RE: Oracle and https

From: Taylor, Chris David <ChrisDavid.Taylor_at_ingrambarge.com>
Date: Mon, 6 Aug 2012 14:34:02 -0500
Message-ID: <C5533BD628A9524496D63801704AE56D75B2FD1FBD_at_SPOBMEXC14.adprod.directory>



Windows 2008 does have an additional "firewall" - I guess technically, it's a different firewall profiles - so it can make it through one and then fail on another.

http://www.windowsnetworking.com/articles_tutorials/configure-Windows-Server-2008-advanced-firewall-MMC-snap-in.html

Chris Taylor

"Quality is never an accident; it is always the result of intelligent effort."
-- John Ruskin (English Writer 1819-1900)

Any views and/or opinions expressed herein are my own and do not necessarily reflect the views of Ingram Industries, its affiliates, its subsidiaries or its employees.

-----Original Message-----

From: Uzzell, Stephan [mailto:SUzzell_at_MICROS.COM] Sent: Monday, August 06, 2012 2:18 PM
To: 'gerry_at_millerandbowman.com'; Niall Litchfield Cc: Taylor, Chris David; oracle-l_at_freelists.org Subject: RE: Oracle and https

You know, I'm having a very similar problem. My OMS host is 2008r2. From my 2003r2 servers (all of our DB servers, currently) I get Internet Explorer cannot display the webpage when I try to reach the OMS. From several 2008r2 servers I am able to reach the webpage (I get the same security certificate error). I also can't reach it from my windows 7 laptop.

I don't know at this point if this is an Oracle thing, a windows 2008 thing...

Stephan Uzzell

-----Original Message-----

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Gerry Miller Sent: Monday, 06 August, 2012 06:35
To: Niall Litchfield
Cc: Taylor, Chris David; oracle-l_at_freelists.org Subject: Re: Oracle and https

 Hi Niall
Thanks for that. I will inform the infrastructure team. They asked for thatinformation but I was forwarded an email from Microsoft support, who haveobviously traced the route, and the problem is with the proxy server.

Regards

Gerry

Niall Litchfield wrote: The information they are asking for can be obtained by connecting to the site and inspecting the properties of the page (both I.Eand Chrome do this). For what it's worth em12c uses 128bit SSL. The encryption methods are also available to them if they are that interested. I expect the cert error is just the usual untrusted warning you get for self-signed certs. Which certificate it is shouldn't have any bearing on what route the network chooses for packets between hosts though. You ought to be able to prove that using traceroute or similar.

On Mon, Aug 6, 2012 at 1:15 AM, Gerry Miller <gerry_at_millerandbowman.com[1]> wrote:
Hi Chris

The infrastructure team have found that they have the same problem from a local server. The sites that have no problem are running Windows 2008 R2 and get the message "There is a problem with this site's security certificate", which is easily bypassed. The site with the problem is on Windows Server 2003 R2 and get no such message, so the infrastructure team have asked me to confirm that "..the SSL configuration and CypherSuite configured for Weblogic will support the IE cipher strength of 128-bit". I have no idea what that means so will have to chase it up.

The server that I am trying to connect from is in the Middle East, while the OMS site is in Australia. I was informed last week that the connection was being blocked at another site they have in South America, which I would think would make the above issue of the certificate irrelevant. It does make the multiple NIC theory sound feasible to me.

Thanks and regards

Gerry

--

http://www.freelists.org/webpage/oracle-l Received on Mon Aug 06 2012 - 14:34:02 CDT

Original text of this message