Using OC4J keystore VS Verisign SSL

Hello

I expose a web service Java over HTTPS. It will be used by a third party service that does not use any Oracle server. I deploy my Java on Oracle SOA Suite 10.1.3.4 webservice.

Reading some documents as https://docs.oracle.com/cd/E16439_01/doc.1013/e13977/configssl.htm , I realized that we can generate a pair of public-private key on the server. The public key will be shared with third-party applications so that it can consume our service.

Now my question is the keys that I generate from the server, is intended to be consumed by any web service or services deployed on Oracle servers only? Or it is recommended to opt for the implementation of SSL by Verisign. Thawte, etc.

Kind regards

Arindam

Hi Arindam,

Your Web service can be consumed by any third-party application as long as they have the SSL certificate and the public key deployed on any server.

As a normal practice, you create a CSR (certificate signing request) and have it signed by a third party (such as versign etc.) Security Agency and then you finish by using the certificate signed back. Then you share that certificate with the webservice of third party to import the certificate to the keystore.

But to test the object, you can use free self-signed certificates.

Tags: Fusion Middleware

Similar Questions

  • I use Live Mail client and SSL, but I can't recover the messages in my subfolders in my Hotmail account, how can I do this?

    I use Live Mail client and SSL, but I can't recover the messages in my subfolders in my Hotmail account, how can I do this? I can use a web browser to display, but Live Mail client only update the subfolders, only the Inbox.

    View all Windows Live and Hotmail questions in the appropriate forum found here:
    http://windowslivehelp.com/

  • CFHTTP or webservice to Verisign SSL

    I tried many things on getting this work, and I come to the same conclusion at each end... IT simply doesn't get it.

    If I try to connect to a site using SSL with CFHTTP or via cfinvoke, I get a result like this:

    struct
    Charset [empty string]
    ErrorDetail I/O Exception: peer not authenticated
    FileContent connection failure
    Header [empty string]
    MimeType unable to determine the MIME type of the file.
    ResponseHeader struct [empty]

    StatusCode connection failure. Not available status code.
    Text YES

    In my case, I try to connect to a Verisign Class 3 certificate. I went to verisign, downloaded the current intermediate certificates, install them using the keytool utility, rebooted my machine, re-tested, did not work. I have installed the keys through MMC in windows, did not work. I also tested with Godaddy ssl key... does not always work. I have read just about every post in the forums about this, and none of them never seemed to have the problem resolved. I have a box with 7 and 8.01 and I've tried it on both boxes, and none of them had set. My installation 8.01 running jvm 1.6, which was supposed to have this fixed number... I am at a loss here...

    Has anyone fixed this problem?

    Surprisingly, I found the snipped below on livedocs.

    Please note that I was on my own dedicated server Windows to which I had access command prompt, so that I could perform the commands below. It's the only thing that worked for me.

    http://livedocs.Adobe.com/ColdFusion/8/htmldocs/help.HTML?content=Tags_g-h_09.html

    Manually import a certificate

    Go to a page on the SSL server in question.
    Double-click the lock icon.
    Click the Details tab.
    Click on copy to a file.
    Select the base64 option and save the file.
    Copy the REB in C:\CFusionMX7\runtime\jre\lib\security (or if it uses ColdFusion JRE).
    Run the following command in the same directory (keytool.exe is located in C:\CFusionMX7\runtime\jre\bin):
    keytool-import - keystore cacerts-alias giveUniqueName-file NomFichier.cer

  • Use of keyStores (.jks) by default in production of WLS

    Hi all

    I need confirmation on the use of default keystore (.jks) on the web logical servers 10.3.5 running in PRODUCTION Mode?

    I configured the file demo - trust.jks and demo - identity.jks by logical web server that runs on the mode of production, but the link below says we should not use the demoidentity.jks and demotrust.jks file in the default key stores and Production of trial only.

    In general, the mode of production requires you to configure additional security features.

    For info... http://oracle-solutions.com/en/configuration-ssl-weblogic-server/

    FYI, some of the major logical webserver journal entries:

    -The system is vulnerable to security attacks, because he trusts of certificates signed by the CA trust demo.

    -BEA-000330 > < started WebLogic Server managed by "bi_server1" for the domain "bifoundation_domain" running in Production Mode >.

    -WARNING: DOMAINS\BIFOUNDATION_DOMAIN\SERVERS\BI_SERVER1\TMP\_WL_USER\ORACLE.APPLCORE.MODEL\VY4GK6/META-INF/APPLICATION.XML. A version attribute is required, but this version of the Weblogic Server will assume that the JEE5 is used. Future versions of the Weblogic Server will reject the descriptors that do not specify the JEE version. >

    Basically, we are trying to implement SSO between OBIEE11g and j2e request to WLS 10.3.5, I just finished configuring SAML2 on two different servers managed, but SSO does not work and also not able to find error messages on the server connects

    I would like to know, if we chose / use keystore default in WLS production, is it impacting on the SSO (SAML2) feature?


    Thanks in advance

    It should not be a problem...

    You can use tools like a violin to capture http headers and see where it crashes.

    You can also enable SAML WLS Console debugging for more information.

    It will be useful.

    Thank you
    Faisal

    http://www.WebLogic-wonders.com

  • Using the HTTP Services with SSL using Internet Explorer

    Hello

    Basically what is happening, is that secure services are not load when I shoot to the top of the Web site when you use Internet Explorer. The site works perfectly in FireFox and Safari support however nothing via the HTTP services when using SSL. I read the Wired article http://weblogs.macromedia.com/lin/archives/flex/security/index.cfm on the use of SSL with THE de Lin Lin, however I am confused as how to implement the changes that she mentions. Basically, she mentioned a couple of the reasons why the httpServices would not be able to load data in the event of connection via SSL. I've read about the Adobe TechNote at http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=fdc7b5c & SSP = rss_flashplayer_fdc7b5 c , but it was not clear either.

    1. How can I change the settings of the server have the correct header information?
    2. can I change something in the compiler Flex for SSL and IE?

    It works perfectly in FireFox and Safari, and retrieves the data without any problem. All ideas, information would be appreciated.

    Hello

    Basically what is happening, is that secure services are not load when I shoot to the top of the Web site when you use Internet Explorer. The site works perfectly in FireFox and Safari support however nothing via the HTTP services when using SSL. I read the Wired article http://weblogs.macromedia.com/lin/archives/flex/security/index.cfm on the use of SSL with THE de Lin Lin, however I am confused as how to implement the changes that she mentions. Basically, she mentioned a couple of the reasons why the httpServices would not be able to load data in the event of connection via SSL. I read on the Adobe TechNote http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=fdc7b5c&pss=rss_flashplayer_fdc7b5 c , but it was not clear either.

    1. How can I change the settings of the server have the correct header information?
    2. can I change something in the compiler Flex for SSL and IE?

    It works perfectly in FireFox and Safari, and retrieves the data without any problem. All ideas, information would be appreciated.

  • CFHTTP Standard GoDaddy SSL keystore

    Try to connect via CFHTTP to a server that has put a Verisign SSL to Godaddy.  While they were with Verisign had no problem.

    I spent about 5-6 hours of searches on several messages, but none seem to have a solution.

    I downloaded the .cer file on my machine, installed in the keystore of the jre coldfusion with the keytool utility.  Restart ColdFusion, same error, connection refused.

    Then I tried to download the files of REB godaddy since their deposit, imported, restarted coldfusion, same error.

    I then downloaded and installed the latest jdk installed and moved coldfusion JVM included and in the news.  Imported all keys in this file of keys, coldfusion is restarted, same error.

    I've performed this task on a server running CF8 and CF9.

    Does anyone at - he had success with godaddy ssl that could give me some advice about where I'm wrong?

    Thank you

    Steve

    For me, it turns out the company bought the el-cheapo godaddy ssl certificate.  If they spent a little more money and got the standard, I would have no problem.

    I eventually found cfx_http5.  I bought that for the server and passed my code to use it without problem.

    Steve

  • SSL certificate not used for Admin Server connections

    I have a GoDaddy SSL certificate installed on OS X Server 10.11.4. It works very well for the web server (https). Connection via Server.app off-site, produces a warning SSL and self-signed certificate. There is a related error regularly in newspapers:

    [[servermgr_certs]:-[CertsRequestHandler(KeychainOpenSSLExport) exportIdentity:]: SecKeychainItemExport (certificateChain) no certificate string available, defaulting to a cert leaves only

    Any suggestions? I reinstalled the cert...

    You must raise the.app of 3rd party certificate.  Follow these steps:

    1: Open Keychain Access.

    2: select the system Keychain in the keychains list.

    3: find the preference of identity com.apple.servermgrd and double click it.

    4: select your SSL certificate 3rd party in the contextual menu of preferred certificate.

    5: Press the button Save changes.  You will be asked to authenticate.

    6: restart the server or restart the process of servermgrd to activate the changes.

    Now when you connect to the server from a remote device using.app, sign in using your valid 3rd party SSL certificate and avoid mistakes.

    Reid

    Apple Consultants Network

    Author - "El Capitan Server - Foundation Services.

    Author - "El Capitan Server - Collaboration & control»

    Author - "El Capitan Server - Advanced Services '.

    : IBooks exclusively available in Apple store

  • SSL/tls over TCP using tcplistner socket or a tcpclient

    I am trying to use ssl/tls, TCP, but in my code, the socket is used not a tcpclient or tcplistner. I searched on the net at least 200 links but I have not everything related that. I want to use less coding and fact ssl or tsll during the tcp socket connection. I have a client, server, certification authority, a key to the .key format. Please help with the example.

    Hello

    TechNet support team can solve your problem correctly since your question is beyond the scope of what is generally answered here.

    Kind regards.

  • ASA 5520: SSL VPN by using a different IP address that the ASA public IP address

    Hi guys,.

    I'm trying to configure an SSL VPN on a Cisco ASA5520.

    Unfortunately port 443 interface OUTSIDE of the SAA is already used by Microsoft Outlook Web Access and I can not change the configuration of Outlook. This configuration already in place allows me to use the public IP address of the ASA as IP Cisco VPN for the Web page.

    I don't not want to use a different port so to keep life easy for users.

    I have a few available public IPs that I can use so I wanted to use one of them instead of the OUTSIDE of the ASA interface. Any idea how I could do?

    Thank you

    Dario

    Unfortunately you can not use any other public ip address, except the ASA outside IP interface to complete the SSL VPN.

    The only options that you have is to change the Outlook to use another port or the SSL VPN to use a different port.

  • The ASA - Client to use SSL and connections options I have?

    We have a large site and have only allowed using IPSEC for all our branch in branch and the user tunnels. We tried SSL years but she limits so we stopped deployment. We must now begin the SSL VPN user and I have a few questions basic ASA.

    I have a unused ASA 5510 for tests that currently holds the 8.3.2 on it, Security code more license, 100 SSL VPN peers and 250 total peers of VPN, VLAN max 100, 2 seconds, active/active contexts, 2 proxies of phone CPU and everything else is disabled. We do not intend on using a SSL connection web anywhere (Anyconnect essentials?) and will not use the entire customer VPN SSL which will be hand loaded on machines or downloaded from the ASA and loaded on the computer if possible. I want to know is what version of the current code can install on my ASA without losing my existing SSL VPN 100 peers license and that the Anyconnect customer would be sustained? I've seen talk about premium Anyconnect but do not know its relationsonship. If I improve the ASA of new releases or versions of code my peer SSL VPN license turns into an Anyconnect Premium license?

    Any help to get started you in the right direction would be appreciated. I know I can spend days trying to understand Cisco licenses and traps and still get burned in the end with the function or the wrong license. Basically, I want to know what I have to install the end-user complete SSL VPN clients and I have to do with the ASA to provide this functionality with current license / feature set there. I also want to know what the end user should be used because it seems that Anyconnect Secure Mobile is the same if I use all its security features. Example - I am not able to check for firewall/malware etc programs but we currently have a policy in place which does not allow browsing the Internet or access when end users have connections VPN tunnel on our site. That restriction will always be kept if this is possible thanks to the SSL VPN connection also.

    Thank you

    Paul

    The SSL VPN client-based license will remain active on your box through Software ASA updates later. AnyConnect Essentials (which you already have) will work with the feature of SSL VPN license.

    You would be upgrading to AnyConnect Premium only if you wanted to add features like clientless SSL VPN (purely based on a browser) or other items such as Advanced Endpoint Assessment (AEA). AnyConnect Premium can coexist with Anyconnect Essentials on the SAA even if you can't mix and match licenses Premium and Essentials.

    Essential distinction or Premium is mainly directed towards the installation of the ASA. The same AnyConnect Secure Mobility client software (version 3.1 is the latest for Windows and OS X and is quite a nice new version) is used in both cases. Functional additional client plug-ins are things such as the AEA and the NAC 802.1 x. Your group policies based on the SAA as no split tunneling, etc. remain in force.

    If you intend to allow clients of mobile devices (iPhone, iPad, and Android (a very limited support for the last BTW)) to access your VPN, you will need to add the mobile on the SAA AnyConnect license and install the client from the respective AppStore. Note that Windows Phone and Blackberry don't are not supported as client AnyConnect.

  • Generate certificates for use with the VMware SSL certificate automation tool

    Hello

    I am trying to use the tool to automate SSL certificate. Our vCenter Server is configured in pulse mode. When I'm trying to generate the request (CSR companies) for Single sing - on (SSO) of certificate signing, option 1 is to provide the FULL domain name. I want to know what domain name FULL should I provide the name of the node or virtual.

    Also I will try to use this tool for other components like updatemanager, inventory service, service of vcenter server, web client. Have experience how to use this tool?

    Thank you

    I successfully replaced certificates for all services. I used the FQDN of the virtual name and not the name of the node to generate the CSR. Thank you

  • You can use cipher suites different use different SSL certificates?

    Using JSSE for SSL, so firstly do javax.net.ssl.SSLContext.init () where you specify as the [KeyManagers]. Here I specify an X509KeyManager where I specify the list of the X 509 certificates I would like to use all by SSL communication with a peer SSL. I'm then a SSLSocket context using SSLContext.getSocketFactory.createSocket () where the created SSL socket use the KeyManager created in the previous step.

    However, when I use this plug to negotiate SSL, I have not any control that cert is used with which cipher suite is chosen during the SSL handshake. For example, if I have two certificates in KeyManager, say A and B, I might want to use one during the continuation of encryption in SSL negotiation is TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA although I could use B when the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA (the cipher suites are according to RFC 5264 for TLS 1.2).

    Is it possible to have this kind of control while using the JSSE in Java?

    I might want to use A only when chosen to negotiate SSL encryption suite is...

    You can not. The encryption suite is chosen after the certificate.

    I don't really see what the choice of the certificate must make the choice of cipher suites. One is for authentication; the other is for encryption.

  • How to use the JKS-based Keystore in Oracle 11g SOA

    I'm doing FTPS on remote server of third party (with UNIX operating system) using SOA 11 g adapter FTP. I installed and configured vsftpd and generated vsftpd.pem file on the remote server certificate.
    Follow the steps mentioned in http://download.oracle.com/docs/cd/E17904_01/integration.1111/e10231/adptr_file.htm#CIABDGCF

    In one step "Adjusting upward the FTP Oracle adapter" walletLocation is necessary, then I went through the steps mentioned in http://download.oracle.com/docs/cd/E17904_01/core.1111/e10105/wallets.htm#CHDGIJDC

    (Tried using both 1) JKS Keystore Management 2) portfolio management

    Impossible to find two of them in the Oracle 11g SOA em but the steps do not match.

    Can someone tell me how to use JKS Keystore or portfolio management?

    Thank you very much!!

    Concerning
    Yogesh

    Hi yogesh,

    I think that the portfolio can be created from the FMW console only if the HTTP server is installed and available. If there is no Oracle HTTP server, configure a specified in the.

    [http://download.oracle.com/docs/cd/E12839_01/doc.1111/e14260/toc.htm |] Oracle HTTP Server installation]

    Agress,
    Neeraj Sehgal

  • Java/jre ColdFusion 11 mutual auth ssl api calls.  Help with coldfusion/java logs.

    Hello

    I'm here because I have exhausted my Coldfusion/Java ssl keystore certs troubleshooting capabilities.  Here's the question. I'm developing a Coldfusion 11 application which must make calls to api for services SOAP Chase payconnexion. I use the tags of cfhttp in coldfusion to do this, that is using java jre 1.7.x to achieve this. The problem I'm getting generic 500 internal server errors of Chase.   They claim that I'm not sending a cert in the exchange of ssl.    What I did is:

    -put our generic cert/key pair in the keystore of coldfusion

    -put our root and the string in the keystore

    -put the chase Server certs in the keystore

    -converted files of key/crt in .pfx and make calls

    for hunting with those, something like:

    < cfset objSecurity = createObject ("java", "impossible") / >

    < cfset storeProvider = objSecurity.getProvider ("JsafeJCE") / >

    < cfset Application.sslfix = true / >

    < cfhttp url = "" #chase_api_server #/ ' "

    result = "http_response.

    method = "post".

    port = "1401" charset = "utf-8".

    clientCert = "#cert_path #/ #cert_file1 #

    clientCertPassword = "#cert_password #" >

    < cfhttpparam type = "header" name = "SOAPAction" value = "updateUserProfileRequest" / >

    < cfhttpparam type = "header" name = "Host" value = "ws.payconnexion.com" / > "

    < cfhttpparam type = "xml" value = "#trim (my_xml) #" / >

    < / cfhttp >

    Here is what I see in the newspapers of the CF, can someone help me interpret what

    is happening?

    Thank you

    Bob

    =============================================================

    ***

    found the key for: 1

    String [0] =]

    [

    Version: V3

    Object: CN = *. payments.austintexas.gov, O = city of Austin, L = Austin, ST = Texas, C = US

    Signature algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    Key: Sun public key RSA 2048 bits

    module: < snip >

    Validity: [from: Mon Aug 11 12:39:37 CDT 2014]

    [To: Fri Oct 01 18:34:24 CDT 2016]

    Issuer: CN = Entrust Certification Authority - L1C, OR = "(c) 2009 Entrust, Inc.", OR = www.entrust.net/rpa is incorporated by reference, O = 'Entrust, Inc.', C = US "

    Serial number: [< snip > 7]

    Certificate extensions: 9

    [1]: ObjectId: 1.3.6.1.5.5.7.1.1 criticality = false

    [Field

    [

    accessMethod: ocsp

    accessLocation: U: http://OCSP.entrust.NET

    ,

    accessMethod: caIssuers

    accessLocation: U: http://AIA.entrust.NET/2048-L1C.CER

    ]

    ]

    [2]: ObjectId: 2.5.29.35 criticality = false

    [AuthorityKeyIdentifier

    [KeyIdentifier

    < snip >]

    ]

    [3]: ObjectId: 2.5.29.19 criticality = false

    BasicConstraints:]

    CA:false

    PathLen: undefined

    ]

    [4]: ObjectId: 2.5.29.31 criticality = false

    [CRLDistributionPoints

    [DistributionPoint:]

    [U: http://crl.entrust.net/level1c.crl]

    ]]

    [5]: ObjectId: 2.5.29.32 criticality = false

    [CertificatePolicies

    [CertificatePolicyId: [1.2.840.113533.7.75.2]]

    [PolicyQualifierInfo: []]

    qualifierID: 1.3.6.1.5.5.7.2.1

    qualifier: < snip >

    ]]  ]

    [CertificatePolicyId: [2.23.140.1.2.2]]

    []  ]

    ]

    [6]: ObjectId: 2.5.29.37 criticality = false

    [ExtendedKeyUsages

    serverAuth

    AutClient

    ]

    [7]: ObjectId: 2.5.29.15 criticality = false

    [KeyUsage

    DigitalSignature

    Key_Encipherment

    ]

    [8]: ObjectId: 2.5.29.17 criticality = false

    [SubjectAlternativeName

    DNSName: *. payments.austintexas.gov

    DNSName: payments.austintexas.gov

    ]

    [9]: ObjectId: 2.5.29.14 criticality = false

    [SubjectKeyIdentifier

    [KeyIdentifier

    < snip >]

    ]

    ]

    Algorithm: [SHA1withRSA]

    Signature:

    < snip >

    ]

    [1] string =]

    [

    Version: V3

    Object: CN = Entrust Certification Authority - L1C, OR = "(c) 2009 Entrust, Inc.", OR = www.entrust.net/rpa is incorporated by reference, O = 'Entrust, Inc.', C = US "

    Signature algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    Key: Sun public key RSA 2048 bits

    module: < snip >

    public exponent: 65537

    Validity: [from: Fri 11 Nov 09:40:40 CST 2011,]

    [To: Thu Nov 11 20:51:17 CST 2021]

    Issuer: Authority of Certification CN = Entrust .net (2048), OR = (c) 1999 Entrust.net Limited, www.entrust.net/CPS_2048 incorp =. by Ref. (limits liab.), O = Entrust .net

    Serial number: [< snip >]

    Certificate extensions: 7

    [1]: ObjectId: 1.3.6.1.5.5.7.1.1 criticality = false

    [Field

    [

    accessMethod: ocsp

    accessLocation: U: http://OCSP.entrust.NET

    ]

    ]

    [2]: ObjectId: 2.5.29.35 criticality = false

    [AuthorityKeyIdentifier

    [KeyIdentifier

    < snip >]

    ]

    [3]: ObjectId: 2.5.29.19 criticality = true

    BasicConstraints:]

    CA:true

    PathLen:0

    ]

    [4]: ObjectId: 2.5.29.31 criticality = false

    [CRLDistributionPoints

    [DistributionPoint:]

    [U: http://crl.entrust.net/2048ca.crl]

    ]]

    [5]: ObjectId: 2.5.29.32 criticality = false

    [CertificatePolicies

    [CertificatePolicyId: [2.5.29.32.0]]

    [PolicyQualifierInfo: []]

    qualifierID: 1.3.6.1.5.5.7.2.1

    qualifier: < snip >

    ]]  ]

    ]

    [6]: ObjectId: 2.5.29.15 criticality = true

    [KeyUsage

    Key_CertSign

    Crl_Sign

    ]

    [7]: ObjectId: 2.5.29.14 criticality = false

    [SubjectKeyIdentifier

    [KeyIdentifier

    < snip >]

    ]

    ]

    Algorithm: [SHA1withRSA]

    Signature:

    < snip >

    ]

    [2] string =]

    [

    Version: V3

    Subject: Authority of Certification CN = Entrust .net (2048), OR = (c) 1999 Entrust.net Limited, www.entrust.net/CPS_2048 incorp =. by Ref. (limits liab.), O = Entrust .net

    Signature algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    Key: Sun public key RSA 2048 bits

    module: < snip > public exponent: 65537

    Validity: [from: Fri dec 24 11:50:51 CST 1999]

    [To: kill Jul 24 09:15:12 CDT 2029]

    Issuer: Authority of Certification CN = Entrust .net (2048), OR = (c) 1999 Entrust.net Limited, www.entrust.net/CPS_2048 incorp =. by Ref. (limits liab.), O = Entrust .net

    Serial number: [< snip >]

    Certificate extensions: 3

    [1]: ObjectId: 2.5.29.19 criticality = true

    BasicConstraints:]

    CA:true

    PathLen:2147483647

    ]

    [2]: ObjectId: 2.5.29.15 criticality = true

    [KeyUsage

    Key_CertSign

    Crl_Sign

    ]

    [3]: ObjectId: 2.5.29.14 criticality = false

    [SubjectKeyIdentifier

    [KeyIdentifier

    < snip >]

    ]

    ]

    Algorithm: [SHA1withRSA]

    Signature:

    < snip >

    ]

    ***

    trustStore is: / opt/coldfusion11/jre/lib/security/cacerts

    trustStore type is: jks

    trustStore provider is:

    init truststore

    adding that cert trust:

    < certs snip 85 >

    trigger the seeding of SecureRandom

    done seeding SecureRandom

    January 23, 2015 13:15:37 information [ajp-bio-8014-exec-7] - HTTP request to leave {URL ='https://ws.payconnexion.com:1401/pconWS/9_5 /", method = 'post'"}

    Ignoring the unsupported encryption suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256

    Ignoring the unsupported encryption suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

    Ignoring the unsupported encryption suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

    Ignoring the unsupported encryption suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256

    Ignoring the unsupported encryption suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

    Ignoring the unsupported encryption suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

    Ignoring the unsupported encryption suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

    Ignoring the unsupported encryption suite: TLS_RSA_WITH_AES_256_CBC_SHA256

    Ignoring the unsupported encryption suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

    Ignoring the unsupported encryption suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

    Ignoring the unsupported encryption suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

    Ignoring the unsupported encryption suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

    Ignoring the unsupported encryption suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256

    Ignoring the unsupported encryption suite: TLS_RSA_WITH_AES_128_CBC_SHA256

    Allow the dangerous renegotiation: true

    Allow legacy Hello messages: true

    Is the first handshake: true

    Is secure renegotiation: false

    % No session caching client

    ClientHello, TLSv1

    RandomCookie: GMT: 1405197529 bytes = {191, 115, 95, 85, 79, 234, 145, 176, 62, 70, 36, 102, 168, 15, 127, 174, 88, 118, 4, 177, 226, 5, 254, 55, 108, 203, 80, 80}

    Session ID: {}

    Cipher suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_EMPTY_RENEGOTIATION_INFO_SCSV, SSL_RSA_WITH_RC4_128_MD5]

    Compression methods: {0}

    Extension elliptic_curves, the names of curve: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

    Extension ec_point_formats, formats: [uncompressed]

    Servername extension, server_name: [hostname: ws.payconnexion.com]

    ***

    AJP-bio-8014-exec-7, WRITING: TLSv1 Handshake, length = 191

    AJP-bio-8014-exec-7, READ: TLSv1 Handshake, length = 81

    ServerHello, TLSv1

    RandomCookie: < snip >

    Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA

    Compression method: 0

    Extension renegotiation_info, renegotiated_connection: < empty >

    ***

    %% Initialized: [Session-5, TLS_RSA_WITH_AES_256_CBC_SHA]

    * TLS_RSA_WITH_AES_256_CBC_SHA

    AJP-bio-8014-exec-7, READ: TLSv1 Handshake, length = 4183

    Certificate chain

    String [0] =]

    [

    Version: V3

    Subject: CN = ws.payconnexion.com, OR is PayConnexion, O is JPMorgan Chase, L = New York, ST = New York, C = US

    Signature algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    Key: Sun public key RSA 2048 bits

    module: < snip >

    public exponent: 65537

    Validity: [from: Sun Apr 20 19:00:00 CDT 2014]

    [To: kill Jun 02 18:59:59 CDT 2015]

    Issuer: CN = VeriSign Class 3 International Server CA - G3, OU = terms of use at https://www.VeriSign.com/RPA (c) 10, OU = VeriSign Trust Network, O = "VeriSign, Inc.", C = US

    Serial number: [< snip >]

    Certificate extensions: 8

    [1]: ObjectId: 1.3.6.1.5.5.7.1.1 criticality = false

    [Field

    [

    accessMethod: ocsp

    accessLocation: U: http://se.symcd.com

    ,

    accessMethod: caIssuers

    accessLocation: U: http://se.symcb.com/se.CRT

    ]

    ]

    [2]: ObjectId: 2.5.29.35 criticality = false

    [AuthorityKeyIdentifier

    [KeyIdentifier

    < snip >]

    ]

    [3]: ObjectId: 2.5.29.19 criticality = false

    BasicConstraints:]

    CA:false

    PathLen: undefined

    ]

    [4]: ObjectId: 2.5.29.31 criticality = false

    [CRLDistributionPoints

    [DistributionPoint:]

    [U: http://se.symcb.com/se.crl]

    ]]

    [5]: ObjectId: 2.5.29.32 criticality = false

    [CertificatePolicies

    [CertificatePolicyId: [2.16.840.1.113733.1.7.54]]

    [PolicyQualifierInfo: []]

    qualifierID: 1.3.6.1.5.5.7.2.1

    qualifier: < snip >

    ], PolicyQualifierInfo:]

    qualifierID: 1.3.6.1.5.5.7.2.2

    qualifier: < snip >

    ]]  ]

    ]

    [6]: ObjectId: 2.5.29.37 criticality = false

    [ExtendedKeyUsages

    serverAuth

    AutClient

    2.16.840.1.113730.4.1

    ]

    [7]: ObjectId: 2.5.29.15 criticality = true

    [KeyUsage

    DigitalSignature

    Key_Encipherment

    ]

    [8]: ObjectId: 2.5.29.17 criticality = false

    [SubjectAlternativeName

    DNSName: ws.payconnexion.com

    ]

    ]

    Algorithm: [SHA1withRSA]

    Signature:

    < snip >

    ]

    [1] string =]

    [

    Version: V3

    Object: CN = VeriSign Class 3 International Server CA - G3, OU = terms of use at https://www.VeriSign.com/RPA (c) 10, OU = VeriSign Trust Network, O = "VeriSign, Inc.", C = US

    Signature algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    Key: Sun public key RSA 2048 bits

    module: < snip >

    public exponent: 65537

    Validity: [from: Sun 07 Feb 18:00:00 CST 2010]

    [To: Fri Feb 07 17:59:59 CST 2020]

    Issuer: CN = VeriSign Class 3 Public Primary Certification Authority - G5, OR = "(c) 2006 VeriSign, Inc. - use only permitted", OU = VeriSign Trust Network, O = "VeriSign, Inc.", C = US

    Serial number: [< snip >]

    Certificate extensions: 10

    [1]: ObjectId: 1.3.6.1.5.5.7.1.12 criticality = false

    Unknown extension: coded DER BYTE string =

    < snip >

    [2]: ObjectId: 1.3.6.1.5.5.7.1.1 criticality = false

    [Field

    [

    accessMethod: ocsp

    accessLocation: U: http://OCSP.VeriSign.com

    ]

    ]

    [3]: ObjectId: 2.5.29.35 criticality = false

    [AuthorityKeyIdentifier

    [KeyIdentifier

    < snip >]

    ]

    [4]: ObjectId: 2.5.29.19 criticality = true

    BasicConstraints:]

    CA:true

    PathLen:0

    ]

    [5]: ObjectId: 2.5.29.31 criticality = false

    [CRLDistributionPoints

    [DistributionPoint:]

    [U: http://crl.verisign.com/pca3-g5.crl]

    ]]

    [6]: ObjectId: 2.5.29.32 criticality = false

    [CertificatePolicies

    [CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]]

    [PolicyQualifierInfo: []]

    qualifierID: 1.3.6.1.5.5.7.2.1

    qualifier: < snip >

    ], PolicyQualifierInfo:]

    qualifierID: 1.3.6.1.5.5.7.2.2

    qualifier: < snip >

    ]]  ]

    ]

    [7]: ObjectId: 2.5.29.37 criticality = false

    [ExtendedKeyUsages

    serverAuth

    AutClient

    2.16.840.1.113730.4.1

    2.16.840.1.113733.1.8.1

    ]

    [8]: ObjectId: 2.5.29.15 criticality = true

    [KeyUsage

    Key_CertSign

    Crl_Sign

    ]

    [9]: ObjectId: 2.5.29.17 criticality = false

    [SubjectAlternativeName

    CN = VeriSignMPKI-2-7

    ]

    [10]: ObjectId: 2.5.29.14 criticality = false

    [SubjectKeyIdentifier

    [KeyIdentifier

    < snip >]

    ]

    ]

    Algorithm: [SHA1withRSA]

    Signature:

    < snip >

    ]

    [2] string =]

    [

    Version: V3

    Object: CN = VeriSign Class 3 Public Primary Certification Authority - G5, OR = "(c) 2006 VeriSign, Inc. - use only permitted", OU = VeriSign Trust Network, O = "VeriSign, Inc.", C = US

    Signature algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    Key: Sun public key RSA 2048 bits

    module: < snip >

    public exponent: 65537

    Validity: [from: Tue Nov 07 18:00:00 CST 2006]

    [To: Sun Nov 07 17:59:59 CST 2021]

    Issuer: OU = class public primary Certification Authority 3, O = "VeriSign, Inc.", C = US

    Serial number: [< snip >]

    Certificate extensions: 8

    [1]: ObjectId: 1.3.6.1.5.5.7.1.12 criticality = false

    Unknown extension: coded DER BYTE string =

    < snip >

    [2]: ObjectId: 1.3.6.1.5.5.7.1.1 criticality = false

    [Field

    [

    accessMethod: ocsp

    accessLocation: U: http://OCSP.VeriSign.com

    ]

    ]

    [3]: ObjectId: 2.5.29.19 criticality = true

    BasicConstraints:]

    CA:true

    PathLen:2147483647

    ]

    [4]: ObjectId: 2.5.29.31 criticality = false

    [CRLDistributionPoints

    [DistributionPoint:]

    [U: http://crl.verisign.com/pca3.crl]

    ]]

    [5]: ObjectId: 2.5.29.32 criticality = false

    [CertificatePolicies

    [CertificatePolicyId: [2.5.29.32.0]]

    [PolicyQualifierInfo: []]

    qualifierID: 1.3.6.1.5.5.7.2.1

    qualifier: < snip >

    ]]  ]

    ]

    [6]: ObjectId: 2.5.29.37 criticality = false

    [ExtendedKeyUsages

    serverAuth

    AutClient

    resynced

    2.16.840.1.113730.4.1

    2.16.840.1.113733.1.8.1

    ]

    [7]: ObjectId: 2.5.29.15 criticality = true

    [KeyUsage

    Key_CertSign

    Crl_Sign

    ]

    [8]: ObjectId: 2.5.29.14 criticality = false

    [SubjectKeyIdentifier

    [KeyIdentifier

    < snip >]

    ]

    ]

    Algorithm: [SHA1withRSA]

    Signature:

    < snip >

    ]

    ***

    Found the certificate of trust:

    [

    [

    Version: V3

    Subject: CN = ws.payconnexion.com, OR is PayConnexion, O is JPMorgan Chase, L = New York, ST = New York, C = US

    Signature algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    Key: Sun public key RSA 2048 bits

    module: public exponent: 65537

    Validity: [from: Sun Apr 20 19:00:00 CDT 2014]

    [To: kill Jun 02 18:59:59 CDT 2015]

    Issuer: CN = VeriSign Class 3 International Server CA - G3, OU = terms of use at https://www.VeriSign.com/RPA (c) 10, OU = VeriSign Trust Network, O = "VeriSign, Inc.", C = US

    Serial number: [< snip >]

    Certificate extensions: 8

    [1]: ObjectId: 1.3.6.1.5.5.7.1.1 criticality = false

    [Field

    [

    accessMethod: ocsp

    accessLocation: U: http://se.symcd.com

    ,

    accessMethod: caIssuers

    accessLocation: U: http://se.symcb.com/se.CRT

    ]

    ]

    [2]: ObjectId: 2.5.29.35 criticality = false

    [AuthorityKeyIdentifier

    [KeyIdentifier

    < snip >]

    ]

    [3]: ObjectId: 2.5.29.19 criticality = false

    BasicConstraints:]

    CA:false

    PathLen: undefined

    ]

    [4]: ObjectId: 2.5.29.31 criticality = false

    [CRLDistributionPoints

    [DistributionPoint:]

    [U: http://se.symcb.com/se.crl]

    ]]

    [5]: ObjectId: 2.5.29.32 criticality = false

    [CertificatePolicies

    [CertificatePolicyId: [2.16.840.1.113733.1.7.54]]

    [PolicyQualifierInfo: []]

    qualifierID: 1.3.6.1.5.5.7.2.1

    qualifier: < snip >

    ], PolicyQualifierInfo:]

    qualifierID: 1.3.6.1.5.5.7.2.2

    qualifier: < snip >

    ]]  ]

    ]

    [6]: ObjectId: 2.5.29.37 criticality = false

    [ExtendedKeyUsages

    serverAuth

    AutClient

    2.16.840.1.113730.4.1

    ]

    [7]: ObjectId: 2.5.29.15 criticality = true

    [KeyUsage

    DigitalSignature

    Key_Encipherment

    ]

    [8]: ObjectId: 2.5.29.17 criticality = false

    [SubjectAlternativeName

    DNSName: ws.payconnexion.com

    ]

    ]

    Algorithm: [SHA1withRSA]

    Signature:

    < snip >

    ]

    AJP-bio-8014-exec-7, READ: TLSv1 Handshake, length = 13

    CertificateRequest

    CERT types: RSA, DSS

    CERT authorities:

    < empty >

    ServerHelloDone

    corresponding to the alias: 1

    Certificate chain

    String [0] =]

    [

    Version: V3

    Object: CN = *. payments.austintexas.gov, O = city of Austin, L = Austin, ST = Texas, C = US

    Signature algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    Key: Sun public key RSA 2048 bits

    < snip > public exponent: 65537

    Validity: [from: Mon Aug 11 12:39:37 CDT 2014]

    [To: Fri Oct 01 18:34:24 CDT 2016]

    Issuer: CN = Entrust Certification Authority - L1C, OR = "(c) 2009 Entrust, Inc.", OR = www.entrust.net/rpa is incorporated by reference, O = 'Entrust, Inc.', C = US "

    Serial number: [< snip >]

    Certificate extensions: 9

    [1]: ObjectId: 1.3.6.1.5.5.7.1.1 criticality = false

    [Field

    [

    accessMethod: ocsp

    accessLocation: U: http://OCSP.entrust.NET

    ,

    accessMethod: caIssuers

    accessLocation: U: http://AIA.entrust.NET/2048-L1C.CER

    ]

    ]

    [2]: ObjectId: 2.5.29.35 criticality = false

    [AuthorityKeyIdentifier

    [KeyIdentifier

    < snip >]

    ]

    [3]: ObjectId: 2.5.29.19 criticality = false

    BasicConstraints:]

    CA:false

    PathLen: undefined

    ]

    [4]: ObjectId: 2.5.29.31 criticality = false

    [CRLDistributionPoints

    [DistributionPoint:]

    [U: http://crl.entrust.net/level1c.crl]

    ]]

    [5]: ObjectId: 2.5.29.32 criticality = false

    [CertificatePolicies

    [CertificatePolicyId: [1.2.840.113533.7.75.2]]

    [PolicyQualifierInfo: []]

    qualifierID: 1.3.6.1.5.5.7.2.1

    qualifier: < snip >

    ]]  ]

    [CertificatePolicyId: [2.23.140.1.2.2]]

    []  ]

    ]

    [6]: ObjectId: 2.5.29.37 criticality = false

    [ExtendedKeyUsages

    serverAuth

    AutClient

    ]

    [7]: ObjectId: 2.5.29.15 criticality = false

    [KeyUsage

    DigitalSignature

    Key_Encipherment

    ]

    [8]: ObjectId: 2.5.29.17 criticality = false

    [SubjectAlternativeName

    DNSName: *. payments.austintexas.gov

    DNSName: payments.austintexas.gov

    ]

    [9]: ObjectId: 2.5.29.14 criticality = false

    [SubjectKeyIdentifier

    [KeyIdentifier

    < snip >]

    ]

    ]

    Algorithm: [SHA1withRSA]

    Signature:

    < snip >

    ]

    [1] string =]

    [

    Version: V3

    Object: CN = Entrust Certification Authority - L1C, OR = "(c) 2009 Entrust, Inc.", OR = www.entrust.net/rpa is incorporated by reference, O = 'Entrust, Inc.', C = US "

    Signature algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    Key: Sun public key RSA 2048 bits

    module: < snip >

    public exponent: 65537

    Validity: [from: Fri 11 Nov 09:40:40 CST 2011,]

    [To: Thu Nov 11 20:51:17 CST 2021]

    Issuer: Authority of Certification CN = Entrust .net (2048), OR = (c) 1999 Entrust.net Limited, www.entrust.net/CPS_2048 incorp =. by Ref. (limits liab.), O = Entrust .net

    Serial number: [< snip >]

    Certificate extensions: 7

    [1]: ObjectId: 1.3.6.1.5.5.7.1.1 criticality = false

    [Field

    [

    accessMethod: ocsp

    accessLocation: U: http://OCSP.entrust.NET

    ]

    ]

    [2]: ObjectId: 2.5.29.35 criticality = false

    [AuthorityKeyIdentifier

    [KeyIdentifier

    < snip >]

    ]

    [3]: ObjectId: 2.5.29.19 criticality = true

    BasicConstraints:]

    CA:true

    PathLen:0

    ]

    [4]: ObjectId: 2.5.29.31 criticality = false

    [CRLDistributionPoints

    [DistributionPoint:]

    [U: http://crl.entrust.net/2048ca.crl]

    ]]

    [5]: ObjectId: 2.5.29.32 criticality = false

    [CertificatePolicies

    [CertificatePolicyId: [2.5.29.32.0]]

    [PolicyQualifierInfo: []]

    qualifierID: 1.3.6.1.5.5.7.2.1

    qualifier: < snip >

    ]]  ]

    ]

    [6]: ObjectId: 2.5.29.15 criticality = true

    [KeyUsage

    Key_CertSign

    Crl_Sign

    ]

    [7]: ObjectId: 2.5.29.14 criticality = false

    [SubjectKeyIdentifier

    [KeyIdentifier

    < snip >]

    ]

    ]

    Algorithm: [SHA1withRSA]

    Signature:

    < snip >

    ]

    [2] string =]

    [

    Version: V3

    Subject: Authority of Certification CN = Entrust .net (2048), OR = (c) 1999 Entrust.net Limited, www.entrust.net/CPS_2048 incorp =. by Ref. (limits liab.), O = Entrust .net

    Signature algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    Key: Sun public key RSA 2048 bits

    module: < snip > public exponent: 65537

    Validity: [from: Fri dec 24 11:50:51 CST 1999]

    [To: kill Jul 24 09:15:12 CDT 2029]

    Issuer: Authority of Certification CN = Entrust .net (2048), OR = (c) 1999 Entrust.net Limited, www.entrust.net/CPS_2048 incorp =. by Ref. (limits liab.), O = Entrust .net

    Serial number: [< snip >]

    Certificate extensions: 3

    [1]: ObjectId: 2.5.29.19 criticality = true

    BasicConstraints:]

    CA:true

    PathLen:2147483647

    ]

    [2]: ObjectId: 2.5.29.15 criticality = true

    [KeyUsage

    Key_CertSign

    Crl_Sign

    ]

    [3]: ObjectId: 2.5.29.14 criticality = false

    [SubjectKeyIdentifier

    [KeyIdentifier

    < snip >]

    ]

    ]

    Algorithm: [SHA1withRSA]

    Signature:

    < snip >

    ]

    ***

    ClientKeyExchange, RSA PreMasterSecret, TLSv1

    AJP-bio-8014-exec-7, WRITING: TLSv1 Handshake, length = 3970

    SESSION KEYGEN:

    PreMaster Secret:

    < snip >

    KEYGEN OF CONNECTION:

    Nuncio of the client:

    < snip >

    Nuncio of server:

    < snip >

    Master Secret:

    < snip >

    Give your MAC Secret client:

    < snip >

    MAC server write Secret:

    < snip >

    Write the client key:

    < snip >

    Server write key:

    < snip >

    Client write IV:

    < snip >

    Server write IV:

    < snip >

    CertificateVerify

    AJP-bio-8014-exec-7, WRITING: TLSv1 Handshake, length = 262

    AJP-bio-8014-exec-7, WRITING: TLSv1 Change Cipher Spec length = 1

    Finish

    verify_data: {51, 254, 40, 56, 247, 218, 130, 183, 112, 239, 95, 4}

    ***

    AJP-bio-8014-exec-7, WRITING: TLSv1 Handshake, length = 48

    AJP-bio-8014-exec-7, READ: TLSv1 Change Cipher Spec length = 1

    AJP-bio-8014-exec-7, READ: TLSv1 Handshake, length = 48

    Finish

    verify_data: {89, 182, 137, 178, 177, 31, 27, 115, 151, 90, 169, 49}

    ***

    % Cache the client session: [Session-5, TLS_RSA_WITH_AES_256_CBC_SHA]

    AJP-bio-8014-exec-7, setSoTimeout (60000) called

    AJP-bio-8014-exec-7, WRITING: TLSv1 Application Data, length = 1520

    AJP-bio-8014-exec-7, READ: TLSv1 Application Data, length = 128

    January 23, 2015 13:15:38 information [ajp-bio-8014-exec-7] - complete HTTP request {status Code = 500, time = 1302 ms}

    AJP-bio-8014-exec-7, READ: TLSv1 Application Data, length = 256

    AJP-bio-8014-exec-7, READ: alert TLSv1, length = 32

    AJP-bio-8014-exec-7, RECV TLSv1 ALERT: attention, close_notify

    AJP-bio-8014-exec-7, called closeInternal (false)

    AJP-bio-8014-exec-7, SEND TLSv1 ALERT: attention, description = close_notify

    AJP-bio-8014-exec-7, WRITING: alert TLSv1, length = 32

    AJP-bio-8014-exec-7, call closeSocket (selfInitiated)

    AJP-bio-8014-exec-7, called close()

    AJP-bio-8014-exec-7, called closeInternal (true)

    OK, apparently nobody Chase who said that we don't send the certificates and realization mutual auth

    was wrong.   Https calls were connection and mutual authentication took place.   The 500

    error was on a soap envelope during delivery and NOT of SSL that I directed to.   Everything that

    works fine now.

    Thank you

    Bob

  • Create new keys SSL for Weblogic

    I want to activate SSL for servers of IOM - which means that I must be able to access the URL sysadmin and identity via https. I activated SSL in the console of the managed server, but it does not work.

    While I was looking at the doc Doc-ID 1218695.1 and in the doc under Doc ID 1230333.1 they took the measures. I follow the similar steps for my application server, but for the IOM weblogic servers, I need to use the keystore DemoTrust.jks as I have other certificates imported into them. So I can generate a new key using the following command with an existing key file?

    keytool - genkey-alias alias aliases1 - keyalg RSA - keysize 2048 -keystore < I want to use the existing DemoTrust.jks here > - dname "CN = xxx, OU = xx, O = C = xx, xxx, L = xx, S = xx" - storepass xxxx - xxxx keypass.

    I would send the key generated for approval, then import the root and certificates approved in DemoTrust.jks. Is there anything else I need to do?

    Thank you.

    genkey generates a self-signed certificate. If you want to send to a CA for signature, then you will need to use certreq option instead. You can use an existing key file if you wish.

Maybe you are looking for

  • My iPhone 5s cannot hold a charge

    IiPhone 5s cannot hold a charge

  • When I open Firefox, I have a unwanted Bing toolbar

    For the last month, when I open Firefox I get an unwanted Bing toolbar. Also when I open Internet Explorer, I get a newspaper additional Firefox in the screen. IE is prepackaged in my PC. The re-booting, I can't get the last system restore. Firefox i

  • Satellite P10 and Netgear USB dongle use

    Hello NETGEAR insist it is a Toshiba system problem... Whenever I try to inslall wg111v2 cherif I get... Failed to install... "RegDBCreateKeyEx failed", and/or... "cannot read the control on the Netgear server file. I don't have this problem with my

  • R720 PSU fan failure after restored power reports

    I have a rack with 18 R720s in it. They all have two power supplies (most with a couple of 750W 495W) with a set connected to a PDU to the power of the wall, and the second set on a PDU is connected to a UPS. Servers are configured for redundancy of

  • VPN with cisco 2621

    Is it possible to set up a vpn between a cisco 2621 and a windows xp with dynamic IP (adsl connection, I can use the home network. I would be grateful all documentation. Cisco Internetwork Operating System software IOS (TM) C2600 software (C2600-I-M)