Skip to Main Content
Forums

Integration

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Problems configuring SSL

qrdlOct 8 2009 — edited Dec 9 2009
I'm trying to configure SSL encryption in Tuxedo 10.3 on Linux with no success.

I've configured OpenLDAP server, generated CA and certificate for my application using OpenSSL, published CA and application certificates in LDAP with objectClasses, as specified by Tuxedo documentation.

I've added to UBBCONFIG following lines:
SEC_PRINCIPAL_NAME "MyApp"
SEC_PRINCIPAL_LOCATION "myapp.key"
SEC_PRINCIPAL_PASSVAR "KEYPWD"
and I've added WSL options -z, -Z and -S, as specified in documentation.

When workstation client tries to connect to server, it gets TPESYSTEM. In ULOG there are some WSH messages:
LIBPLUGIN_CAT:1007: ERROR: LDAP failed to find cert, for name = MyApp
LIBTUX_CAT:6665: ERROR: Could not open private key, err = -3001

LDAP server is accessible from Tuxedo server - when I run ldapsearch -x -H ldap://<my_host>:389 "(&(objectClass=strongAuthenticationUser)(cn=MyApp))" I got the result I need, so default search filter should be able to find the certificate. During the installation I've specified LDAP server correctly - to make sure I've checked System.rdp file and found there LDAP server URI and correct LDAP search base.
In OpenLDAP log I see correctly-formed request from WSH and I see that entry was found, but somehow WSH didn't get response back or didn't understand the response.
Principal name in UBBCONFIG matches Common name in certificate.

I didn't thought too much on the second problem (with private key) as I was fighting the first one, but it also puzzles me because file is there (in both $HOME and $TUXDIR/udataobj/security/keys directories) and is accessible for the user that runs Tuxedo application. I've seen two error codes so far: -3001 and -3011.

I'll appreciate any advices as I ran out of ideas.

EDIT
I found this [post in archive|http://forums.oracle.com/forums/thread.jspa?messageID=3081762] that looks similar to my problem, but there are no replies. Does really Tuxedo expect certificates in PEM format, rather than in DER (binary)? In this case it is not likely that OpenLDAP can be used with Tuxedo. Can you suggest some LDAP servers (preferably free ones) that are compatible with Tuxedo?

Edited by: qrdl on Oct 11, 2009 8:10 PM
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jan 6 2010
Added on Oct 8 2009
#ldap, #ssl, #transaction-processing, #tuxedo
10 comments
3,226 views