Re: SSL ORACLE CERTIFICATE

trevor_obba_at_yahoo.co.uk schreef:

> I am trying to upgrade my ssl certificate from my self signed
> certificate to a verisign certification my oracle 10g server isqlplus.
> The self sign certificate works fine but the verisign will not start an
> isqlplus secure session.
>
>
> The verisign certificate was import to keystore using the command
>
> $JAVA_HOME/bin/keytool -import -trustcacerts -file mycert.cer
>
> http://www.stanford.edu/dept/itss/docs/oracle/10g/server.101/b12170/ch3.htm#sthref482
>
> unfortunately, it will not start an isqlplus ssl session on
> http://localhost:4443 a self signed certificate work but a verisig
> certificate does not work. I get the following error when verisign
> certificate is installed
>
> 06/09/25 19:19:04 isqlplus: 9.0.4.0.0 Stopped
> 06/09/25 19:19:04 Stopped (JVM termination)
> 06/09/25 19:25:01 Started
> 06/09/25 19:25:02 isqlplus: jsp: init
> 06/09/25 19:25:02 isqlplus: config: init
> 06/09/25 19:25:02 isqlplus: uix: init
> 06/09/25 19:25:02 isqlplus: /WEB-INF/uix-config.xml: Parsing error,
> line 8, colu
> mn 16: <base-path> is not an understood element.
> This sometimes means the element's namespace
> (http://xmlns.oracle.com/uix/config
> ) is set incorrectly. This may also be an issue with the syntax of its
> parent e
> lement.
>
>
> What am I doing rough? Can you help please?
> How do I install verisign certificate of my oracle isqlplus?

Your error stack does not show it, but I would suspect you will have some "X509 Incomplete" error in the webserver logs. If you have, it is because verisign certificates are incomplete - they'll never ship you the root CA as well. For browsers, this is not a problem, as most browsers will have the root CA installed. Your server has not.

Export the root CA from your browser, and install it in your server. How to do this is depending on your server setup, but is undoubtly documented.

I have been discussing this previously, so searching the archives may help Received on Tue Sep 26 2006 - 02:14:16 CDT