Weblogic.security.SSL.ignoreHostnameVerification

Similar Messages

• Bug in weblogic 8.1 SP6 at weblogic.security.SSL.SSLCertificate.verify()

  Hi, I got an java.lang.NullPointerException
  at weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:235)
  at weblogic.security.SSL.SSLCertificate.input(SSLCertificate.java:116)
  at weblogic.security.SSL.Handshake.input(Handshake.java:121)
  at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1117)
  at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:432)
  at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:276)
  at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:222)
  at weblogic.security.SSL.SSLSocketFactory.createSocket(SSLSocketFactory.java:213)
  at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:238)
  at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:389)
  at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:209)
  at weblogic.net.http.HttpClient.New(HttpClient.java:228)
  at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:246)
  at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:217)
  at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:189)
  when a small piece of code running in weblogic 8.1 SP6 and trying to make url connection to a https server.
  I have verified that the runtime environment has the cacerts file including the CA ( issuer for the server certificate for the server the code was trying to connect to ).
  I wonder that anybody has the same problem. Or you can give a hint how to fix it.
  Thank you.

  Sorry, i saw the forum about your problem in BEA 8.1 SP 6 about a
  weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:235)
  error and you said that bea sent a path named CR295205_810sp6.jar.
  I have the same problem
  Do you have this patch?
  Could you send it to me?
  my email address is
  [email protected]

• How to execute WebLogic security related commnads?

  Hello All
  I am just learning Oracle WebLogic and humbly request you for all your help. I installed Oracle WebLogic Server 11g Release 1 (10.3.3) on my Windows XP desktop. I could able create and cluster manage servers, configure WebLogic plug-in to Sun Java Web Server (I installed that on my Windows XP desktop) etc. Now I am reading the documentation about security and wants to run some of the commands as shown below
  1) weblogic.security.SSL.protocolVersion (Command-line argument lets you specify which protocol is used for SSL connections)
  2) Dweblogic.security.SSL.enableJSSE=true|false (System property to enable and disable JSSE SSL)
  I am not sure how to execute this commands. As I cannot execute these commands from the AdminServer console, the only way left is C:\ prompt on my desktop. So I figured out the security directory under C:\Oracle\Middleware\user_projects\domains\Domain1\security on my desktop and tried to execute the commands unsuccessfully from C:\
  C:\Oracle\Middleware\user_projects\domains\Domain1\security>weblogic.security.SSL.protocolVersion
  'weblogic.security.SSL.protocolVersion' is not recognized as an internal or exte
  rnal command,
  operable program or batch file.
  Where I can execute these commands and your help is very much appreciatecd?
  Thanks

  Hi,
  "weblogic.security.SSL.protocolVersion" is only a System property Not a Executable command. This flag is just to tell the JVM to use which version of SSL implementation. This is a System Property which is needs to be enabled in the JAVA_OPTION part of your JVM/Server startScript.
  Like if you are starting WebLogic server then U must apply this System property in the server start Scipt JAVA_OPTION variable:
  Edit Apply the "startWebLogic.sh" and then add the following like below:
  <font color=maroon> *export JAVA_OPTION="${JAVA_OPTIONS} -Xmx1024m -Xms1024m -Dweblogic.security.SSL.protocolVersion=SSL3"* </font>
  Below are the meaning of this flag values.
  -Dweblogic.security.SSL.protocolVersion=SSL3—Only SSL V3.0 messages are sent and accepted.
  -Dweblogic.security.SSL.protocolVersion=TLS1—Only TLS V1.0 messages are sent and accepted.
  -Dweblogic.security.SSL.protocolVersion=ALL—This is the default behavior.
  Or Suppose if you want to run some standalone Java Program which Uses SSL and if you want to tell the JVM to use SSL3 implementation then you can do something like this:
  *java <font color=red>-Dweblogic.security.SSL.protocolVersion=SSL3</font> HelloWorld*
  Thanks
  Jay SenSharma
  *http://middlewaremagic.com/weblogic (Middleware Magic Is Here)*

• Weblogic.security.CipherException: Incorrect block length 256 (modulus

  Hi,
  I have a stand alone java client which runs in the weblogic 8.1 server and when I tried to connect to the external site using the weblogic's HttpsURLConnection ,its throws the below exception.
  weblogic.security.CipherException: Incorrect block length 256 (modulus length 128)
  <Info> <Security> <BEA-090511> <The following exception has occurred:
  weblogic.security.CipherException: Incorrect encrypted block
       at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:205)
       at weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
       at weblogic.security.X509.verifySignature(X509.java:246)
       at weblogic.security.X509.verify(X509.java:176)
       at weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:133)
       at weblogic.security.SSL.SSLCertificate.input(SSLCertificate.java:116)
       at weblogic.security.SSL.Handshake.input(Handshake.java:121)
       at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1117)
       at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:432)
       at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:276)
       at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:222)
       at weblogic.security.SSL.SSLSocketFactory.createSocket(SSLSocketFactory.java:213)
       at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:238)
       at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:389)
       at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:209)
       at weblogic.net.http.HttpClient.New(HttpClient.java:228)
       at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:246)
       at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:217)
       at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:319)
       at HttpsConnect.main(HttpsConnect.java:13)
  <Info> <SSL> <000000> <weblogic.security.AuthenticationException: Incorrect encrypted block possibly incorrect SSLServerCertificateChainFileName set for this server certificate>
  java.io.IOException: weblogic.security.AuthenticationException: Incorrect encrypted block possibly incorrect SSLServerCertificateChainFileName set for this server certificate
  at weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:172)
  at weblogic.security.SSL.SSLCertificate.input(SSLCertificate.java:116)
  at weblogic.security.SSL.Handshake.input(Handshake.java:121)
  at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1117)
  at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:432)
  at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:276)
  at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:222)
  at weblogic.security.SSL.SSLSocketFactory.createSocket(SSLSocketFactory.java:213)
  at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:238)
  at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:389)
  at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:209)
  at weblogic.net.http.HttpClient.New(HttpClient.java:228)
  at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:246)
  at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:359)
  at HttpsConnect.main(HttpsConnect.java:13)
  I verified the certifiate chain by using the weblogic's ValidateCertChain utility, and the output seems to be confusing for the intermediate site and the entity site.
  java utils.ValidateCertChain -pem inter.cerCert[0]: CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/r
  pa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
  Certificate chain is incomplete, can't confirm the entire chain is valid
  Certificate chain appears valid
  Any pointers will be appreciated.

  This might be because Verisign has included anadditional intermediate certificate in its chain
  You can find it here
  https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657&actp=search&viewlocale=en_US
  Contact Verisign Support, u can chat with them even...
  Let me know if you have any doubt.
  Cheers!
  Faisal
  http://www.weblogic-wonders.com

• Weblogic.security.CipherException: Invalid padding length

  I am having some difficulties configuring SSL for WebLogic 6.0.2J (Japanese).
  Here is the history of my problem:
  1. A CSR was generated, but on a completely different platform (Windows) and
  for a slightly older version of WebLogic (6.0.1J)
  2. I was then brought in to install and configure WebLogic 6.0.2J on UNIX.
  3. I was then given the encrypted private key (security_net-chef_net-key.der),
  the CSR files, and the server cert from VeriSign Japan (cert.pem). I went to VeriSign
  Japan to get an intermediate CA cert (Server Chain Cert), which I saved as ca.pem.
  4. In the Admin Console, I configured the server in my target domain with: Server
  Certificate File Name = cert.pem, Trusted CA File Name = ca.pem, and Trusted CA
  File Name = security_net-chef_net-key.der.
  5. When I attempt to start my target server, I am seeing the following alert:
  ===========================================================
  <2001/08/07 13:22:25:JST> <Alert> <WebLogicServer> <&#35469;&#35388;&#12501;&#12449;&#12452;&#12523;
  config/net-chef
  /security_net-chef_net-key.der &#12395;&#12475;&#12461;&#12517;&#12522;&#12486;&#12451;
  &#12467;&#12531;&#12501;&#12451;&#12464;&#12524;&#12540;&#12471;&#12519;&#12531;&#19978;&#12398;&#21839;&#38988;&#12364;&#12354;&#12426;
  &#12414;&#12377;&#12290;java.io.IOException: weblogic.security.CipherException:
  Invalid padding le
  ngth 72>
  java.io.IOException: weblogic.security.CipherException: Invalid padding length
  7
  2
  at weblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:15
  7)
  at weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:1
  25)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:387)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  ===========================================================
  Please note that as I am doing this on a Japanese OS, some of the above messages
  may be rendered illegible.
  If anyone out there has a clue to why I am seeing the above error, I would greatly
  appreciate your help.
  Thanks and aloha in advance,
  Brooke

  See Posting 5457.

• Weblogic.security.KeyManagementException: java.io.EOFException

  I am getting the following error when I am use the certificate
  obtained from baltimore instead of the default provided by weblogic. I
  used der2pem also to convert ".der" key file to ".pem" format - it
  didn't work
  I am running one-way SSL.
  the configuration I have specified is:
  Server Key File Name:                config/mydomain/privatekey.pem
  Server Certificate File Name:          config/mydomain/DownloadCert.pem
  Server Certificate Chain File
  Name:     config/mydomain/DownloadCert_root.pem
  <05-Mar-02 17:22:01 GMT> <Info> <Logging> <Only log messages of
  severity "Error"
  or worse will be displayed in this window. This can be changed at
  Admin Console
  mydomain> Servers> myserver> Logging> General> Stdout severity threshold>java.io.EOFException
  at weblogic.security.Utils.inputByteArray(Utils.java:143)
  at weblogic.security.ASN1.ASN1Utils.inputASN1Integer(ASN1Utils.java:120)
  at weblogic.security.X509.input(X509.java:120)
  at weblogic.security.X509.initialize(X509.java:81)
  at weblogic.security.Certificate.<init>(Certificate.java:59)
  at weblogic.security.X509.<init>(X509.java:56)
  at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.ja
  va:232)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  <05-Mar-02 17:22:09 GMT> <Alert> <WebLogicServer> <Inconsistent
  security configu
  ration, weblogic.security.KeyManagementException:
  java.io.EOFException>
  weblogic.security.KeyManagementException: java.io.EOFException
  at weblogic.security.X509.initialize(X509.java:86)
  at weblogic.security.Certificate.<init>(Certificate.java:59)
  at weblogic.security.X509.<init>(X509.java:56)
  at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.ja
  va:232)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  <05-Mar-02 17:22:31 GMT> <Notice> <WebLogicServer> <WebLogic Server
  started>
  <05-Mar-02 17:22:31 GMT> <Notice> <WebLogicServer> <ListenThread
  listening on po
  rt 7001>
  Any help will be appriciated.
  regards
  sachin

  I am getting the following error when I am use the certificate
  obtained from baltimore instead of the default provided by weblogic. I
  used der2pem also to convert ".der" key file to ".pem" format - it
  didn't work
  I am running one-way SSL.
  the configuration I have specified is:
  Server Key File Name:                config/mydomain/privatekey.pem
  Server Certificate File Name:          config/mydomain/DownloadCert.pem
  Server Certificate Chain File
  Name:     config/mydomain/DownloadCert_root.pem
  <05-Mar-02 17:22:01 GMT> <Info> <Logging> <Only log messages of
  severity "Error"
  or worse will be displayed in this window. This can be changed at
  Admin Console
  mydomain> Servers> myserver> Logging> General> Stdout severity threshold>java.io.EOFException
  at weblogic.security.Utils.inputByteArray(Utils.java:143)
  at weblogic.security.ASN1.ASN1Utils.inputASN1Integer(ASN1Utils.java:120)
  at weblogic.security.X509.input(X509.java:120)
  at weblogic.security.X509.initialize(X509.java:81)
  at weblogic.security.Certificate.<init>(Certificate.java:59)
  at weblogic.security.X509.<init>(X509.java:56)
  at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.ja
  va:232)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  <05-Mar-02 17:22:09 GMT> <Alert> <WebLogicServer> <Inconsistent
  security configu
  ration, weblogic.security.KeyManagementException:
  java.io.EOFException>
  weblogic.security.KeyManagementException: java.io.EOFException
  at weblogic.security.X509.initialize(X509.java:86)
  at weblogic.security.Certificate.<init>(Certificate.java:59)
  at weblogic.security.X509.<init>(X509.java:56)
  at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.ja
  va:232)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  <05-Mar-02 17:22:31 GMT> <Notice> <WebLogicServer> <WebLogic Server
  started>
  <05-Mar-02 17:22:31 GMT> <Notice> <WebLogicServer> <ListenThread
  listening on po
  rt 7001>
  Any help will be appriciated.
  regards
  sachin

• Weblogic.security.X509 alternative in WLS 9.1

  Hi All
  We have setup IIS 5.0 with 2 way SSL for client connection. We have also configured IIS weblogic proxy for Weblogic 9.1 using iisproxy.dll. The connection between IIS and WebLogic 9.1 is HTTP based. We are trying to get the client certificate in Weblogic 9.1 using the following code
  java.security.cert.X509Certificate certs [];
  certs = (java.security.cert.X509Certificate [])
  request.getAttribute("javax.servlet.request.X509Certificate");
  However the returned certificates are NULL.
  We have also enabled Client Cert Proxy and Weblogic Plug-in in Weblogic 9.1 configuration.
  We are trying to migrate from weblogic 8 to 9.1 and our previous code was as follows
  weblogic.security.X509 [] certs = (weblogic.security.X509[])req.getAttribute("javax.net.ssl.peer_certificates");
  This code work fine with the same IIS setup. Since weblogic.security.X509 is removed in WLS 9.1 we are forced to change our code.
  Please help!
  Message was edited by:
  rmkandan

  hi
  Currently I am using
  req.getHeader("WL-Proxy-Client-Cert")
  to get the client certificate and then i do the following to get the X509 cert format
       if (pemCert != null && pemCert.length() > 0 ){
            pemCertBuff.append("-----BEGIN CERTIFICATE-----");
            pemCertBuff.append(pemCert);
            pemCertBuff.append("-----END CERTIFICATE-----");
       System.out.println("CertificateUtil:getFingerPrint: pemCertBuff --"+pemCertBuff.toString());
       X509Certificate certs = null;
       try {
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            ByteArrayInputStream bis = new ByteArrayInputStream(pemCertBuff.toString().getBytes());
            weblogic.security.PEMInputStream pemIs = new weblogic.security.PEMInputStream(bis);
            BufferedInputStream bufis = new BufferedInputStream(pemIs);
            certs = (X509Certificate)cf.generateCertificate(bufis);
       } catch (CertificateException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
       } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
  And I am able to get the certificate, but I need to know is there any other elegant way to get the certificate as we did using weblogic.security.X509 class?
  Please help!!
  Message was edited by:
  rmkandan

• [Weblogic Security In Action]

  摘要
  本文将探讨Weblogic Platform中的安全框架以及在该框架下如何实现企业安全(Weblogic Enterprise Security，简称WLES)。
  本文分为上中下三篇。
  上篇主要阐述WLES的概念，将按照如下的思路，让读者对Weblogic安全框架有一个明晰的理解，并在此基础上明白Weblogic基本安全要素如User，Group，Role，Resource。并探讨在WLES下实现认证和授权的方法。
  中篇主要阐述WLES的配置，重点讲述如何在WLS中配置SSL和证书，如何配置LDAP和数据库，如何实现Windows集成安全，如何在开源技术如CAS，SAML，SPNEGO等基础上实现单点登陆(Single Sign on，即SSO)。
  下篇主要解释Weblogic Mbean机制，讲述如何实现自己的Custom Security Provider，并解释如何使用Weblogic Security Provider构造一个强大稳健的安全体系。
  [上篇]
  1， Weblogic Platform安全框架概述
  2， Security Realm下的用户、组、角色、资源和安全策略
  3， 认证与授权
  [中篇]
  4， 配置SSL与数字证书
  5， Windows集成安全
  6， 单点登陆(SSO)
  [下篇]
  7， 实现自己的Security Provider
  8， 在Security Provider上构造灵活的安全体系
  目前只写好
  Weblogic Security In Action 上篇
  http://www.matrix.org.cn/blog/cas/archives/WeblogicSecurityInAction(1).swf
  原来写文章是这么累的。
  中篇，下篇正在撰写中，请密切关注。
  希望各位指出文章的纰漏，然后发邮件给我，因为我实在没时间很仔细去审阅。

  为了方便Weblogic用户管理JKS证书，我发布了一个Eclipse插件，代号SecureX，该插件将集成Keytool, Axis数字签名，加密，和SSO/SSL向导，目前版本为1.0.0，改自于KeytoolGUI1.6版本。
  作了不少的增强，原来的版本已经停止开发并被作者商业化，开源版本以后将由我提供：）
  SecureX 的URL: http://www.blogjava.net/openssl/archive/2006/03/17/35781.html
  关于SecureX，请参看http://www.blogjava.net/openssl/archive/2006/02/08/29886.aspx
  该Project遵循GPL，参见https://sourceforge.net/projects/securex/
  源代码将在2.0发布到SF。
  代替Keytool的图形化界面，增加了数字签名功能，原来的版本来自于Keytool Gui 1.6（基于SWing）,我重写了SWT界面，集成到SecureX并以SecureX为基础，不断扩展Java Security功能，包括加密，签名，SSO向导，SSL向导之类的功能。
  下载：
  http://www.blogjava.net/Files/openssl/plugins.part1.rar
  http://www.blogjava.net/Files/openssl/plugins.part2.rar
  http://www.blogjava.net/Files/openssl/plugins.part3.rar
  http://www.blogjava.net/Files/openssl/plugins.part4.rar
  http://www.blogjava.net/Files/openssl/plugins.part5.rar
  http://www.blogjava.net/Files/openssl/plugins.part6.rar
  http://www.blogjava.net/Files/openssl/plugins.part7.rar
  下载完毕后，解压到plugins目录，然后找到
  其子目录SecureX_1.0.0
  然后，将其整个Copy到Eclipse目录下的Plugin目录下，重启Eclipse，
  然后点击菜单项Securex下KeyTool，就可以运行。
  如对SecureX有兴趣，请加入SecuritySite群（14966586）或者email给我：openssl(at)163.com

• Weblogic.security.X509 API

  Hello All,
  Is the API documentation for the weblogic.security.X509 class, or for
  that matter the entire package, documented somewhere?
  Thanks,
  Dan
  [dan.vcf]

  Hello All,
  I would like a client java program to communicate with a WLS over a t3s
  connection with two-way SSL.
  We have generated certificates for browsers that work fine for the two-way SSL.
  I have access to the base 64 encoded certificate that the java client program
  can use. I am assuming I need a private key also for use in the
  setSSLClientCertificate(InputStream[] chain) method for decryption of data
  coming to to the client. For a WLS server, this is no problem.
  Question(s): Am I correct in this private key assumption? If I do need the
  private key, how could I get it.
  Thanks
  [dan.vcf]

• Weblogic.security.internal.encryption.EncryptionServiceException: Error decrypting Secret Key

  Hi all,
  I have one admin server 8 managed servers in cluster environment. I am using node
  manager to start managed servers. I used the demo certificate and private key
  file provided by BEA before getting my real certificate, but when I got the real
  certificate the node manager can't no more. The error I am getting is this :
  <Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <NodeManager: for information
  on command line options, try "java weblogic.nodemanager.NodeManager help">
  <Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <Starting NodeManager >
  Exception in thread "main" weblogic.security.internal.encryption.EncryptionServiceException:
  Error decrypting Secret Key
       at weblogic.security.internal.encryption.JSafeSecretKeyEncryptor.decryptSecretKey(JSafeSecretKeyEncryptor.java:119)
       at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:205)
       at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
       at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
       at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
       at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
  --------------- nested within: ------------------
  weblogic.security.internal.encryption.EncryptionServiceException - with nested
  exception:
  [weblogic.security.internal.encryption.EncryptionServiceException: Error decrypting
  Secret Key]
       at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:226)
       at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
       at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
       at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
       at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
  here is the setting of node manager
  # Set user-defined variables.
  BEA_HOME="/opt/app/weblogic"
  WL_HOME=${BEA_HOME}/weblogic700
  NODEMGR_HOME=${BEA_HOME}/common/nodemanager/config
  JAVA_HOME=${BEA_HOME}/software/j2sdk1_3_1_06
  #Set NODEMANAGER variables
  NODEMANAGER_CERTIFICATEFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-cert.pem
  NODEMANAGER_KEYFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-key.der
  NODEMANAGER_KEYPASSWORD="wR2DfgiHjF0m4"
  NODEMANAGER_LISTENADDRESS="uxmwpr01"
  NODEMANAGER_LISTENPORT="5501"
  NODEMANAGER_REVERSEDNS="true"
  NODEMANAGER_SSLVERIFICATION="true"
  NODEMANAGER_STARTTEMPLATE=${NODEMGR_HOME}/startManagedWeblogic
  NODEMANAGER_SSLTRUSTED=${WL_HOME}/server/lib/cacerts
  NODEMANAGER_JAVASECURITY=${WL_HOME}/server/lib/weblogic.policy
  NODEMANAGER_TRUSTEDHOSTS=${NODEMGR_HOME}/nodemanager.hosts
  NODEMANAGER_NATIVEIO="true"
  ${JAVA_HOME}/bin/java ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} -classpath "${CLASSPATH}"
  -Dbea.home=${BEA_HOME} -Dweblogic.security.SSL.trustedCAKeyStore=${NODEMANAGER_SSLTRUSTED}
  -Djava.security.policy=${NODEMANAGER_JAVASECURITY} -Dweblogic.nodemanager.javaHome=${JAVA_HOME}
  -Dweblogic.ListenAddress=${NODEMANAGER_LISTENADDRESS} -Dweblogic.ListenPort=${NODEMANAGER_LISTENPORT}
  -Dweblogic.nodemanager.certificateFile=${NODEMANAGER_CERTIFICATEFILE} -Dweblogic.nodemanager.keyFile=${NODEMANAGER_KEYFILE}
  -Dweblogic.nodemanager.keyPassword=${NODEMANAGER_KEYPASSWORD} -Dweblogic.nodemanager.reverseDnsEnabled=${NODEMANAGER_REVERSEDNS}
  -Dweblogic.nodemanager.startTemplate=${NODEMANAGER_STARTTEMPLATE} -Dweblogic.nodemanager.sslHostNameVerificationEnabled=${NODEMANAGER_SSLVERIFICATION}
  -Dweblogic.nodemanager.trustedHosts=${NODEMANAGER_TRUSTEDHOSTS} -Dweblogic.nodemanager.nativeVersionEnabled=${NODEMANAGER_NATIVEIO}
  weblogic.nodemanager.NodeManager

  "Jas" <[email protected]> wrote in message news:<3e657be5$[email protected]>...
  Hi,
  I am wondering if anyone has tried creating a domain on a weblogic server by copying
  and pasting an entire domain directory. ie. Copying %bea_home%\config\DomainName
  to the new installation %bea_home%\config\DomainName.
  When I do this I get the following error when starting up the weblogic server:
  "The WebLogic Server did not start up properly. Exception raised:
  weblogic.security.internal.encryption.EncryptionServiceException:Error decrypting
  Secret Key" when loading config.xml
  I assume this is because the weblogic system password is encrypted in the config.xml
  file. Is there anyway I can get around this so I can easily clone weblogic servers?
  Thanks,
  JasJas,
  Yeah the security key is tied to the server, what exactly are you
  trying to accomplish? Do you want seperate domains or servers? Are
  they on different physical servers?
  Also what version of wls? 6 or 7?
  Will try to help you if I can
  Steve

• What -Dweblogic.security.SSL.nojce parameter does?

  Hello,
  I had some issue regarding Cipher initialization :
  java.security.InvalidKeyException: Illegal key size
       at javax.crypto.Cipher.a(DashoA13*..)
       at javax.crypto.Cipher.init(DashoA13*..)
       at javax.crypto.Cipher.init(DashoA13*..)
       at com.certicom.tls.provider.Cipher.init(Unknown Source)
       at com.certicom.tls.ciphersuite.SecurityParameters.createWriteCipher(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.changeCipherSpec(Unknown Source)
       at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
       at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at com.certicom.tls.record.WriteHandler.write(Unknown Source)
       at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
       at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
       at java.io.BufferedOutputStream.flush(Unknown Source)
       at java.io.FilterOutputStream.flush(Unknown Source)
       at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
       at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
       at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
       at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:947)
  and it seem that the solution is to start weblogic using "-Dweblogic.security.SSL.nojce = true ".
  I've tried to find out what this parameter exactly does, but I couldn't find any relevant documentation.
  Can you please try to explain what exactly does and what is the impact on my application if I use "-Dweblogic.security.SSL.nojce parameter = true "? From my understanding it disables default jdk jce , but what is using instead? Some weblogic security provider?
  Thanks in advance
  Edited by: 871158 on Jul 8, 2011 12:08 AM

  apart from the official documentation
  http://download.oracle.com/docs/cd/E14571_01/web.1111/e13707/ssl.htm
  I found the nojce parameter mentioned here
  http://ofmwsoa11g.blogspot.com/p/securing-weblogic-with-ssl.html
  "When starting a WebLogic Server instance, you can specify the command line argument -Dweblogic.security.SSL.nojce=true to use a FIPS-compliant (FIPS 140-2) crypto module in the server's SSL implementation. FIPS 140-2 is a standard that describes U.S. Federal government requirements for sensitive, but unclassified use."
  but definitely you need a Security Specialist (I am just a GP, general practitioner) on this one....

• Iaik.security.ssl.SSLCertificateException - the mother of all errors

  Hi,
  We're experiencing this error:
  Error occurred while connecting to the FTP server "whatever:whichever": iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
  when connecting to the FTPS server.
  What was done by the teams:
  1) Every single certification was checked, there is pretty much no way this is a certificate problem
  2) Nothing was changed in the systems, this is an overnight error than kept persisting
  3) We restarted both involved servers, this keeps on bugging us
  4) No relevant traces are in SMICM, ST11, ST22, SM21, anywhere
  5) NOTHING was changed on any of the two servers.
  6) In addition, also the development PI server tries to connect to the same FTPS server and the same error appears.
  This is an overnight problem that just didn't disappear whatever we did.
  From my experience with this precise error which I can say it is now of more than a year is that it kept popping up in our system and it was triggered from causes as vast as some FTPs processes hanging on the FTPS server requiring restart, to filling the space on the server, not updated DNS cache on the PI server, you name it.
  I'm really amazed the amount of times this error pops up in the CC monitor and the cause is everything else BUT a certification issue.
  Do you have any idea worth sharing on why this might happen out of the blue?
  Best regards,
  George

  Hi George,
  I have a similar issue here and have tried out all the possible options.
  1) Imported certificate into Trusted CA's from a server where the connectivity is working fine.
  2)Restarted the Java stack.
  You Mentioned about FTPS server. Can you please confirm where else do  we need to import the certificate?

• Error:- weblogic.security.SecurityInitializationException: Authentication

  Hi,
  I am getting below error when ever i am trying to start the Managed server in cluster environment(unix).
  I am able to start the server on local machine but in case of remote machine its not gettig started.
  I have tried most of the steps as mentioned below:-
  1) Changed the weblogic passowrd.
  2) Delete boot.properties.
  3) deleted $DOMAIN_DIR\servers\<admin-server-name>\data\ldap
  4) Followed below post also but nothing worked:-
  https://forums.oracle.com/forums/thread.jspa?threadID=956750&start=30&tstart=0
  ####<Nov 14, 2011 7:41:28 PM IST> <Info> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888310> <BEA-000000> <WebLogic Server "soa_server2" version:
  WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 Copyright (c) 1995, 2009, Oracle and/or its affiliates. All rights reserved.>
  ####<Nov 14, 2011 7:41:28 PM IST> <Notice> <Log Management> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888419> <BEA-170019> <The server log file /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/logs/soa_server2.log is opened. All server side log events will be written to this file.>
  ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Log Management> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888426> <BEA-170023> <The Server Logging is initialized with Java Logging API implementation.>
  ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Diagnostics> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888494> <BEA-320001> <The ServerDebug service initialized successfully.>
  ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "t3" is now configured.>
  ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "t3s" is now configured.>
  ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "http" is now configured.>
  ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "https" is now configured.>
  ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888561> <BEA-002622> <The protocol "iiop" is now configured.>
  ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "iiops" is now configured.>
  ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "ldap" is now configured.>
  ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "ldaps" is now configured.>
  ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888564> <BEA-002622> <The protocol "cluster" is now configured.>
  ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888565> <BEA-002622> <The protocol "clusters" is now configured.>
  ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888568> <BEA-002622> <The protocol "snmp" is now configured.>
  ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888568> <BEA-002622> <The protocol "admin" is now configured.>
  ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888569> <BEA-002624> <The administration protocol is "t3s" and is now configured.>
  ####<Nov 14, 2011 7:41:28 PM IST> <Info> <RJVM> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888583> <BEA-000570> <Network Configuration for Channel "soa_server2"
  Listen Address          172.17.103.42:8101
  Public Address          N/A
  Http Enabled          true
  Tunneling Enabled     false
  Outbound Enabled     false
  Admin Traffic Enabled     true>
  ####<Nov 14, 2011 7:41:29 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889336> <BEA-002609> <Channel Service initialized.>
  ####<Nov 14, 2011 7:41:29 PM IST> <Info> <Socket> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889410> <BEA-000436> <Allocating 4 reader threads.>
  ####<Nov 14, 2011 7:41:29 PM IST> <Info> <Socket> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889412> <BEA-000446> <Native IO Enabled.>
  ####<Nov 14, 2011 7:41:29 PM IST> <Info> <IIOP> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889612> <BEA-002014> <IIOP subsystem enabled.>
  ####<Nov 14, 2011 7:41:32 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279892649> <BEA-090894> <Successfully loaded the OPSS Policy Provider using oracle.security.jps.internal.policystore.JavaPolicyProvider.>
  ####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893102> <BEA-000000> <Starting OpenJPA 1.1.1-SNAPSHOT>
  ####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893224> <BEA-000000> <StoreServiceImpl.initJDO - StoreService is initialized with Id = ldap_qMT60FRl3kIPYftFoWhBFbhSxuY=>
  ####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893501> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/XACMLAuthorizermyrealmInit.initialized, will load full LDIFT.>
  ####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893509> <BEA-090074> <Initializing Authorizer provider using LDIF template file /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift.>
  ####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893921> <BEA-090075> <The Authorizer provider has had its LDIF information loaded from: /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift>
  ####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894240> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/DefaultCredentialMappermyrealmInit.initialized, will load full LDIFT.>
  ####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894240> <BEA-090827> <LDIF template file /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/DefaultCredentialMapperInit.ldift was empty. The WebLogic provider CredentialMapper has been bootstrapped but has not been initialized with any LDIF data.>
  ####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894250> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/XACMLRoleMappermyrealmInit.initialized, will load full LDIFT.>
  ####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894251> <BEA-090074> <Initializing RoleMapper provider using LDIF template file /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/security/XACMLRoleMapperInit.ldift.>
  ####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894265> <BEA-090075> <The RoleMapper provider has had its LDIF information loaded from: /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/security/XACMLRoleMapperInit.ldift>
  ####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894442> <BEA-090093> <No pre-WLS 8.1 Keystore providers are configured for server soa_server2 for security realm myrealm.>
  ####<Nov 14, 2011 7:41:34 PM IST> <Notice> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894442> <BEA-090082> <Security initializing using security realm myrealm.>
  ####<Nov 14, 2011 7:41:34 PM IST> <Critical> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894594> <BEA-090403> <Authentication for user weblogic denied>
  ####<Nov 14, 2011 7:41:34 PM IST> <Critical> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894596> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
  weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
       at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
       at weblogic.security.SecurityService.start(SecurityService.java:141)
       at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
       at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:251)
       at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
       at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
       at $Proxy28.login(Unknown Source)
       at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
       at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
       at $Proxy46.authenticate(Unknown Source)
       at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
       at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:929)
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
       at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
       at weblogic.security.SecurityService.start(SecurityService.java:141)
       at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  >
  ####<Nov 14, 2011 7:41:34 PM IST> <Notice> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894605> <BEA-000365> <Server state changed to FAILED>
  ####<Nov 14, 2011 7:41:34 PM IST> <Error> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894605> <BEA-000383> <A critical service failed. The server will shut itself down>
  ####<Nov 14, 2011 7:41:34 PM IST> <Notice> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894608> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  ####<Nov 14, 2011 7:41:34 PM IST> <Info> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894618> <BEA-000236> <Stopping execute threads.>
  Please help.
  thanks in advance

  I've tried every trick in the book but no luck and finally I found a solution for this problem. Maybe it is not the best practice but it works:
  1-Uninstall JDeveloper.
  2-Delete Oracle Middleware file located in C:\Oracle
  3-Delete the JDeveloper file located in C:\Users\MyUser\AppData\Roaming (Because the integrated Weblogic server is actually there)
  4-Reinstall JDeveloper
  That solved the issue.
  Thanks

• Weblogic.security.internal.SerializedSystemIniException

  While starting weblogic server, I am getting the following error,
  Exception raised:
  weblogic.security.internal.SerializedSystemIniException: Version mismatch. have
  0, expected 1
       at weblogic.security.internal.SerializedSystemIni.<init>(SerializedSystemIni.java:119)
       at weblogic.security.internal.SerializedSystemIni.getEncryptionService(SerializedSystemIni.java:208)
       at weblogic.management.internal.EncryptedData.getEncryptionService(EncryptedData.java:82)
  Can anybody give a clue in this to resolve urgently?

  It seems like your SerializedSystemIni.dat is currupted.
  Do you have SerializedSystemIni.dat and fileRealm.property from any other
  working domain?
  Please try to replace both of them and see if this fixes the problem.
  -utpal
  "Ramanan " <[email protected]> wrote in message
  news:[email protected]..
  >
  While starting weblogic server, I am getting the following error,
  Exception raised:
  weblogic.security.internal.SerializedSystemIniException: Version mismatch.have
  0, expected 1
  atweblogic.security.internal.SerializedSystemIni.<init>(SerializedSystemIni.ja
  va:119)
  atweblogic.security.internal.SerializedSystemIni.getEncryptionService(Serializ
  edSystemIni.java:208)
  atweblogic.management.internal.EncryptedData.getEncryptionService(EncryptedDat
  a.java:82)
  >
  Can anybody give a clue in this to resolve urgently?

• Error in Admin and manager server startup - BEA-149205-  due to error weblogic.security.internal.encryption.EncryptionServiceException

  Hi -
  I have installed OIM 11g r2 ps2, I an tring to start my Admin and SOA server :
  1. Though my admin server is coming up fine, but I am getting the following error when I am trying to start Admin server.
  ####<Apr 22, 2015 12:22:27 AM PDT> <Error> <Deployer> <devoimx003> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS
  Kernel>> <> <> <1429687347654> <BEA-149205> <Failed to initialize the application 'opss-DBDS' due to error weblogic.security.internal.encryption.EncryptionServiceException.
  weblogic.security.internal.encryption.EncryptionServiceException
          at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:139)
          at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:187)
          at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
          at sun.reflect.GeneratedMethodAccessor143.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:173)
          at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy.decrypt(DescriptorManager.java:192)
          at weblogic.descriptor.DescriptorManager$SecurityServiceImpl.decrypt(DescriptorManager.java:114)
          at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:1092)
          at weblogic.j2ee.descriptor.wl.JDBCDriverParamsBeanImpl.getPassword(JDBCDriverParamsBeanImpl.java:337)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getDriverProperties(DataSourceConnectionPoolConfig.java:368)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$2.run(DataSourceConnectionPoolConfig.java:304)
          at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
          at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.initJDBCParameters(DataSourceConnectionPoolConfig.java:300)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.access$000(DataSourceConnectionPoolConfig.java:24)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$1.run(DataSourceConnectionPoolConfig.java:78)
          at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
          at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getPoolProperties(DataSourceConnectionPoolConfig.java:75)
          at weblogic.jdbc.common.internal.ConnectionPool.doStart(ConnectionPool.java:1329)
          at weblogic.jdbc.common.internal.ConnectionPool.start(ConnectionPool.java:176)
          at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:507)
          at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:428)
          at weblogic.jdbc.module.JDBCModule.prepare(JDBCModule.java:280)
          at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
          at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:517)
          at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
          at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:159)
          at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:45)
          at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
          at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
          at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
          at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:44)
          at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
          at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
      at weblogic.deploy.internal.targetserver.SystemResourceDeployment.prepare(SystemResourceDeployment.java:55)
          at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:39)
          at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191)
          at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:21)
          at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
          at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:165)
          at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:122)
          at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
          at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
          at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
          at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
          at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
  Caused By: weblogic.security.internal.encryption.EncryptionServiceException
          at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:139)
          at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:187)
          at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
          at sun.reflect.GeneratedMethodAccessor143.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:173)
          at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy.decrypt(DescriptorManager.java:192)
          at weblogic.descriptor.DescriptorManager$SecurityServiceImpl.decrypt(DescriptorManager.java:114)
          at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:1092)
          at weblogic.j2ee.descriptor.wl.JDBCDriverParamsBeanImpl.getPassword(JDBCDriverParamsBeanImpl.java:337)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getDriverProperties(DataSourceConnectionPoolConfig.java:368)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$2.run(DataSourceConnectionPoolConfig.java:304)
          at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
          at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.initJDBCParameters(DataSourceConnectionPoolConfig.java:300)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.access$000(DataSourceConnectionPoolConfig.java:24)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$1.run(DataSourceConnectionPoolConfig.java:78)
          at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
          at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getPoolProperties(DataSourceConnectionPoolConfig.java:75)
          at weblogic.jdbc.common.internal.ConnectionPool.doStart(ConnectionPool.java:1329)
          at weblogic.jdbc.common.internal.ConnectionPool.start(ConnectionPool.java:176)
          at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:507)
          at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:428)
          at weblogic.jdbc.module.JDBCModule.prepare(JDBCModule.java:280)
          at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
          at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:517)
          at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
        at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:159)
          at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:45)
          at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
          at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
          at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
          at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:44)
          at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
          at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
          at weblogic.deploy.internal.targetserver.SystemResourceDeployment.prepare(SystemResourceDeployment.java:55)
          at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:39)
          at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191)
          at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:21)
          at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
          at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:165)
          at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:122)
          at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
          at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
          at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
          at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
          at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
  2. My SOA server is coming up but in admin mode and giving OPSS connections errors.
  Any help is really appreciated!
  Thanks,
  SK

  Hi Faisal -
  is your domain in development mode or production mode?
       - While configuring my domian , I had selected Prod Mode, but pon start up when I see in admin server console, it is starting in developement mode already ?
  Any idea how, why ?
  if its production mode you can switch to development mode, change all the credentials in the config.xml and configurations under sub folders to cleartext and start the server..
  - Let me still try these and get back to you.
  Thanks,
  SK