Oracle® Collaboration Suite Security Guide 10g Release 1 (10.1.2) Part Number B25494-10 |
|
|
View PDF |
This appendix provides solutions to some problems and errors that you may encounter with your Secure Sockets Layer (SSL) configuration on Oracle Collaboration Suite. This appendix contains the following sections:
This section lists the common errors that you might encounter when accessing OracleAS Portal using the SSL port.
Problem1
WWC-41439 error when trying to access Portal using the 443 SSL port with URL: https://
appstierhostname
/pls/portal.
This is a known issue with the ptlasst.<sh|bat>
script inserting SSL port 443 into ENABLER
tables.
Solution1
Update the tables manually.
For example, log on to SQL*Plus to the portal
schema:
SQL> SELECT LSNR_TOKEN,site_id FROM wwsec_enabler_config_info$; LSNR_TOKEN SIT E_ID xyz.us.oracle.com:7777 1324 xyz.us.oracle.com:443 1329 SQL> UPDATE wwsec_enabler_config_info$ SET LSNR_TOKEN = 'appstierhost.domain.com' WHERE site_id = 1329; SQL> commit;
You should now be able to log on to the Applications tier by using the following URL:
https://
appstierhostname
Problem 2
The OracleAS portlet could not be contacted. SSL Handshake Failed NZERROR=28858
.
Note: You may encounter this error while attempting to access
|
Solution 2
Check $ORACLE_HOME/Webcache/logs/event_log
(for Microsoft Windows: %ORACLE_HOME%\Webcache\logs\event_log
) on the Applications tier. Then, check the accuracy of the entry that you created in the web.xml
file.
Problem 3
The OracleAS portlet could not be contacted. SSL Handshake Failed NZERROR=28874.
Note: You may still receiveNZERROR=28874 while attempting to access
|
Solution 3
Check $ORACLE_HOME/Webcache/logs/event_log
(for Microsoft Windows: %ORACLE_HOME%\Webcache\logs\event_log
) on the Applications tier. This is a known issue with the http_client.jar
file.
You can fix this by downloading and applying the patch specified in Metalink Note: 225502.1.
Problem 4
The address from which this authentication request was made does not match your IP address. Notify your administrator if you believe this message to be in error. (WWC-41452)
Note: You might encounter this error when attempting to log in to OracleAS Portal only. |
Solution 4
You can disable the IP Check feature by running the following SQL commands:
sqlplus portal schema/portal password
SQL>SELECT url_cookie_ip_check FROM wwsec_enabler_config_info$;
See if url_cookie_ip_check
is set to N. Else, run the following commands:
SQL>UPDATE wwsec_enabler_config_info$ SET url_cookie_ip_check='N'; SQL>commit; SQL>exit
Problem 5
The style sheet was the only component on the OracleAS Portal page that could not be secured.
Solution 5
This style sheet issue is corrected by the 9.0.4.2.0 patch set.
Problem 6
Incorrect rendering while connecting to http://
appstierhostname.domain
.com:443
The header link in the e-mail portlet will open the following URL:
http://hostname.domain
.com:443
The URL does not render properly. The first time you access the URL, it may display properly, but subsequent accesses will not display properly.
Solution 6
Modify the $ORACLE_HOME/j2ee/OC4J_UM/config/oc4j.properties
file on the Applications tier. Set oracle.mail.client.portlet.HTTPStowebmail=TRUE
. Then, stop and restart the Applications tier by running the following commands:
opmnctl stopall opmnctl startall
This section lists the common errors that you might encounter when accessing Oracle Mail using the SSL port.
Problem 7
In Traffic_cop,
if you log in as orcladmin
or as an administrative user, then you can create new users in Oracle Mail. If the user is not already created in Oracle Internet Directory, then the Oracle WebMail client will prompt you to create the user first and will provide you a link to Oracle Internet Directory Delegated Administration Services. This link is incorrect.
Solution 7
Ensure that the URL for Delegated Administration Services is configured correctly. Clear the OracleAS Portal cache and Oracle Internet Directory cache, as follows:.
To clear the OracleAS Portal cache:
Shut down the Applications tier, as follows:
opmnctl stopall
Delete the plsql
and session
directories in $ORACLE_HOME/Apache/modplsql/
cache on the Applications tier.
Restart the Applications tier, as follows:
opmnctl startall
To clear the Oracle Internet Directory cache:
Log in to OracleAS Portal as a portal user.
Click Builder, Admin, Global Settings, and then the SSO/OID tab.
Select Refresh Cache for Oracle Internet Directory parameters.
Click Apply.
Problem 8
Browse buttons have OracleAS Single Sign-On warnings.
Solution 8
Refer to Solution 7.
This section lists the common errors that you might encounter when accessing Oracle Real-Time Collaboration using the SSL port.
Problem 9
The Oracle Real-Time Collaboration portlet does not work properly.
When you attempt to access a conference from the main portal site, you are directed to an HTTP error page that displays the message, "Page cannot be found".
Solution 9
This can be fixed by editing the $ORACLE_HOME
/j2ee/OC4J_UM/config/oc4j.properties
file on the Applications tier. Change the oracle.mail.Portlet.httpsToWebmail
parameter to TRUE
to correct the problem. You may need to restart OC4J_IMEETING
.
This section lists the common errors that you might encounter when accessing Oracle Calendar using the SSL port.
Problem 10
Referencing the old OracleAS Single Sign-On site ID.
Solution 10
The Calendar issue may be corrected by changing the httpd.conf
file on the Applications tier. Comment out the include
line, as shown:
# General setup for the virtual host
# include "appstier_install_path/.../Apache/Apache/conf/modosso_https.conf"