Leave a Comment:
35 comments
I have this errove when try to start my application R12
adopmnctl.sh exiting with status 2
kindly advice
ReplyNhawi,
Check opmnctl log at 10.1.3 ORACLE_HOME/opmn/logs
It should most probably be in $INST_TOP/ora/10.1.3/opmn/logs
If you don’t see logs there let me know and I’ll log in to my test server .
Update us with error message and will try to find cause of this R12 startup issue
ReplyBoss,
I configured SSL for the HTTP Server only of our test apps instance. We you navigate the system through the HTML-based applications everything is working fine with SSL, but, when invoking any Form-base module the JInitiator hangs and the following errors appear in the Jave Console:
WARNING: Unable to cache https://p2es.kockw.com:8007/OA_JAVA/oracle/apps/fnd/jar/fndlist.jarload: class oracle/apps/fnd/formsClient/FormsLauncher.class not found.java.lang.ClassNotFoundException: java.io.IOException: javax.net.ssl.SSLException: SSL handshake failed: SSLBadParameterErr
Please advise where could be the problem? I don’t need the form layer and the database layer to be configures with ssl, only I need the web server layer.
ReplyAtul,
Thank you for the reply, but it is mentioned in the Note 373736.1 that: “Select your working directory on the server ($COMMON_TOP/admin/certs/forms)”, but I didn’t configure SSL for Forms Layer, so how could I find the above mentioned directory ? I only have $COMMON_TOP/admin/certs/apache ?
Waiting your reply.
Mohammad Muhtadi
Replymmuhtadi,
I don’t think you are interested in configuring ssl on forms and its not required.
You should install CA (certifying authority) certificates on client jinitiator (on all client machine) in above mentioned location.
For more info & discussion check http://teachMeOracle.com/forum
ReplyAtul,
What I did exactly, I copied the apache_1024.crt from the server to my client machine using bin mode, then I opened the certificate, then I exported it in a file, then I copied the contents of the file which starts with “BEGIN CERTIFICATE” and ends with “END CERTIFICATE” then I appended it in the certdb.txt file which is located in my JInitiator home directory, after all of that I still have the java exception ??
Any ideas ???
M.Muhtadi
ReplyAtul,
If SSL is not configured for Forms Layer, why shall I inform the JInitiator with the certified list of certificates ?????
Replyhi mmuhtadi, i think im ur brother , i was searching in the same website:)
ReplyHi Atul,
I faced the same problem too when trying to launch SSL for web services only. The error i get is “Opening ….FormsLauncher/class.class” and the forms does not pop up. I read from certain sources and one workaround is to include the cert into the certdb.txt file.
Now, I have one question, if I purchase a commercial cert from one of the CAs that are specified in the certdb.txt file, example thawte, does that mean that I do not need to manually include the certdb.txt file?
Appreciate your help greatly. Thanks
ReplyRick,
For all standard certificates like thawte or verisign you donot need to include in certdb.txt as they are pre included in certdb.txt
Hi Atul,
The reason why I’m asking is because we actually purchased a thawte SSL web server cert but we still hit the problem.
Upon investigation, we found that the default cert for thawte that is in the certdb.txt file is actually meant for SSL 123 cert, not web server. Since both certs are signed using different root CA, see example below:
Default entry in certdb.txt:
“# Subject Name: CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, C=ZA”
Web server purchased:
“CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, C=ZA”
We checked with Thawte and they suspect that if we have purchased a SSL 123 cert in the first place, this problem would not have surfaced.
Do you think this will work instead?
Thank you
ReplyRick,
Is there intermediatery CA as well in certificate from Thwate.
Mail me certificate at atul [at] onlineappsdba.com and your jinitiator version or simply open CA and intermediatery CA (If any) and then compare if same value (text) exists in certdb.txt of jinitator
If exists then it should work , if not it will not work and you need to rebuild jinitiator.
ReplyHi Atul,
We tried rolling out with a SSL 123 cert and it works fine. Thanks for the assistance rendered!
ReplyHi,
I am configuring on TEST server and our server is oatest.abclife.com and its listening on port 10515.
I got the certificate from Verisign and did the steps.
1.Install certificate on windows side,also install certificate server.cer under
$COMMON_TOP/admin/certs/ssl.crt and also the key under ssl.key dir.
According to metalink docc.I changed xml file.
1. s_webentryhost is oatest
2. s_webentrydomainto abclife.com
3. s_active_webport to 10515
4. s_webentryurlprotocol to https
5. s_login_page to http://oatest.abcife.com:10515/oa_servlets/AppsLogin
I put correct entry in httpd.conf file
I tried every thing but my page is not coming up.Networking guy says the port behind firewall is open.
When I checked the connection 10515 is connected when I did with 443 is not connected.
Here is httpd.conf entry.
SSLCertificateFile
/testapp/applmgr/common/admin/certs/apache/ssl.crt/server.crt
SSLCertificateKeyFile
/testapp/applmgr/common/admin/certs/apache/ssl.key/server.key
SSLCertificateChainFile
/testapp/applmgr/common/admin/certs/apache/ssl.crt/ca.crt
Port 10515 I changed to 443 also but no success
Listen 10515
#
Listen 443
Where I am doing wrong so that my Https should work.like https://oatest.abc.com:443
Thanks
Anil
Anil,
Is this 11i or R12 ?
You mentioned
Listen 10515
#
Listen 443
Are there two listen ports (this is impossible unless you use virtual host)
1. Which is listen port ?
2. Update output of “netstat -an | grep ”
3. Which document you are using to configure SSL ?
4. Is there any error in error_log or ssl_engine_log
Hi Atul,
I am using 123718.1 Docc Step 3.1.1. Configuring SSL with Oracle HTTP Server using Configuration Wizards.Client is on 11.5.9.Easy step don’t know where I am going wrong.I changed all the variable in xml file according to docc.
My listen port is 10515 http://oatest.abclife.com:10515 works
Here is entry in my httpd.conf file.
Port 10515
Listen 10515
[appltest@oatest conf]$ netstat -an |grep 10515
tcp 0 0 0.0.0.0:10515 0.0.0.0:* LISTEN
Thanks
Anil
Hi Atul,
I want that my https://oatest.abclife.com:10515 should works.
Thanks
Anil
Hi,
I checked one thing accroding to docc.we have not applied patch Patch (TXK (FND) Patch O:5478710
I will apply and change the setting and post the result.
Thanks
Hi Atul,
I applied the patch but still not able to configure.I want https://oatest.abc.com:10515 should work without https it works fine.I am following 123718.1 docc .
***************************
set the %s_url_protocol variable to https
set the %s_local_url_protocol variable to https
set the %s_webentryurlprotocol variable to https
set the %s_frmConnectMode variable to https
set the %s_webssl_port variable to the Apache SSL port required
set the %s_active_webport variable to the same value as that for the %s_webssl_port variable
set the %s_webport variable to the same value as that for the %s_webssl_port variable
Note: prior to TXK (FND) AutoConfig Template Rollup Patch F (3104607 December 2003) this value was set to the non-ssl Apache Port.
set the %s_web_ssl_directory variable to point to the full directory path of the directory that is to contain the .crt and .key files that you are using for Apache eg /admin/certs/apache
set %s_apps_portal_url variable to https
run AutoConfig as described in MetaLink Note 165195.1
*************
where I am doing wrong if I changed to 443 then in httpd.conf I see listen and port both 443.
Please guide me.http://oatest.abc.com:10515 works fine.What should I change.
Thanks
Anil
Hi Atul,
If I changed s_frmConnectMode=https it does not work but if I let it be socket then it works.I put s_webssl_port=10515.
Now I can see the page when I type https://oatest.abclife.com:10515/ but after that when I click on oracle application manager it works but if I click on Ebusiness home page it takes me to http://oatest.abclife.com:10515/oa_servlets/AppsLogin and no page found I am seeing here no https.
Is it socket mode should be servlet don’t know Can you tell?
Thanks
Anil
@ Anil,
Let me understand your requirement correctly, you want to configure SSL in apps to listen on port 10515 and for this you are following note 123718.1
after configure SSL when you try to access website using https://server.domain:10515 you get page not found
If this is true then check
httpd.conf and look for entry like
Listen
Port
1. What is value of these two parameters ?
2. Any error in error_log, error_log_pls, ssl_error_log … under $IAS_ORACLE_HOME/ Apache/ Apache/ logs
3. Is machine listening on port 10515 when you start Apache
netstat -an | grep 10515
If not then check start up logs of Apache
ReplyAtul,
In scenario 1, where SSL terminates at the load balancer, since we are setting the s_login_page to https://load_balancer_name.lb_domain:443/oa_servlets/AppsLogin
can you use the same load balancer for multiple E-Business Suite environments? I’m thinking no. Please advise. Thanks.
@mtriola, You can use same load balancer but with different URL i.e. https://loadbalancer2.lb_doamin:443
Note – You don’t use actual load balancer name but entry in load balancer .
You define Names/URLs in Load Balancer like
lbrName1:443 pointing to server1:8000 & server2:8000
or
lbrName2:443 pointing to server1:8001 & server2:8001
Thanks Atul. I understand it now.
I have it setup so the load balancer forwards port 443 (oratstapp.monster.com:443) to 8080, which is my apache server (have 2 but only 1 running for testing). I can get to the initial page but when trying to login, I get a page cannot be displayed.
https://oratstapp.monster.com >>>works
when I try to Login it tries to connect to the below, without success. I turned on Apache debug but I’m not seeing anything in the logs. Any suggestions?
https://oratstapp.monster.com/OA_HTML/fndvald.jsp >>>>fails with page cannot be displayed
Reply@ Mtriola
Which document you are following to configure load balancer in front og apps ?
Atul,
I figured out my mistake. I had left the loadbalancer’s actual name in the s_webentryhost variable. I updated it to oratstapp and now its working. Thanks for setting me straight.
ReplyHi Atul ,
Access to forms from load balancer (through SSL ) is slow while directly accessing through server is fast . we are using Jinitiator and JPI both . we are facing this issue while using JPI but not with Jinitiator . Any idea why this is happening .
Reply@ rizwan ghadiyali,
This could be because of many reasons , to understand issue
1. Which load balancer you are using ?
2. Is SSL terminating at load balancer or you have SSL all the way till forms server .
3. Is forms server running in socket mode or servlet listener mode ?
ReplyAnswering your question
1) we are using webcache as software load balancer
2) SSL is terminating at load balancer
3) We are using Oracle Application Server 10.1.2.3 so i am not able to find adformsctl.sh utility .. So how do i check this ?
Reply[…] SSL with Custom Certificates and Certifying Authority. For SSL in Oracle E-Business Suite click here, SSL in Oracle Internet Directory (OID) click here , SSL in Oracle Virtual Directory (OVD) […]
ReplyHello Atul.
we are using 2DMZ nodes for isupplier module where SSL certification persist,Load Balance also configured, now we want to use SSL certificate on Load Balancer instead of DMZ nodes, do You have any idea of step by step approch for it
@Inder,
You ask your load balancer team to configure SSL certificate against EBS URL for DMZ (they should know on load balancer how to generate SSL certificate and attach to profile of an entry in LBR)