Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 263C1D77F for ; Tue, 26 Feb 2013 15:20:26 +0000 (UTC) Received: (qmail 95639 invoked by uid 500); 26 Feb 2013 15:20:23 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 95577 invoked by uid 500); 26 Feb 2013 15:20:22 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 95552 invoked by uid 99); 26 Feb 2013 15:20:21 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 Feb 2013 15:20:21 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of bijayant.mws@gmail.com designates 209.85.223.173 as permitted sender) Received: from [209.85.223.173] (HELO mail-ie0-f173.google.com) (209.85.223.173) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 Feb 2013 15:20:15 +0000 Received: by mail-ie0-f173.google.com with SMTP id 9so4577039iec.4 for ; Tue, 26 Feb 2013 07:19:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=dtiAJZEbcWNpUdB2ub1g0k7HeRvmBsfwYVpFH2f06Rc=; b=d/upuQG+iGlShHZI7kqCKSgNx+P/jIZ4twvdU2BNGe7OeG8BfnBVTziQGYOIUgL0Bv rChlwmkWrA2SOdHG1fcE8djJA9kxR//VwtWYy+C5/e0XxV7JOEtCnc5hswOA8JMjTths ZGNaRk5Hred3NkRhSitxA8Gqp2EL25khtbBTpBQqbuNbvZDR5Jb27p48ZV0MrlzAqcX4 5ZpnHiAFiAWGgi1bMv09D1CeD1OOQnvYLK4lAa1AaLbbis0+FVuGu6yPP4unNOQX0hH0 fHQH0IL5O0MlbP5sxMdJ66sivezXFBPJKhwTDJlKXgRBh+0yQxxWJf0keJgHZR4frrcW bMew== MIME-Version: 1.0 X-Received: by 10.50.88.226 with SMTP id bj2mr5538330igb.105.1361891995023; Tue, 26 Feb 2013 07:19:55 -0800 (PST) Received: by 10.50.15.197 with HTTP; Tue, 26 Feb 2013 07:19:54 -0800 (PST) In-Reply-To: References: Date: Tue, 26 Feb 2013 20:49:54 +0530 Message-ID: From: Kumar Bijayant To: users@httpd.apache.org Content-Type: multipart/alternative; boundary=e89a8f3bb01f9601fa04d6a23068 X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Certificate mismatch error --e89a8f3bb01f9601fa04d6a23068 Content-Type: text/plain; charset=ISO-8859-1 Just got an update from client that after importing the intermediate cert also, the issue is not resolved !! *ORA-06512: at "SYS.UTL_HTTP", line 1029* *ORA-29024: Certificate validation failure (-29273)* * * *Thanks & Regards,* *BIjayant Kumar* On Tue, Feb 26, 2013 at 7:49 PM, Kumar Bijayant wrote: > The certificate is installed by third party (trust center). I think the > same and asked them to check and install if it is not there. Just waiting > for their reply now. > > Thanks for your help so far! > > Thanks & Regards, > Bijayant Kumar > > > On Tue, Feb 26, 2013 at 5:47 PM, Edward Quick wrote: > >> Is your certificate issued by an internal CA or someone like >> Verisign/Komodo etc? >> I wonder if the Oracle DB connecting has the CA root certificate >> installed in their truststore. If they do, check the certificate chain for >> your site to make sure the intermediate is correctly set up. >> >> ------------------------------ >> Date: Tue, 26 Feb 2013 14:29:29 +0530 >> >> From: bijayant.mws@gmail.com >> To: users@httpd.apache.org >> Subject: Re: [users@httpd] Certificate mismatch error >> >> Hi Edward, >> >> I just renewed the server certificate on the Apache webserver. Oracle DB >> is not in our scope, that was the message from client. >> >> Thanks, >> Bijayant Kumar >> >> >> On Mon, Feb 25, 2013 at 7:31 PM, Edward Quick wrote: >> >> Could you clarify, when you say : >> >> The Certificate was installed into a Wallet-Manager of the ORACLE-DB. >> I need this Certificate for a communication between ORACLE-DB to the >> Webserver. >> >> Does that mean you are doing client certificate verification? >> >> Or are you just renewing the server certificate on your web server? >> >> ------------------------------ >> Date: Mon, 25 Feb 2013 18:34:21 +0530 >> From: bijayant.mws@gmail.com >> To: users@httpd.apache.org >> Subject: Re: [users@httpd] Certificate mismatch error >> >> >> Hi Edward, >> >> Yes, the intermediate certs have been set up on the Apache server. >> >> By any chance you know what else information can I ask from client to pin >> point their/DB problem? >> >> Thanks & Regards, >> Bijayant Kumar >> >> >> On Sun, Feb 24, 2013 at 2:16 PM, Edward Quick wrote: >> >> Hi Bijayant, >> >> You don't need another certificate if xyz.com is a subject alternate >> name of the primary certificate abc.com, so your understanding there is >> correct. >> Is the intermediate certificate set up? >> >> Regards, >> Edward. >> >> ------------------------------ >> Date: Sun, 24 Feb 2013 12:49:45 +0530 >> From: bijayant.mws@gmail.com >> To: users@httpd.apache.org >> Subject: [users@httpd] Certificate mismatch error >> >> >> Hello List, >> >> I have an issue to connect SSL enabled site to Oracle database server. >> Let me explain you with an example here. >> >> My website name is abc.com and it has another name as well say xyz.comand that is listed in additional DNS name field of certificates. Primary >> name is abc.com only. >> >> Now client is saying >> >> The Certificate was installed into a Wallet-Manager of the ORACLE-DB. >> I need this Certificate for a communication between ORACLE-DB to the >> Webserver. When the ORACLE DB communicate with the the Webserve, the >> following error massage was created: >> *ORA-06512: at "SYS.UTL_HTTP", line 1029* >> *ORA-29024: Certificate validation failure (-29273)* >> Now they are asking me to create a new certificate with the name xyz.comonly. But as far as my knowledge goes, this should not create any issue as >> I have used both the name in my certificate and also I am not getting any >> error while browsing the website with either name. >> Please correct me if I am wrong or any other pointer that will be helpful. >> >> >> >> Thanks & Regards, >> Bijayant Kumar >> >> >> >> >> >> >> > --e89a8f3bb01f9601fa04d6a23068 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Just got an update from client that after importing the in= termediate cert also, the issue is not resolved !!=A0

ORA-06512: at "SYS.UTL_HTTP", line 1029
ORA-29024: Certificate validation failure (-29273)

Thanks & Regards,
= BIjayant Kumar


O= n Tue, Feb 26, 2013 at 7:49 PM, Kumar Bijayant <bijayant.mws@gmail.co= m> wrote:
The certificate is installe= d by third party (trust center). I think the same and asked them to check a= nd install if it is not there. Just waiting for their reply now.

Thanks for your help so far!

Thanks & Regards,
Bijayant Kumar


On Tue, Feb 26, 2013 at 5:47 PM, Edward= Quick <edwardquick@hotmail.com> wrote:
Is your certificate issued by an internal CA or someo= ne like Verisign/Komodo etc?
I wonder if the Oracle DB connecting has t= he CA root certificate installed in their truststore. If they do, check the= certificate chain for your site to make sure the intermediate is correctly= set up.

Date: Tue, 26 Feb 2013 14:29:29 +0530

= From: bijayant.= mws@gmail.com
To: users@httpd.apache.org
Subject: Re: [users@httpd] Certificate mismatch error

Hi Edward,

I just renewed the server certificate on t= he Apache webserver. Oracle DB is not in our scope, that was the message fr= om client.

Thanks,
Bijayant Kumar


On Mon, Feb 25, 2013 at 7:= 31 PM, Edward Quick <edwardquick@hotmail.com> wrote:
Could you clarify, when you say :

The Certificate was in= stalled into a Wallet-Manager of the ORACLE-DB.
I need this Certificate for a com= munication between ORACLE-DB to the Webserver.=A0

Does that mean you are doing client certificate verification?=A0
Or are you just renewing the server certificate on your web = server?

Date: Mon, 25 Feb 2013 18:34= :21 +0530
From: bijayant.mws@gmail.com
To: users@httpd= .apache.org
Subject: Re: [users@httpd] Certificate mismatch error


Hi Edward,

Yes, the inte= rmediate certs have been set up on the Apache server.

By any chance you know what else information can I ask = from client to pin point their/DB problem?

Thanks & Regards,
Bijayant Kumar


On Sun, Feb 24, 2013 at 2:16 PM, Edward Quick <= edwardquick@hotmail.com> wrote:
Hi=A0Bijayant,

You don't need = another certificate if xyz.com= is a subject alternate name of the primary certificate abc.com, so your understanding there is c= orrect.
Is the intermediate certificate set up?=A0

Re= gards,
Edward.

Date: Sun, 24 Feb 2013 = 12:49:45 +0530
From: bijayant.mws@gmail.com
To: users@httpd= .apache.org
Subject: [users@httpd] Certificate mismatch error


Hello List,

I have an issue = to connect SSL enabled site to Oracle database server. Let me explain you w= ith an example here.=A0

My website name is abc.com and it has another name as well say xyz.com and that is listed in additional DNS= name field of certificates. Primary name is abc.com only.

Now client is saying=A0

= The Certificate was installed into a Wallet-Manager of the ORACLE-DB.
I need this Certificate for a communication between ORACLE-DB to the Webserver. When the ORACLE DB communicate with the the Webserve, the following error massage was created:=
ORA-06512: at "SYS.UTL_HTTP", line 1029
ORA-29024: Certificate validation failure (-29273)
Now they = are asking me to create a new certificate with the name xyz.com only. But as far as my knowledge goes= , this should not create any issue as I have used both the name in my certi= ficate and also I am not getting any error while browsing the website with = either name.
Please correct me if I am wrong or any other pointe= r that will be helpful.


Thanks & Regards,
Bijayant Kumar







--e89a8f3bb01f9601fa04d6a23068--