implementation of Oracle.
  I opened an Bug for that problem with RedHat. This Bug Description also includes an proposal for an Patch which solves the problem (but may introduce some security risks). See the Bug at RedHat:
  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123849
  Bye
  Frank Berger

• How to configure OC4J using RMI/IIOP with SSL

  Any help?
  I just mange configure the OC4J using RMI/IIOP but base on
  But when I follow further to use RMI/IIOP with SSL I face the problem with: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  p/s: I use self generate keystore which should be ok as I can use it for https connection.
  Any one can help?
  Below is the OC4J log:
  D:\oc4j\j2ee\home>java -Djavax.net.debug=all -DGenerateIIOP=true -Diiop.runtime.debug=true -jar oc4j.jar
  05/02/23 16:43:16 ================ IIOPServerExtensionProvider.preInitApplicationServer
  05/02/23 16:43:38 ================= IIOPServerExtensionProvider.postInitApplicationServer
  05/02/23 16:43:38 ================== config = {SEPS={IIOP={ssl-port=5556, port=5555, ssl=true, trusted-clients=*, ssl-client-server-auth-port=5557, keystore=D:\\oc4j\\j2ee\\home\\server.keystore, keystore-password=123456, truststore=D:\\oc4j\\j2ee\\home\\server.keystore, truststore-password=123456, ClassName=com.oracle.iiop.server.IIOPServerExtensionProvider, host=localhost}}}
  05/02/23 16:43:38 ================== server.getAttributes() = {threadPool=com.evermind.server.ApplicationServerThreadPool@968fda}
  05/02/23 16:43:38 ================== pool: null
  05/02/23 16:43:38 ====================== In startServer ...
  05/02/23 16:43:38 ==================== Creating an IIOPServer ...
  05/02/23 16:43:38 ========= IIOP server being initialized
  05/02/23 16:43:38 SSL port: 5556
  05/02/23 16:43:38 SSL port 2: 5557
  05/02/23 16:43:43 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): getEndpoint(IIOP_CLEAR_TEXT, 5555, null)
  05/02/23 16:43:43 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): createListener( socketType = IIOP_CLEAR_TEXT port = 5555 )
  05/02/23 16:43:44 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): getEndpoint(SSL, 5556, null)
  05/02/23 16:43:44 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): createListener( socketType = SSL port = 5556 )
  05/02/23 16:43:45 ***
  05/02/23 16:43:45 found key for : mykey
  05/02/23 16:43:45 chain [0] = [
  Version: V1
  Subject: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: SunJSSE RSA public key:
  public exponent:
  010001
  modulus:
  b1239fff 2ae5d31d b01a0cfb 1186bae0 bbc7ac41 94f24464 e92a7e33 6a5b0844
  109e30fb d24ad770 99b3ff86 bd96c705 56bf2e7a b3bb9d03 40fdcc0a c9bea9a1
  c21395a4 37d8b2ce ff00eb64 e22a6dd6 97578f92 29627229 462ebfee 061c99a4
  1c69b3a0 aea6a95b 7ed3fd89 f829f17e a9362efe ccf8034a 0910989a a8573305
  Validity: [From: Wed Feb 23 15:57:28 SGT 2005,
                 To: Tue May 24 15:57:28 SGT 2005]
  Issuer: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
  SerialNumber: [    421c3768]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 34 F4 FA D4 6F 23 7B 84 30 42 F3 5C 4B 5E 18 17 4...o#..0B.\K^..
  0010: 73 69 73 A6 BF 9A 5D C0 67 8D C3 56 DF A9 4A AC sis...].g..V..J.
  0020: 88 AF 24 28 C9 39 16 22 29 81 01 93 86 AA 1A 5D ..$(.9.")......]
  0030: 07 89 26 22 91 F0 8F DE E1 4A CF 17 9A 02 51 7D ..&".....J....Q.
  0040: 92 D3 6D 9B EF 5E C1 C6 66 F9 11 D4 EB 13 8F 17 ..m..^..f.......
  0050: E7 66 58 9F 6C B0 60 7C 39 B4 E0 B7 04 A7 7F A6 .fX.l.`.9.......
  0060: 4D A5 89 E7 F4 8A DC 59 B4 E7 A5 D4 0A 35 9A F1 M......Y.....5..
  0070: A2 CD 3A 04 D6 8F 16 B1 9E 6F 34 40 E8 C0 47 03 ..:[email protected].
  05/02/23 16:43:45 ***
  05/02/23 16:43:45 adding as trusted cert:
  05/02/23 16:43:45 Subject: CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
  05/02/23 16:43:45 Issuer: CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
  05/02/23 16:43:45 Algorithm: RSA; Serial number: 0x421c3779
  05/02/23 16:43:45 Valid from Wed Feb 23 15:57:45 SGT 2005 until Tue May 24 15:57:45 SGT 2005
  05/02/23 16:43:45 adding as trusted cert:
  05/02/23 16:43:45 Subject: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
  05/02/23 16:43:45 Issuer: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
  05/02/23 16:43:45 Algorithm: RSA; Serial number: 0x421c3768
  05/02/23 16:43:45 Valid from Wed Feb 23 15:57:28 SGT 2005 until Tue May 24 15:57:28 SGT 2005
  05/02/23 16:43:45 trigger seeding of SecureRandom
  05/02/23 16:43:45 done seeding SecureRandom
  05/02/23 16:43:45 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): getEndpoint(SSL_MUTUALAUTH, 5557, null)
  05/02/23 16:43:45 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): createListener( socketType = SSL_MUTUALAUTH port = 5557 )
  05/02/23 16:43:45 matching alias: mykey
  matching alias: mykey
  05/02/23 16:43:46 ORB created ..com.oracle.iiop.server.OC4JORB@65b738
  05/02/23 16:43:47 com.sun.corba.ee.internal.corba.ClientDelegate(Thread[Orion Launcher,5,main]): invoke(ClientRequest) called
  05/02/23 16:43:47 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): process: dispatching to scid 2
  05/02/23 16:43:47 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): dispatching to sc [email protected]7
  05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ClientDelegate(Thread[Orion Launcher,5,main]): invoke(ClientRequest) called
  05/02/23 16:43:48 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): process: dispatching to scid 2
  05/02/23 16:43:48 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): dispatching to sc com.sun.corba.ee.internal.corba.ServerDelegate@9300cc
  05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Entering dispatch method
  05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Consuming service contexts, GIOP version: 1.2
  05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Has code set context? false
  05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Dispatching to servant
  05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Handling invoke handler type servant
  05/02/23 16:43:48 NS service created and started ..org.omg.CosNaming._NamingContextExtStub:IOR:000000000000002b49444c3a6f6d672e6f72672f436f734e616d696e672f4e616d696e67436f6e746578744578743a312e30000000000001000000000000007c000102000000000c31302e312e3231342e31310015b3000000000031afabcb0000000020d309e06a0000000100000000000000010000000c4e616d65536572766963650000000004000000000a0000000000000100000001000000200000000000010001000000020501000100010020000101090000000100010100
  05/02/23 16:43:48 NS ior = ..IOR:000000000000002b49444c3a6f6d672e6f72672f436f734e616d696e672f4e616d696e67436f6e746578744578743a312e30000000000001000000000000007c000102000000000c31302e312e3231342e31310015b3000000000031afabcb0000000020d309e06a0000000100000000000000010000000c4e616d65536572766963650000000004000000000a0000000000000100000001000000200000000000010001000000020501000100010020000101090000000100010100
  05/02/23 16:43:48 Oracle Application Server Containers for J2EE 10g (9.0.4.0.0) initialized
  05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Listener,5,main]): Server getConnection(119e583[Unknown 0x0:0x0: Socket[addr=/127.0.0.1,port=1281,localport=5556]], SSL)
  05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Listener,5,main]): host = 127.0.0.1 port = 1281
  05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Listener,5,main]): Created connection Connection[type=SSL remote_host=127.0.0.1 remote_port=1281 state=ESTABLISHED]
  com.sun.corba.ee.internal.iiop.MessageMediator(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): Creating message from stream
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, SEND TLSv1 ALERT: fatal, description = unexpected_message
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, WRITE: TLSv1 Alert, length = 2
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeSocket()
  05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ReaderThread(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): IOException in createInputStream: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  05/02/23 16:45:14 javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA12275)
  05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA12275)
  05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.messages.MessageBase.readFully(MessageBase.java:520)
  05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.messages.MessageBase.createFromStream(MessageBase.java:58)
  05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.MessageMediator.processRequest(MessageMediator.java:110)
  05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.IIOPConnection.processInput(IIOPConnection.java:339)
  05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.ReaderThread.run(ReaderThread.java:63)
  05/02/23 16:45:14 Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.InputRecord.b(DashoA12275)
  05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA12275)
  05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
  05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
  05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
  05/02/23 16:45:14 ... 6 more
  05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.IIOPConnection(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): purge_calls: starting: code = 1398079696 die = true
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called close()
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeInternal(true)
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called close()
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeInternal(true)
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called close()
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeInternal(true)
  05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): DeleteConn called: host = 127.0.0.1 port = 1281

  Good point, I do belive what you are referring to is this:
  Any client, whether running inside a server or not, has EJB security properties. Table 15-2 lists the EJB client security properties controlled by the ejb_sec.properties file. By default, OC4J searches for this file in the current directory when running as a client, or in ORACLE_HOME/j2ee/home/config when running in the server. You can specify the location of this file explicitly with the system property setting -Dejb_sec_properties_location=pathname.
  Table 15-2 EJB Client Security Properties
  Property Meaning
  # oc4j.iiop.keyStoreLoc
  The path and name of the keystore. An absolute path is recommended.
  # oc4j.iiop.keyStorePass
  The password for the keystore.
  # oc4j.iiop.trustStoreLoc
  The path name and name of the truststore. An absolute path is recommended.
  # oc4j.iiop.trustStorePass
  The password for the truststore.
  # oc4j.iiop.enable.clientauth
  Whether the client supports client-side authentication. If this property is set to true, you must specify a keystore location and password.
  # oc4j.iiop.ciphersuites
  Which cipher suites are to be enabled. The valid cipher suites are:
  TLS_RSA_WITH_RC4_128_MD5
  SSL_RSA_WITH_RC4_128_MD5
  TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  TLS_RSA_EXPORT_WITH_RC4_40_MD5
  SSL_RSA_EXPORT_WITH_RC4_40_MD5
  TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
  SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
  nameservice.useSSL
  Whether to use SSL when making the initial connection to the server.
  client.sendpassword
  Whether to send user name and password in clear form (unencrypted) in the service context when not using SSL. If this property is set to true, the user name and password are sent only to servers listed in the trustedServer list.
  oc4j.iiop.trustedServers
  A list of servers that can be trusted to receive passwords sent in clear form. This has no effect if client.sendpassword is set to false. The list is comma-delimited. Each entry in the list can be an IP address, a host name, a host name pattern (for example, *.example.com), or * (where "*" alone means that all servers are trusted.

• LDAP setup with SSL - Can't use tls auth type

  I'm trying to configure Solaris 10 to use ldap against my OpenLDAP server with SSL but whenever I try to set the authentication as tls:simple, it gives me an error :
  # ldapclient mod -a authenticationMethod=tls:simple
  Cannot specify LDAP port with tls
  # ldapclient mod -a authenticationMethod=tls
  Unable to set value: invalid authenticationMethod (tls)
  Any ideas how to get this to work - I can do an ldapsearch if I supply a -H ldaps://ldapserver:636 so my certs in /var/ldap are good.
  NS_LDAP_FILE_VERSION= 2.0
  NS_LDAP_BINDDN= cn=srv_login,ou=LDAPusers,dc=unix_srv,dc=energy.ge.com
  NS_LDAP_BINDPASSWD= {NS1}c53708877bc6
  NS_LDAP_SERVERS= 10.10.1.14:636
  NS_LDAP_SEARCH_BASEDN= dc=unix_srv,dc=energy.ge.com
  NS_LDAP_SEARCH_REF= FALSE
  NS_LDAP_SERVER_PREF= 10.10.1.14:636
  NS_LDAP_CACHETTL= 0
  NS_LDAP_CREDENTIAL_LEVEL= proxy
  NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=unix_srv,dc=energy.ge.com?sub
  NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=unix_srv,dc=energy.ge.com?sub
  NS_LDAP_SERVICE_SEARCH_DESC= group:ou=Group,dc=unix_srv,dc=energy.ge.com?one
  Thanks,
  Jay

  When using TLS you have to specify the FQN for the LDAP server and the port is ALWAYS 636.
  Also, you need to setup up your client to use FQN as well (/etc/hosts).

• I can't set up gmail in my iPad 2. Keep on saying ' can't connect with SSL and ask me whether to connect without using SSL, then I press 'yes' and it said again IMAP is not working and tell me to see network connection and incoming mail server.

  I can't set up gmail in my iPad 2. Keep on saying ' can't connect with SSL and ask me whether to connect without using SSL, then I press 'yes' and it said again IMAP is not working and tell me to see network connection and incoming mail server. No idea how to do anymore. Already tried to figure out. But not work. Can anyone pls help me?

  Nope, doesn't pass verification. I get the spinner for a minute or so, then the alert about setting it up without SSL. Are you suggesting I disable Fetch and Push BEFORE I enter the account details? Because I never get past the account details screen, unless I choose "Set up without SSL" after the warning.