ZCM 11.2 Second Primary - SSL Configuration

Primary Server 11.2.4MU1 on OES 11SP2 - Running ZCM11.2.4MU1 / DSFW / DNS
I am attempting to bring up a Second Primary Server. Maybe I am miss reading the documentation, however Each time I attempt the setup and bring the second primary into the "Existing" zone I give it the DNS / IP of the server, the correct Port - 444 In this case, and user / password. It authenticates fine, asks me to import the CA / MGMT Zone Cert. I click yes. Then I am taken to the SSL Configuration page.
From my reading I believe I should not be taken to this page.... I believe this should only be done if its a new server as the secondary should import and use the primary?
Currently my Plan was to bring up a secondary Primary and look at doing a DB / Content Migration, as I can not upgrade the current 11.2.4MU1 to 11.3 as install on OES is not supported (any longer).
I could be a bit discombobulated....
Thanks
Patrick

Never mind.....I forgot about the CSR / Cert generation part of the Zenworks setup...

Similar Messages

ZCM 11.2 new primary server - How do I

Hi,
We currently have a ZCM 11.2 install sitting on a Windows Server 2003 32bit. I have a new server running Windows 2008 64bit which I want to move the ZCM install to. I have looked at the various disaster recover scenarios as provided by novells documentation 11.2 disaster recovery reference but dont see in "replacing the primary server with a secondary server" a supported option of going from Windows server 2003 32bit to Windows server 2008 64bit.
I see this is supported in the replacing primary with a new server (eg same IP etc) but this is not the scenario I wish to follow.
Is my direction to simply install another copy of 11.2 as a secondary primary? on my 2008 64bit, go into existing management zone, follow the directions in the above reference doc in section 2.1.
I am wondering though with the secondary primary (2008 64bit) how do I go about moving the internal sybase from the old primary across to the new secondary. It has a reference to how to move the internal to and external sybase but I want the secondary primary (which will be the new primary) to have an internal sybase database like the old primary.
Any help appreciated.

Yes, that would Be ideal as it was / is my primary DSFW onsite & DNS. So the new ZCM Box would have a different name & IP.
My thought was bring up a Second Primary in the exiting ZONE. Get it functioning / updated. (That's been an issue as well, but that will be another thread). Look at doing a DB /Content migration to the new server and shutting down the ZCM services on the old...I am sure I am missing some stuff....
What other options do we have? I am all ears....I am assuming you / we can not do the "Import/Upgrade" routine to the OVA.
Originally Posted by CRAIGDWILSON
Will the OES Box Stay in production?
If so, you will need to rename and change the IP address of one of them.
We can think through different options.
On 8/28/2014 7:16 PM, MCCFL MLA wrote:
>
> clarja;2320238 Wrote:
>> Thanks Anders that would be appreciated.
>>
>> I may have to rethink how I`m going about this, possibly virtualise the
>> server I am thinking of replacing and taking on the same name and IP as
>> the existing ZCM primary.
>
> Where did you shake out with this? I have a similar scenario, as I have
> a single Primary 11.2.4MU1 install on a OES11SP2 / SLES11SP3 box with
> DSFW. But now keeping ZCM on an OES box is not supported... So what I
> would like to do is bring up another server Possibly a Secondary Primary
> (VM - OVA) patch to the equivalent level and then somehow
> transfer.....the role as primary and remove the original.....
>
>
Going to Brainshare 2014?
http://www.brainshare.com
Use Registration Code "nvlcwilson" for $300 off!
Craig Wilson - MCNE, MCSE, CCNA
Novell Technical Support Engineer
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.

Second Primary Server

Last week I setup a second primary server for redundancy. Everything seemed to work well so I left it alone for several days so everything could sync up. I started getting calls that Vista / 7 logins were very slow, users would press CTRL-ALT-DEL to login and get a blank screen for a few mins before logging in. Once logged in life was good. I checked DNS and everything looked OK both ways. I removed Zen from that server and had a lab of 40 machines refresh then reboot. The problem was gone. Any thoughts on what could cause this?
It's Zen 10.3.3 on a 2008R2 server (both were)
MSSQL 2005 Enterprise for the DB
Thanks for any input!

Thanks for getting back to me guys. It was just a plain install of Zen selecting an exsisting domain and running through the wizard. It placed the server in the servers list in the configuration console. I did not notice if it was hammering the SQL server or not - however about 1/2 of the machines were working perfectly. Would there be any logs I can check anywhere?
Thanks again!
Originally Posted by craig_wilson
Did you change any Closest Server Rules to place this Server 1st in the
list? If so, then it could have been the issue below. If not, I would
suspect that most devices were not even hitting this server. I would
wonder if somehow the 2nd server hitting the DB very hard for some
reasons and causing DB performance issues.
Did you install ZRS or something else on that server?
On 2/1/2012 5:46 AM, nop1983 wrote:
>
> Is it just ZENworks that's slow to login?
>
> Could be a problem with the new server not able to make the
> authenticate request or something like that.
>
> ddevore9;2172176 Wrote:
>> Last week I setup a second primary server for redundancy. Everything
>> seemed to work well so I left it alone for several days so everything
>> could sync up. I started getting calls that Vista / 7 logins were very
>> slow, users would press CTRL-ALT-DEL to login and get a blank screen for
>> a few mins before logging in. Once logged in life was good. I checked
>> DNS and everything looked OK both ways. I removed Zen from that server
>> and had a lab of 40 machines refresh then reboot. The problem was gone.
>> Any thoughts on what could cause this?
>>
>> It's Zen 10.3.3 on a 2008R2 server (both were)
>> MSSQL 2005 Enterprise for the DB
>>
>> Thanks for any input!
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.

Need some hel in SSL Configuration in R12

Hi All,
I am facing challenges in configuring SSL in R12. I am not able to get bigger picture of the SSL Configuration. If any body does this before please share you knowledge
Thanks in Advance.
Reddy

Hi Hussein
The below are the steps I am trying to implement.
Section 3 : Middle Tier Setup
The default location for the wallet in Release 12 is $INST_TOP/certs/Apache. This directory contains a wallet with demo certificates. If you wish to use these certificates for testing start with Step 8 below to configure SSL
Decided to test the application with demo certificates.
Step 8: Update the Context File.
Updated the context file as per the recommendations.
Step 9 - Run Autoconfig
Finished
Section 4: Database Tier Setup
Here I got confused. Whether to proceed or not ?
Thanks
Reddy

PI 7.31 Dual Stack SSL configuration

HI Gurus,
I have a quick query, I am configuring SSL on my PI 7.31 systems.
I have checked all the standard guides and forums but I have one doubt.
Q1 - Is it necessary to configure SSL both in ABAP and JAVA side ?
Q2 - If I just configure SSL in STRUSTSSO2 in ABAP , will it be more than enough ?
Q3 - In what cases do we need to configure SSL in JAVA side ? And does configuring SSL in JAVA mandatory require sapcryptolib files ?
Please share your views.
Cheers, SG

I want to understand is it necessary to configure SSL in both ABAP and JAVA in case of dual stack PI ?
>>> Please refer to Huseyin's comments in the below thread..
PI 7.3 Dual Stack SSL configuration
In what cases do we use JAVA SSL in Dual stack system ?
>>> AFAIK - when you use http_aae adapter/soap with https then you should configure the SSL on java stack.

Syclo Work Manager 6.1 SSL Configurations

Hello Experts,
We have an "Communicaiton Error 14" on Device and ATE. I have worked on WM 5.2 and 6.0 and aware of the SSL configurations. I have Generated a Self Signed Certificate and a PFX file using OpenSSL. Now, with SMP 3.0 SP03 we are not able to find how to configure the Agentry.ini and where to copy the .sst file.
Can someone help us understand on how to make this work??? Is there a workaround for HTTP communication without SSL and any document on this which can help.
Is SSL/pfx mandatory to have in 6.1 while testing with ATE?
Regards,
Sarika

Hi Stephen,
Yes, I have to change the FDQN name to IP to work with Management console, only I will get logon screen. Similarly I have tried to do the same in ATE & WPF client.
in Management Console, while have FDQN in URL,
https://jilan.wirelessap:8083/Admin/
the error is below. But when I change to IP it works.
This page can't be displayed
Make sure the web address https://jilan.wirelessap:8083 is correct.
Look for the page with your search engine.
Refresh the page in a few minutes.
Make sure TLS and SSL protocols are enabled. Go to Tools > Internet Options > Advanced > Settings > Security
Similarly, in WPF/ATE, if FDQN is in URL, I get the Communication Error(14).
Requesting Public Key from Server
Communications error (14)
Connection failed
Ending transmission
Is any mapping needed in my laptop between FDQN to IP address?
Thanks,
Jilan

Changing SSL configuration on MedRec

Hi,
We are developing a custom Auditing Provider for WLS. Our provider needs to communicate via https to a remote system, and thus we need to configure SSL in order to use the correct client certificate and trust the remote server's.
We are using the sample MedRec application bundled with WLS for testing purposes, but no matter what, we do not seem to be able to change the SSL configuration. We went to Home -> Servers -> MedRecServer(Admin) -> Configuration in the console, and then
* Keystores
* Custom Identity and Custom Trust + configure all the keystores pointing to our jks files
* SSL: point to our alias
But, when restarting the server, we see the following:
<Mar 6, 2007 11:45:21 AM CET> <Notice> <Security> <BEA-090169> <Loading trusted
certificates from the jks keystore file C:\dev\bea\WEBLOG~1\server\lib\DemoTrust
.jks.>Which seems to indicate that somehow MedRecServer is not acknowledging our configuration changes.
Our WL_HOME\samples\domains\medrec\config\config.xml looks like this:
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/security/extension http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/90/security/xacml http://www.bea.com/ns/weblogic/90/security/xacml.xsd http://www.bea.com/ns/weblogic/90/security http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/920/domain http://www.bea.com/ns/weblogic/920/domain.xsd http://www.bea.com/ns/weblogic/90/security/wls http://www.bea.com/ns/weblogic/90/security/wls.xsd">
<name>medrec</name>
<domain-version>9.2.0.0</domain-version>
<security-configuration>
    <name>medrec</name>
    <realm>
      <sec:auditor xmlns:ext="http://www.bea.com/ns/weblogic/90/security/extension" xsi:type="ext:secure-auditorType">
        <sec:name>Foo</sec:name>
        <ext:identifier>Test</ext:identifier>
        <ext:bea-audit-log-service-uri>hessian:https://it-sdm-nb:8443/ksuite/remoting/BEAAuditLogService-hessian</ext:bea-audit-log-service-uri>
      </sec:auditor>
      <sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
      <sec:authentication-provider xsi:type="wls:default-identity-asserterType">
        <sec:active-type>AuthenticatedUser</sec:active-type>
      </sec:authentication-provider>
      <sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
      <sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
      <sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
      <sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
      <sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
      <sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
      <sec:name>myrealm</sec:name>
    </realm>
    <default-realm>myrealm</default-realm>
    <credential-encrypted>{3DES}I/3L8IhJVe+jq1vzXAXHODsFazm8NGROsfPVAaunGasgxJ6u41gpHbMAqA4pZSr2u1CWgoxiHR6z895y9Or+CDwkCmqAxJBq</credential-encrypted>
    <node-manager-username>weblogic</node-manager-username>
    <node-manager-password-encrypted>{3DES}HMxdWFl3juTr6BufJFg6WQ==</node-manager-password-encrypted>
</security-configuration>
<server>
    <name>MedRecServer</name>
    <ssl>
      <name>MedRecServer</name>
      <enabled>true</enabled>
      <listen-port>7012</listen-port>
      <server-private-key-alias>auditor</server-private-key-alias>
      <server-private-key-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</server-private-key-pass-phrase-encrypted>
    </ssl>
    <listen-port>7011</listen-port>
    <listen-address></listen-address>
    <key-stores>CustomIdentityAndCustomTrust</key-stores>
    <custom-identity-key-store-file-name>C:\dev\bea\weblogic92\server\lib\tomcat.keystore</custom-identity-key-store-file-name>
    <custom-identity-key-store-type>jks</custom-identity-key-store-type>
    <custom-identity-key-store-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</custom-identity-key-store-pass-phrase-encrypted>
    <custom-trust-key-store-file-name>C:\dev\bea\weblogic92\server\lib\tomcat.keystore</custom-trust-key-store-file-name>
    <custom-trust-key-store-type>jks</custom-trust-key-store-type>
    <custom-trust-key-store-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</custom-trust-key-store-pass-phrase-encrypted>
</server>
<embedded-ldap>
    <name>medrec</name>
    <credential-encrypted>{3DES}W+XDJAixeMZcbdmRm/jIF8u8ZMzBMLyGQpcjb1lWzlM=</credential-encrypted>
</embedded-ldap>
<configuration-version>9.2.0.0</configuration-version>
<admin-server-name>MedRecServer</admin-server-name>
</domain>You can see our Auditor provider configuration and the custom identity and trust sections, which look right.
I'm wondering if somehow the demo application is special in any way, or if we are missing some step to change the identity and trust configuration. Any ideas? Any further investigation clues?
Kind regards,
Alex

OK, we have been reading this:
http://e-docs.bea.com/wls/docs81/security/SSL_client.html
, so I think I need to make a few clarifications.
Our Auditing Provider communicates remotely with another system using remoting libraries (in this case, the Hessian library), which open SSL connections in the "usual JDK manner". In fact, when handshaking, we see a failure that has a stack trace like the following:
<Mar 6, 2007 3:59:36 PM CET> <Debug> <SecuritySSL> <000000> <Exception during ha
ndshake, stack trace follows
java.net.SocketException: socket write error: Connection aborted by peer
        at jrockit.net.SocketNativeIO.socketWrite(Ljava.io.FileDescriptor;[BII)V
(Unknown Source)
        at java.net.SocketOutputStream.socketWrite0(Ljava.io.FileDescriptor;[BII
)V(SocketOutputStream.java:???)
        at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
        at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
        at com.certicom.io.OutputSSLIOStream.write([BII)I(Unknown Source)
        at com.certicom.tls.record.WriteHandler.flushOutput()I(Unknown Source)
        at com.certicom.tls.record.handshake.HandshakeHandler.flush()V(Unknown S
ource)
        at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.hand
le(Lcom.certicom.tls.record.handshake.HandshakeMessage;)V(Unknown Source)
        at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Lcom.certicom.tls.record.handshake.HandshakeMessage;)V(Unknown Source)
        at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages([BILcom.certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
        at com.certicom.tls.record.MessageInterpreter.interpretContent([BIILcom.
certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
        at com.certicom.tls.record.MessageInterpreter.decryptMessage(II[BIILcom.
certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
        at com.certicom.tls.record.ReadHandler.processRecord()I(Unknown Source)
        at com.certicom.tls.record.ReadHandler.readRecord()I(Unknown Source)
        at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete()V(Unk
nown Source)
        at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake()V
(Unknown Source)
        at com.certicom.tls.record.WriteHandler.write([BII)I(Unknown Source)
        at com.certicom.io.OutputSSLIOStreamWrapper.write([BII)V(Unknown Source)
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65
        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
        at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
        at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.j
ava:142)
        at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.
java:344)
        at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLC
onnection.java:32)
        at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection
.java:935)
        at com.caucho.hessian.client.HessianProxy.invoke(Ljava.lang.Object;Ljava
.lang.reflect.Method;[Ljava.lang.Object;)Ljava.lang.Object;(HessianProxy.java:??
        at $Proxy0.startup(JLjava.lang.String;Ljava.lang.String;)V(Unknown Sourc
e)
        at com.kroopier.bea.sap.utils.BeaAuditLogServiceSSLWrapper.startup(BeaAu
ditLogServiceSSLWrapper.java:43)
[/pre]
I guess that the Hessian library opens up a connection, actually using these certicom classes and not the usual https ssl client classes and then I should configure client certificates accordingly in the Certicom thing, but I'm unsure how to do that.
Any ideas?
Alex

Analyze link generated by Portal not working after SSL Configuration

Hi,
We've installed OracleAS Portal 10.1.4 and Oracle Discoverer Version 10.1.2.48.18 on the same machine. We recently configured SSL on OracleAS Portal for SSO server only. Discoverer was not SSO enabled.
Now after successful SSL configuration we are facing one problem. The Analyze link that is generated by Portal to analyze the worksheet in Single Worksheet Viewer is no longer working. when we click on the analyze link we get the "HTTP 500 Internal Server Error" and a message that Page cannot be displayed.
Please advise...

Hi Andrew
It sounds like you need to enable SSO for Discoverer too.
Best wishes
Michael

Minimal 9iASR2 SSL configuration to encrypt password

I have been asked to research SSL configuration for a client. The environment is 9iAS Release 2 (one Linux infrastructure server and one Linux mid-tier server). The client wants to determine and implement the minimal solution for the following requirement: for a custom JSP login page for Portal (same flavor as explained in the SSO Admin Guide), encrypt the password when a user logs in. They would prefer not to have to alter communication channels between 9iAS components unless it is absolutely necessary. I have found an assortment of how-to documents which explain an assortment of configuration options. Unfortunately, I still do not understand which security goals the configurations meet. Can any 9iAS configuration gurus provide some guidance about meeting this requirement?
Here are some of the reference docs I referred to:
http://portalcenter.oracle.com/pls/ops/docs/FOLDER/COMMUNITY/INTERNALPRODDEVFOLDER/TECHREADINESS/ARCHIINFRA/SECURITY/SETUPSSL/HOW%20TO%20SET%20UP%20SSL%20(9.0.2).HTML
MetaLink note 216126.1
MetaLink note 223120.1

One option maybe the following :
- Create a file holding the encrpyted username/password on the application server side (in the working directory of your oracle forms application)
- As a parameter, pass the name of your file to the form
- when the form is getting called, read the name file in (TEXT_IO) and use the logon built-in with the value from the password file
How to create an encrpyted file :
- use the obfuscation toolkit to encrypt username/password@instance into a varchar2
- write this value to a file using oracle forms (TEXT_IO)
FUNCTION f_encrypt_string(p_key IN VARCHAR2)
RETURN VARCHAR2 IS v_encrypt_string VARCHAR2(2000) := 'N/A';
l_data VARCHAR2(2000);
BEGIN
-- if neccessary create a text where the length of the string
-- is diviteable by 8 (which is a requirement of dbms_obfuscation_toolkit)
l_data := RPAD(p_key, (TRUNC(LENGTH(p_key)/8)+1)*8, CHR(0));
DBMS_OBFUSCATION_TOOLKIT.DESEncrypt(input_string => l_data,
key_string => 'MagicKey',
encrypted_string=> v_encrypt_string);
RETURN (v_encrypt_string);
END;
Edited by: user434854 on Apr 8, 2009 5:17 AM

OIM11gR2 AD Connector SSL Configuration

Hi,
Can anyone provide me the steps to configure SSL between OIM - Connector Server - Active Directory ?
We followed the steps provided in the AD Connector guide, but that does not seem to work. In the connector server logs, we see "SystemNotSupportedException: The certificate should be associated with private key". The steps we did were:
1. Exported root certificate from AD Server
2. Create sslstore on Conector server and updated connectorserver.exe.config file
3. Enabled SSL in Connector Server ITResource.
If you were succesfull configuring SSL, Please provide us the steps for the same.
Thanks,
Hrushi

Hi GP/PK,
Does that mean the trust certificate of AD is used for SSL configuration between OIM and Connector Server ?? I am not sure how this is gonna work. However, I have followed the steps in sections 2.3.2.2 to 2.3.2.4 in the link provided by you, but still I get the error posted earlier.
Could you please list the steps for SSL configuration ???
Also, Could you point me to the document which says Connector Server uses internal SSL to communicate to AD.
Also, In our environment, connector server is installed on seperate machine and not on machine where AD is running.
Thanks,
Hrushi
Edited by: 920194 on Sep 10, 2012 11:57 PM
Edited by: 920194 on Sep 10, 2012 11:59 PM

SSL configuration on oracle 10g realease 3 web server

what all are the changes should i do
in ssl.conf,httpd.conf,opmn.xml
to enable ssl.
i have clustered one web server and one application server
i have the authorized trusted certificate from CA.

SSL configuration on oracle 10g webserver release 3

Second primary server : something to do on the workstations?

Hi,
I have installed a second primary server in the zone, and this server has been moved up in the list of closest server default rules.
I am about to follow the "Replacing the First Primary Server with the Second Primary Server" procedure. The plan is to decommission the older server.
However I have a concern about the workstations. The agent on them has been installed from the first primary server, so is there something to do on the workstations so that they will stop connecting to the server from which the agent was installed?
Another point: both servers are using an external CA, so I guess I don't have to do the "Export the Certificate Authority role" part?
Thanks,
Marc Delisle

There is nothing you "have to do".
A "zac retr" could be useful, but hard to script.
In short, if a device ever stops talking to the zone because something
goes wrong, it will use the details in the "initial-web-service" file to
recontact the zone. The details in this file are for the server from
which the agent was installed.
On 3/25/2013 11:56 AM, lem9 wrote:
>
> Hi,
>
> I have installed a second primary server in the zone, and this server
> has been moved up in the list of closest server default rules.
>
> I am about to follow the "Replacing the First Primary Server with the
> Second Primary Server" procedure. The plan is to decommission the older
> server.
>
> However I have a concern about the workstations. The agent on them has
> been installed from the first primary server, so is there something to
> do on the workstations so that they will stop connecting to the server
> from which the agent was installed?
>
> Another point: both servers are using an external CA, so I guess I
> don't have to do the "Export the Certificate Authority role" part?
>
> Thanks,
> Marc Delisle
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.

Lion SSL configuration

I am using Lion os on a Mac Book Pro. I have installed MySQL and I use the default mac Apache server. I have tried to config SSL in Apache. I have read many posts on the internet and tried many of them and followed their instructions step by step, but the SSL doesn't work on Lion.
Any idea how to config Apache SSL?

Hua,
make sure that the entry under the alias is a key entry, not the trusted CA certificate
entry.
Pavel.
"Hua Cao" <[email protected]> wrote:
>
Hi, Wajid,
I have similar problems but it is with 8.1
The bea server says 'no key/identity found in the key store file'. I
checked the
keystore using keytool. The specified alias is there for sure.
If you find a solution, please share it with me ([email protected]).
Thanks.
Hua
"Wajid" <[email protected]> wrote:
While doing ssl configuration in importprivatekey utility iam gettin
following
error
D:\bea\user_projects\mydomain>java utils.ImportPrivateKey d:\bea\users_projects\
mydomain\mykeystore.jks null myalias myphrase myCert.pem upendra-key.pem
Keystore file not found, creating it
java.security.KeyManagementException: ASN.1: Lengths longer than 32bits
are not
supported
at com.certicom.security.cert.internal.x509.SSLPlusSupport.getLocalIdent
ityPartial(Unknown Source)
at com.certicom.net.ssl.CerticomContextWrapper.inputPrivateKey(Unknown
S
ource)
at utils.ImportPrivateKey.importKey(ImportPrivateKey.java:57)
at utils.ImportPrivateKey.main(ImportPrivateKey.java:24)
Please help

How to recover from a lost trust relationship (or zone configuration) between the linux ZCM agent to the Primary Zone server running on the same machine?

I have tried:
zac retr, which fails as it says there is no zone to which this agent
is connected
zac reg, which fails because of error 34 Invalid device authentication
information
zac rereg GUID, which fails because of missing zone (as zac retr)
zac unr, which fails because of the same error.
zac ci shows the correct certificates
almost everything is working except registration refresh and location
refresh.
What to do in this situation?
ZCM 11.2 with latest update (Monthly update 1)
W. Prindl

This was yesterday resolved by NTS - you see the "quick" resolution
time of NTS if you subtract the date of the initial post from the date
of this post - with an absolutely simple trick, which obviously nobody
did know of. The support engineer got it from the developer team.
There is a switch in the
/opt/novell/zenworks/share/tomcat/webapps/zenworks-registration/WEB-INF/
config.xml configuration file, with which you can switch authentication
off for device registration.
You just need to add <Authenticate>false<\Authenticate> into the only
configuration this file contains.
This suppresses the error 34 on device registration and the device gets
registered correctly upon restart of the zenworks suite. After this is
done one can change back the above mentioned file to the original state
and restart the zenworks suite again.
The solution was really easy to deploy - the time till this resolution
was found was IMO too long.
W. Prindl
W_ Prindl wrote:
>I have tried:
>
>zac retr, which fails as it says there is no zone to which this agent
>is connected
>
>zac reg, which fails because of error 34 Invalid device authentication
>information
>
>zac rereg GUID, which fails because of missing zone (as zac retr)
>
>zac unr, which fails because of the same error.
>
>zac ci shows the correct certificates
>
>almost everything is working except registration refresh and location
>refresh.
>
>What to do in this situation?
>
>ZCM 11.2 with latest update (Monthly update 1)

BOE ssl configuration

Hello,
I'm working on migrating our BOE XI R2 to BOE 3.1 SP2 on a new server (windows).
Before we were using iis and ssl setting was easy. Now on tomcat I'm having problems.
I'm not creating a new certificate I want to use a special one created for our domain from a 3rd party cert authority.
I don't know much about certificates.
so I have domain.cer domain.der domain.key domain.pem domain.pfx password.txt trustedcer.crt (root ceritiificate) files in d:\ssl folder.
From CCM I check the "enable the ssl"
and I try to fill below
SSL certificates folder=d:\ssl
server ssl certificate file=domain.cer
SSL trusted certificates file=trustedcer.crt
SSL private key file=domain.key
SSL private key passphrase file=password.txt
in tomcat configuration I use the same pattern.
Do I have to convert cer files to der.
Why this combination is not working how can I set the ssl.
Thank you

If yoour users are using the browser and no thick clients then it is all about configuring Tomcat for SSL. You can find plenty information about this in Internet or here https://css.wdf.sap.corp/sap/support/notes/1299147.
Regards,
Stratos

ZCM 11.2 Second Primary - SSL Configuration

Similar Messages

Maybe you are looking for