Weblogic.security.SSL.ignoreHostnameVerification
Hello,
I'm trying to do a jaxws client from a webservice over https, but I'm getting this error:
javax.xml.ws.WebServiceException: javax.net.ssl.SSLKeyException: [Security:090504]Certificate chain received from www.tjrs.jus.br - 200.198.149.50 failed hostname verification check. Certificate contained www.tjrs.jus.br but check expected www.tjrs.jus.br
My first question is: why would "www.tjrs.jus.br" be different that "www.tjrs.jus.br"? :)
I know I can set weblogic.security.SSL.ignoreHostnameVerification=true to avoid error above and here comes my second question: is it safe doing this for a production environment?
I appreciate any help.
Thanks,
Mauricio
1st question:
This sounds very similar:
http://improbablecode.blogspot.com/2010/01/security090504-weblogic-hostname.html
2nd question:
It will always increase your security risk if you disable hostname verification. Depends on whether you're comfortable with not being able to detect host name mismatches
Similar Messages
-
Hi, I got an java.lang.NullPointerException
at weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:235)
at weblogic.security.SSL.SSLCertificate.input(SSLCertificate.java:116)
at weblogic.security.SSL.Handshake.input(Handshake.java:121)
at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1117)
at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:432)
at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:276)
at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:222)
at weblogic.security.SSL.SSLSocketFactory.createSocket(SSLSocketFactory.java:213)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:238)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:389)
at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:209)
at weblogic.net.http.HttpClient.New(HttpClient.java:228)
at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:246)
at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:217)
at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:189)
when a small piece of code running in weblogic 8.1 SP6 and trying to make url connection to a https server.
I have verified that the runtime environment has the cacerts file including the CA ( issuer for the server certificate for the server the code was trying to connect to ).
I wonder that anybody has the same problem. Or you can give a hint how to fix it.
Thank you.Sorry, i saw the forum about your problem in BEA 8.1 SP 6 about a
weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:235)
error and you said that bea sent a path named CR295205_810sp6.jar.
I have the same problem
Do you have this patch?
Could you send it to me?
my email address is
[email protected] -
How to execute WebLogic security related commnads?
Hello All
I am just learning Oracle WebLogic and humbly request you for all your help. I installed Oracle WebLogic Server 11g Release 1 (10.3.3) on my Windows XP desktop. I could able create and cluster manage servers, configure WebLogic plug-in to Sun Java Web Server (I installed that on my Windows XP desktop) etc. Now I am reading the documentation about security and wants to run some of the commands as shown below
1) weblogic.security.SSL.protocolVersion (Command-line argument lets you specify which protocol is used for SSL connections)
2) Dweblogic.security.SSL.enableJSSE=true|false (System property to enable and disable JSSE SSL)
I am not sure how to execute this commands. As I cannot execute these commands from the AdminServer console, the only way left is C:\ prompt on my desktop. So I figured out the security directory under C:\Oracle\Middleware\user_projects\domains\Domain1\security on my desktop and tried to execute the commands unsuccessfully from C:\
C:\Oracle\Middleware\user_projects\domains\Domain1\security>weblogic.security.SSL.protocolVersion
'weblogic.security.SSL.protocolVersion' is not recognized as an internal or exte
rnal command,
operable program or batch file.
Where I can execute these commands and your help is very much appreciatecd?
ThanksHi,
"weblogic.security.SSL.protocolVersion" is only a System property Not a Executable command. This flag is just to tell the JVM to use which version of SSL implementation. This is a System Property which is needs to be enabled in the JAVA_OPTION part of your JVM/Server startScript.
Like if you are starting WebLogic server then U must apply this System property in the server start Scipt JAVA_OPTION variable:
Edit Apply the "startWebLogic.sh" and then add the following like below:
<font color=maroon> *export JAVA_OPTION="${JAVA_OPTIONS} -Xmx1024m -Xms1024m -Dweblogic.security.SSL.protocolVersion=SSL3"* </font>
Below are the meaning of this flag values.
-Dweblogic.security.SSL.protocolVersion=SSL3—Only SSL V3.0 messages are sent and accepted.
-Dweblogic.security.SSL.protocolVersion=TLS1—Only TLS V1.0 messages are sent and accepted.
-Dweblogic.security.SSL.protocolVersion=ALL—This is the default behavior.
Or Suppose if you want to run some standalone Java Program which Uses SSL and if you want to tell the JVM to use SSL3 implementation then you can do something like this:
*java <font color=red>-Dweblogic.security.SSL.protocolVersion=SSL3</font> HelloWorld*
Thanks
Jay SenSharma
*http://middlewaremagic.com/weblogic (Middleware Magic Is Here)* -
Weblogic.security.CipherException: Incorrect block length 256 (modulus
Hi,
I have a stand alone java client which runs in the weblogic 8.1 server and when I tried to connect to the external site using the weblogic's HttpsURLConnection ,its throws the below exception.
weblogic.security.CipherException: Incorrect block length 256 (modulus length 128)
<Info> <Security> <BEA-090511> <The following exception has occurred:
weblogic.security.CipherException: Incorrect encrypted block
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:205)
at weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:246)
at weblogic.security.X509.verify(X509.java:176)
at weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:133)
at weblogic.security.SSL.SSLCertificate.input(SSLCertificate.java:116)
at weblogic.security.SSL.Handshake.input(Handshake.java:121)
at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1117)
at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:432)
at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:276)
at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:222)
at weblogic.security.SSL.SSLSocketFactory.createSocket(SSLSocketFactory.java:213)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:238)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:389)
at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:209)
at weblogic.net.http.HttpClient.New(HttpClient.java:228)
at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:246)
at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:217)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:319)
at HttpsConnect.main(HttpsConnect.java:13)
<Info> <SSL> <000000> <weblogic.security.AuthenticationException: Incorrect encrypted block possibly incorrect SSLServerCertificateChainFileName set for this server certificate>
java.io.IOException: weblogic.security.AuthenticationException: Incorrect encrypted block possibly incorrect SSLServerCertificateChainFileName set for this server certificate
at weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:172)
at weblogic.security.SSL.SSLCertificate.input(SSLCertificate.java:116)
at weblogic.security.SSL.Handshake.input(Handshake.java:121)
at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1117)
at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:432)
at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:276)
at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:222)
at weblogic.security.SSL.SSLSocketFactory.createSocket(SSLSocketFactory.java:213)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:238)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:389)
at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:209)
at weblogic.net.http.HttpClient.New(HttpClient.java:228)
at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:246)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:359)
at HttpsConnect.main(HttpsConnect.java:13)
I verified the certifiate chain by using the weblogic's ValidateCertChain utility, and the output seems to be confusing for the intermediate site and the entity site.
java utils.ValidateCertChain -pem inter.cerCert[0]: CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/r
pa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
Certificate chain is incomplete, can't confirm the entire chain is valid
Certificate chain appears valid
Any pointers will be appreciated.This might be because Verisign has included anadditional intermediate certificate in its chain
You can find it here
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657&actp=search&viewlocale=en_US
Contact Verisign Support, u can chat with them even...
Let me know if you have any doubt.
Cheers!
Faisal
http://www.weblogic-wonders.com -
Weblogic.security.CipherException: Invalid padding length
I am having some difficulties configuring SSL for WebLogic 6.0.2J (Japanese).
Here is the history of my problem:
1. A CSR was generated, but on a completely different platform (Windows) and
for a slightly older version of WebLogic (6.0.1J)
2. I was then brought in to install and configure WebLogic 6.0.2J on UNIX.
3. I was then given the encrypted private key (security_net-chef_net-key.der),
the CSR files, and the server cert from VeriSign Japan (cert.pem). I went to VeriSign
Japan to get an intermediate CA cert (Server Chain Cert), which I saved as ca.pem.
4. In the Admin Console, I configured the server in my target domain with: Server
Certificate File Name = cert.pem, Trusted CA File Name = ca.pem, and Trusted CA
File Name = security_net-chef_net-key.der.
5. When I attempt to start my target server, I am seeing the following alert:
===========================================================
<2001/08/07 13:22:25:JST> <Alert> <WebLogicServer> <認証ファイル
config/net-chef
/security_net-chef_net-key.der にセキュリティ
コンフィグレーション上の問題があり
ます。java.io.IOException: weblogic.security.CipherException:
Invalid padding le
ngth 72>
java.io.IOException: weblogic.security.CipherException: Invalid padding length
7
2
at weblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:15
7)
at weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:1
25)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:387)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
===========================================================
Please note that as I am doing this on a Japanese OS, some of the above messages
may be rendered illegible.
If anyone out there has a clue to why I am seeing the above error, I would greatly
appreciate your help.
Thanks and aloha in advance,
BrookeSee Posting 5457.
-
Weblogic.security.KeyManagementException: java.io.EOFException
I am getting the following error when I am use the certificate
obtained from baltimore instead of the default provided by weblogic. I
used der2pem also to convert ".der" key file to ".pem" format - it
didn't work
I am running one-way SSL.
the configuration I have specified is:
Server Key File Name: config/mydomain/privatekey.pem
Server Certificate File Name: config/mydomain/DownloadCert.pem
Server Certificate Chain File
Name: config/mydomain/DownloadCert_root.pem
<05-Mar-02 17:22:01 GMT> <Info> <Logging> <Only log messages of
severity "Error"
or worse will be displayed in this window. This can be changed at
Admin Console
mydomain> Servers> myserver> Logging> General> Stdout severity threshold>java.io.EOFException
at weblogic.security.Utils.inputByteArray(Utils.java:143)
at weblogic.security.ASN1.ASN1Utils.inputASN1Integer(ASN1Utils.java:120)
at weblogic.security.X509.input(X509.java:120)
at weblogic.security.X509.initialize(X509.java:81)
at weblogic.security.Certificate.<init>(Certificate.java:59)
at weblogic.security.X509.<init>(X509.java:56)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.ja
va:232)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<05-Mar-02 17:22:09 GMT> <Alert> <WebLogicServer> <Inconsistent
security configu
ration, weblogic.security.KeyManagementException:
java.io.EOFException>
weblogic.security.KeyManagementException: java.io.EOFException
at weblogic.security.X509.initialize(X509.java:86)
at weblogic.security.Certificate.<init>(Certificate.java:59)
at weblogic.security.X509.<init>(X509.java:56)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.ja
va:232)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<05-Mar-02 17:22:31 GMT> <Notice> <WebLogicServer> <WebLogic Server
started>
<05-Mar-02 17:22:31 GMT> <Notice> <WebLogicServer> <ListenThread
listening on po
rt 7001>
Any help will be appriciated.
regards
sachinI am getting the following error when I am use the certificate
obtained from baltimore instead of the default provided by weblogic. I
used der2pem also to convert ".der" key file to ".pem" format - it
didn't work
I am running one-way SSL.
the configuration I have specified is:
Server Key File Name: config/mydomain/privatekey.pem
Server Certificate File Name: config/mydomain/DownloadCert.pem
Server Certificate Chain File
Name: config/mydomain/DownloadCert_root.pem
<05-Mar-02 17:22:01 GMT> <Info> <Logging> <Only log messages of
severity "Error"
or worse will be displayed in this window. This can be changed at
Admin Console
mydomain> Servers> myserver> Logging> General> Stdout severity threshold>java.io.EOFException
at weblogic.security.Utils.inputByteArray(Utils.java:143)
at weblogic.security.ASN1.ASN1Utils.inputASN1Integer(ASN1Utils.java:120)
at weblogic.security.X509.input(X509.java:120)
at weblogic.security.X509.initialize(X509.java:81)
at weblogic.security.Certificate.<init>(Certificate.java:59)
at weblogic.security.X509.<init>(X509.java:56)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.ja
va:232)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<05-Mar-02 17:22:09 GMT> <Alert> <WebLogicServer> <Inconsistent
security configu
ration, weblogic.security.KeyManagementException:
java.io.EOFException>
weblogic.security.KeyManagementException: java.io.EOFException
at weblogic.security.X509.initialize(X509.java:86)
at weblogic.security.Certificate.<init>(Certificate.java:59)
at weblogic.security.X509.<init>(X509.java:56)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.ja
va:232)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<05-Mar-02 17:22:31 GMT> <Notice> <WebLogicServer> <WebLogic Server
started>
<05-Mar-02 17:22:31 GMT> <Notice> <WebLogicServer> <ListenThread
listening on po
rt 7001>
Any help will be appriciated.
regards
sachin -
Weblogic.security.X509 alternative in WLS 9.1
Hi All
We have setup IIS 5.0 with 2 way SSL for client connection. We have also configured IIS weblogic proxy for Weblogic 9.1 using iisproxy.dll. The connection between IIS and WebLogic 9.1 is HTTP based. We are trying to get the client certificate in Weblogic 9.1 using the following code
java.security.cert.X509Certificate certs [];
certs = (java.security.cert.X509Certificate [])
request.getAttribute("javax.servlet.request.X509Certificate");
However the returned certificates are NULL.
We have also enabled Client Cert Proxy and Weblogic Plug-in in Weblogic 9.1 configuration.
We are trying to migrate from weblogic 8 to 9.1 and our previous code was as follows
weblogic.security.X509 [] certs = (weblogic.security.X509[])req.getAttribute("javax.net.ssl.peer_certificates");
This code work fine with the same IIS setup. Since weblogic.security.X509 is removed in WLS 9.1 we are forced to change our code.
Please help!
Message was edited by:
rmkandanhi
Currently I am using
req.getHeader("WL-Proxy-Client-Cert")
to get the client certificate and then i do the following to get the X509 cert format
if (pemCert != null && pemCert.length() > 0 ){
pemCertBuff.append("-----BEGIN CERTIFICATE-----");
pemCertBuff.append(pemCert);
pemCertBuff.append("-----END CERTIFICATE-----");
System.out.println("CertificateUtil:getFingerPrint: pemCertBuff --"+pemCertBuff.toString());
X509Certificate certs = null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bis = new ByteArrayInputStream(pemCertBuff.toString().getBytes());
weblogic.security.PEMInputStream pemIs = new weblogic.security.PEMInputStream(bis);
BufferedInputStream bufis = new BufferedInputStream(pemIs);
certs = (X509Certificate)cf.generateCertificate(bufis);
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
And I am able to get the certificate, but I need to know is there any other elegant way to get the certificate as we did using weblogic.security.X509 class?
Please help!!
Message was edited by:
rmkandan -
[Weblogic Security In Action]
摘要
本文将探讨Weblogic Platform中的安全框架以及在该框架下如何实现企业安全(Weblogic Enterprise Security,简称WLES)。
本文分为上中下三篇。
上篇主要阐述WLES的概念,将按照如下的思路,让读者对Weblogic安全框架有一个明晰的理解,并在此基础上明白Weblogic基本安全要素如User,Group,Role,Resource。并探讨在WLES下实现认证和授权的方法。
中篇主要阐述WLES的配置,重点讲述如何在WLS中配置SSL和证书,如何配置LDAP和数据库,如何实现Windows集成安全,如何在开源技术如CAS,SAML,SPNEGO等基础上实现单点登陆(Single Sign on,即SSO)。
下篇主要解释Weblogic Mbean机制,讲述如何实现自己的Custom Security Provider,并解释如何使用Weblogic Security Provider构造一个强大稳健的安全体系。
[上篇]
1, Weblogic Platform安全框架概述
2, Security Realm下的用户、组、角色、资源和安全策略
3, 认证与授权
[中篇]
4, 配置SSL与数字证书
5, Windows集成安全
6, 单点登陆(SSO)
[下篇]
7, 实现自己的Security Provider
8, 在Security Provider上构造灵活的安全体系
目前只写好
Weblogic Security In Action 上篇
http://www.matrix.org.cn/blog/cas/archives/WeblogicSecurityInAction(1).swf
原来写文章是这么累的。
中篇,下篇正在撰写中,请密切关注。
希望各位指出文章的纰漏,然后发邮件给我,因为我实在没时间很仔细去审阅。为了方便Weblogic用户管理JKS证书,我发布了一个Eclipse插件,代号SecureX,该插件将集成Keytool, Axis数字签名,加密,和SSO/SSL向导,目前版本为1.0.0,改自于KeytoolGUI1.6版本。
作了不少的增强,原来的版本已经停止开发并被作者商业化,开源版本以后将由我提供:)
SecureX 的URL: http://www.blogjava.net/openssl/archive/2006/03/17/35781.html
关于SecureX,请参看http://www.blogjava.net/openssl/archive/2006/02/08/29886.aspx
该Project遵循GPL,参见https://sourceforge.net/projects/securex/
源代码将在2.0发布到SF。
代替Keytool的图形化界面,增加了数字签名功能,原来的版本来自于Keytool Gui 1.6(基于SWing),我重写了SWT界面,集成到SecureX并以SecureX为基础,不断扩展Java Security功能,包括加密,签名,SSO向导,SSL向导之类的功能。
下载:
http://www.blogjava.net/Files/openssl/plugins.part1.rar
http://www.blogjava.net/Files/openssl/plugins.part2.rar
http://www.blogjava.net/Files/openssl/plugins.part3.rar
http://www.blogjava.net/Files/openssl/plugins.part4.rar
http://www.blogjava.net/Files/openssl/plugins.part5.rar
http://www.blogjava.net/Files/openssl/plugins.part6.rar
http://www.blogjava.net/Files/openssl/plugins.part7.rar
下载完毕后,解压到plugins目录,然后找到
其子目录SecureX_1.0.0
然后,将其整个Copy到Eclipse目录下的Plugin目录下,重启Eclipse,
然后点击菜单项Securex下KeyTool,就可以运行。
如对SecureX有兴趣,请加入SecuritySite群(14966586)或者email给我:openssl(at)163.com -
Weblogic.security.X509 API
Hello All,
Is the API documentation for the weblogic.security.X509 class, or for
that matter the entire package, documented somewhere?
Thanks,
Dan
[dan.vcf]Hello All,
I would like a client java program to communicate with a WLS over a t3s
connection with two-way SSL.
We have generated certificates for browsers that work fine for the two-way SSL.
I have access to the base 64 encoded certificate that the java client program
can use. I am assuming I need a private key also for use in the
setSSLClientCertificate(InputStream[] chain) method for decryption of data
coming to to the client. For a WLS server, this is no problem.
Question(s): Am I correct in this private key assumption? If I do need the
private key, how could I get it.
Thanks
[dan.vcf] -
Hi all,
I have one admin server 8 managed servers in cluster environment. I am using node
manager to start managed servers. I used the demo certificate and private key
file provided by BEA before getting my real certificate, but when I got the real
certificate the node manager can't no more. The error I am getting is this :
<Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <NodeManager: for information
on command line options, try "java weblogic.nodemanager.NodeManager help">
<Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <Starting NodeManager >
Exception in thread "main" weblogic.security.internal.encryption.EncryptionServiceException:
Error decrypting Secret Key
at weblogic.security.internal.encryption.JSafeSecretKeyEncryptor.decryptSecretKey(JSafeSecretKeyEncryptor.java:119)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:205)
at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
--------------- nested within: ------------------
weblogic.security.internal.encryption.EncryptionServiceException - with nested
exception:
[weblogic.security.internal.encryption.EncryptionServiceException: Error decrypting
Secret Key]
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:226)
at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
here is the setting of node manager
# Set user-defined variables.
BEA_HOME="/opt/app/weblogic"
WL_HOME=${BEA_HOME}/weblogic700
NODEMGR_HOME=${BEA_HOME}/common/nodemanager/config
JAVA_HOME=${BEA_HOME}/software/j2sdk1_3_1_06
#Set NODEMANAGER variables
NODEMANAGER_CERTIFICATEFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-cert.pem
NODEMANAGER_KEYFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-key.der
NODEMANAGER_KEYPASSWORD="wR2DfgiHjF0m4"
NODEMANAGER_LISTENADDRESS="uxmwpr01"
NODEMANAGER_LISTENPORT="5501"
NODEMANAGER_REVERSEDNS="true"
NODEMANAGER_SSLVERIFICATION="true"
NODEMANAGER_STARTTEMPLATE=${NODEMGR_HOME}/startManagedWeblogic
NODEMANAGER_SSLTRUSTED=${WL_HOME}/server/lib/cacerts
NODEMANAGER_JAVASECURITY=${WL_HOME}/server/lib/weblogic.policy
NODEMANAGER_TRUSTEDHOSTS=${NODEMGR_HOME}/nodemanager.hosts
NODEMANAGER_NATIVEIO="true"
${JAVA_HOME}/bin/java ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} -classpath "${CLASSPATH}"
-Dbea.home=${BEA_HOME} -Dweblogic.security.SSL.trustedCAKeyStore=${NODEMANAGER_SSLTRUSTED}
-Djava.security.policy=${NODEMANAGER_JAVASECURITY} -Dweblogic.nodemanager.javaHome=${JAVA_HOME}
-Dweblogic.ListenAddress=${NODEMANAGER_LISTENADDRESS} -Dweblogic.ListenPort=${NODEMANAGER_LISTENPORT}
-Dweblogic.nodemanager.certificateFile=${NODEMANAGER_CERTIFICATEFILE} -Dweblogic.nodemanager.keyFile=${NODEMANAGER_KEYFILE}
-Dweblogic.nodemanager.keyPassword=${NODEMANAGER_KEYPASSWORD} -Dweblogic.nodemanager.reverseDnsEnabled=${NODEMANAGER_REVERSEDNS}
-Dweblogic.nodemanager.startTemplate=${NODEMANAGER_STARTTEMPLATE} -Dweblogic.nodemanager.sslHostNameVerificationEnabled=${NODEMANAGER_SSLVERIFICATION}
-Dweblogic.nodemanager.trustedHosts=${NODEMANAGER_TRUSTEDHOSTS} -Dweblogic.nodemanager.nativeVersionEnabled=${NODEMANAGER_NATIVEIO}
weblogic.nodemanager.NodeManager"Jas" <[email protected]> wrote in message news:<3e657be5$[email protected]>...
Hi,
I am wondering if anyone has tried creating a domain on a weblogic server by copying
and pasting an entire domain directory. ie. Copying %bea_home%\config\DomainName
to the new installation %bea_home%\config\DomainName.
When I do this I get the following error when starting up the weblogic server:
"The WebLogic Server did not start up properly. Exception raised:
weblogic.security.internal.encryption.EncryptionServiceException:Error decrypting
Secret Key" when loading config.xml
I assume this is because the weblogic system password is encrypted in the config.xml
file. Is there anyway I can get around this so I can easily clone weblogic servers?
Thanks,
JasJas,
Yeah the security key is tied to the server, what exactly are you
trying to accomplish? Do you want seperate domains or servers? Are
they on different physical servers?
Also what version of wls? 6 or 7?
Will try to help you if I can
Steve -
What -Dweblogic.security.SSL.nojce parameter does?
Hello,
I had some issue regarding Cipher initialization :
java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at com.certicom.tls.provider.Cipher.init(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.createWriteCipher(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.changeCipherSpec(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at java.io.FilterOutputStream.flush(Unknown Source)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:947)
and it seem that the solution is to start weblogic using "-Dweblogic.security.SSL.nojce = true ".
I've tried to find out what this parameter exactly does, but I couldn't find any relevant documentation.
Can you please try to explain what exactly does and what is the impact on my application if I use "-Dweblogic.security.SSL.nojce parameter = true "? From my understanding it disables default jdk jce , but what is using instead? Some weblogic security provider?
Thanks in advance
Edited by: 871158 on Jul 8, 2011 12:08 AMapart from the official documentation
http://download.oracle.com/docs/cd/E14571_01/web.1111/e13707/ssl.htm
I found the nojce parameter mentioned here
http://ofmwsoa11g.blogspot.com/p/securing-weblogic-with-ssl.html
"When starting a WebLogic Server instance, you can specify the command line argument -Dweblogic.security.SSL.nojce=true to use a FIPS-compliant (FIPS 140-2) crypto module in the server's SSL implementation. FIPS 140-2 is a standard that describes U.S. Federal government requirements for sensitive, but unclassified use."
but definitely you need a Security Specialist (I am just a GP, general practitioner) on this one.... -
Iaik.security.ssl.SSLCertificateException - the mother of all errors
Hi,
We're experiencing this error:
Error occurred while connecting to the FTP server "whatever:whichever": iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
when connecting to the FTPS server.
What was done by the teams:
1) Every single certification was checked, there is pretty much no way this is a certificate problem
2) Nothing was changed in the systems, this is an overnight error than kept persisting
3) We restarted both involved servers, this keeps on bugging us
4) No relevant traces are in SMICM, ST11, ST22, SM21, anywhere
5) NOTHING was changed on any of the two servers.
6) In addition, also the development PI server tries to connect to the same FTPS server and the same error appears.
This is an overnight problem that just didn't disappear whatever we did.
From my experience with this precise error which I can say it is now of more than a year is that it kept popping up in our system and it was triggered from causes as vast as some FTPs processes hanging on the FTPS server requiring restart, to filling the space on the server, not updated DNS cache on the PI server, you name it.
I'm really amazed the amount of times this error pops up in the CC monitor and the cause is everything else BUT a certification issue.
Do you have any idea worth sharing on why this might happen out of the blue?
Best regards,
GeorgeHi George,
I have a similar issue here and have tried out all the possible options.
1) Imported certificate into Trusted CA's from a server where the connectivity is working fine.
2)Restarted the Java stack.
You Mentioned about FTPS server. Can you please confirm where else do we need to import the certificate? -
Error:- weblogic.security.SecurityInitializationException: Authentication
Hi,
I am getting below error when ever i am trying to start the Managed server in cluster environment(unix).
I am able to start the server on local machine but in case of remote machine its not gettig started.
I have tried most of the steps as mentioned below:-
1) Changed the weblogic passowrd.
2) Delete boot.properties.
3) deleted $DOMAIN_DIR\servers\<admin-server-name>\data\ldap
4) Followed below post also but nothing worked:-
https://forums.oracle.com/forums/thread.jspa?threadID=956750&start=30&tstart=0
####<Nov 14, 2011 7:41:28 PM IST> <Info> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888310> <BEA-000000> <WebLogic Server "soa_server2" version:
WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 Copyright (c) 1995, 2009, Oracle and/or its affiliates. All rights reserved.>
####<Nov 14, 2011 7:41:28 PM IST> <Notice> <Log Management> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888419> <BEA-170019> <The server log file /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/logs/soa_server2.log is opened. All server side log events will be written to this file.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Log Management> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888426> <BEA-170023> <The Server Logging is initialized with Java Logging API implementation.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Diagnostics> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888494> <BEA-320001> <The ServerDebug service initialized successfully.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "t3" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "t3s" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "http" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "https" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888561> <BEA-002622> <The protocol "iiop" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "iiops" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "ldap" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "ldaps" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888564> <BEA-002622> <The protocol "cluster" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888565> <BEA-002622> <The protocol "clusters" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888568> <BEA-002622> <The protocol "snmp" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888568> <BEA-002622> <The protocol "admin" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888569> <BEA-002624> <The administration protocol is "t3s" and is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <RJVM> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888583> <BEA-000570> <Network Configuration for Channel "soa_server2"
Listen Address 172.17.103.42:8101
Public Address N/A
Http Enabled true
Tunneling Enabled false
Outbound Enabled false
Admin Traffic Enabled true>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889336> <BEA-002609> <Channel Service initialized.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Socket> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889410> <BEA-000436> <Allocating 4 reader threads.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Socket> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889412> <BEA-000446> <Native IO Enabled.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <IIOP> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889612> <BEA-002014> <IIOP subsystem enabled.>
####<Nov 14, 2011 7:41:32 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279892649> <BEA-090894> <Successfully loaded the OPSS Policy Provider using oracle.security.jps.internal.policystore.JavaPolicyProvider.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893102> <BEA-000000> <Starting OpenJPA 1.1.1-SNAPSHOT>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893224> <BEA-000000> <StoreServiceImpl.initJDO - StoreService is initialized with Id = ldap_qMT60FRl3kIPYftFoWhBFbhSxuY=>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893501> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/XACMLAuthorizermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893509> <BEA-090074> <Initializing Authorizer provider using LDIF template file /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893921> <BEA-090075> <The Authorizer provider has had its LDIF information loaded from: /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894240> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/DefaultCredentialMappermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894240> <BEA-090827> <LDIF template file /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/DefaultCredentialMapperInit.ldift was empty. The WebLogic provider CredentialMapper has been bootstrapped but has not been initialized with any LDIF data.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894250> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/XACMLRoleMappermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894251> <BEA-090074> <Initializing RoleMapper provider using LDIF template file /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/security/XACMLRoleMapperInit.ldift.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894265> <BEA-090075> <The RoleMapper provider has had its LDIF information loaded from: /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/security/XACMLRoleMapperInit.ldift>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894442> <BEA-090093> <No pre-WLS 8.1 Keystore providers are configured for server soa_server2 for security realm myrealm.>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894442> <BEA-090082> <Security initializing using security realm myrealm.>
####<Nov 14, 2011 7:41:34 PM IST> <Critical> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894594> <BEA-090403> <Authentication for user weblogic denied>
####<Nov 14, 2011 7:41:34 PM IST> <Critical> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894596> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:251)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy28.login(Unknown Source)
at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy46.authenticate(Unknown Source)
at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:929)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894605> <BEA-000365> <Server state changed to FAILED>
####<Nov 14, 2011 7:41:34 PM IST> <Error> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894605> <BEA-000383> <A critical service failed. The server will shut itself down>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894608> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894618> <BEA-000236> <Stopping execute threads.>
Please help.
thanks in advanceI've tried every trick in the book but no luck and finally I found a solution for this problem. Maybe it is not the best practice but it works:
1-Uninstall JDeveloper.
2-Delete Oracle Middleware file located in C:\Oracle
3-Delete the JDeveloper file located in C:\Users\MyUser\AppData\Roaming (Because the integrated Weblogic server is actually there)
4-Reinstall JDeveloper
That solved the issue.
Thanks -
Weblogic.security.internal.SerializedSystemIniException
While starting weblogic server, I am getting the following error,
Exception raised:
weblogic.security.internal.SerializedSystemIniException: Version mismatch. have
0, expected 1
at weblogic.security.internal.SerializedSystemIni.<init>(SerializedSystemIni.java:119)
at weblogic.security.internal.SerializedSystemIni.getEncryptionService(SerializedSystemIni.java:208)
at weblogic.management.internal.EncryptedData.getEncryptionService(EncryptedData.java:82)
Can anybody give a clue in this to resolve urgently?It seems like your SerializedSystemIni.dat is currupted.
Do you have SerializedSystemIni.dat and fileRealm.property from any other
working domain?
Please try to replace both of them and see if this fixes the problem.
-utpal
"Ramanan " <[email protected]> wrote in message
news:[email protected]..
>
While starting weblogic server, I am getting the following error,
Exception raised:
weblogic.security.internal.SerializedSystemIniException: Version mismatch.have
0, expected 1
atweblogic.security.internal.SerializedSystemIni.<init>(SerializedSystemIni.ja
va:119)
atweblogic.security.internal.SerializedSystemIni.getEncryptionService(Serializ
edSystemIni.java:208)
atweblogic.management.internal.EncryptedData.getEncryptionService(EncryptedDat
a.java:82)
>
Can anybody give a clue in this to resolve urgently? -
Hi -
I have installed OIM 11g r2 ps2, I an tring to start my Admin and SOA server :
1. Though my admin server is coming up fine, but I am getting the following error when I am trying to start Admin server.
####<Apr 22, 2015 12:22:27 AM PDT> <Error> <Deployer> <devoimx003> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS
Kernel>> <> <> <1429687347654> <BEA-149205> <Failed to initialize the application 'opss-DBDS' due to error weblogic.security.internal.encryption.EncryptionServiceException.
weblogic.security.internal.encryption.EncryptionServiceException
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:139)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:187)
at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
at sun.reflect.GeneratedMethodAccessor143.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:173)
at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy.decrypt(DescriptorManager.java:192)
at weblogic.descriptor.DescriptorManager$SecurityServiceImpl.decrypt(DescriptorManager.java:114)
at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:1092)
at weblogic.j2ee.descriptor.wl.JDBCDriverParamsBeanImpl.getPassword(JDBCDriverParamsBeanImpl.java:337)
at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getDriverProperties(DataSourceConnectionPoolConfig.java:368)
at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$2.run(DataSourceConnectionPoolConfig.java:304)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.initJDBCParameters(DataSourceConnectionPoolConfig.java:300)
at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.access$000(DataSourceConnectionPoolConfig.java:24)
at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$1.run(DataSourceConnectionPoolConfig.java:78)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getPoolProperties(DataSourceConnectionPoolConfig.java:75)
at weblogic.jdbc.common.internal.ConnectionPool.doStart(ConnectionPool.java:1329)
at weblogic.jdbc.common.internal.ConnectionPool.start(ConnectionPool.java:176)
at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:507)
at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:428)
at weblogic.jdbc.module.JDBCModule.prepare(JDBCModule.java:280)
at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:517)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:159)
at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:45)
at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:44)
at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
at weblogic.deploy.internal.targetserver.SystemResourceDeployment.prepare(SystemResourceDeployment.java:55)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:39)
at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191)
at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:21)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:165)
at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:122)
at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: weblogic.security.internal.encryption.EncryptionServiceException
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:139)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:187)
at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
at sun.reflect.GeneratedMethodAccessor143.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:173)
at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy.decrypt(DescriptorManager.java:192)
at weblogic.descriptor.DescriptorManager$SecurityServiceImpl.decrypt(DescriptorManager.java:114)
at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:1092)
at weblogic.j2ee.descriptor.wl.JDBCDriverParamsBeanImpl.getPassword(JDBCDriverParamsBeanImpl.java:337)
at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getDriverProperties(DataSourceConnectionPoolConfig.java:368)
at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$2.run(DataSourceConnectionPoolConfig.java:304)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.initJDBCParameters(DataSourceConnectionPoolConfig.java:300)
at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.access$000(DataSourceConnectionPoolConfig.java:24)
at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$1.run(DataSourceConnectionPoolConfig.java:78)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getPoolProperties(DataSourceConnectionPoolConfig.java:75)
at weblogic.jdbc.common.internal.ConnectionPool.doStart(ConnectionPool.java:1329)
at weblogic.jdbc.common.internal.ConnectionPool.start(ConnectionPool.java:176)
at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:507)
at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:428)
at weblogic.jdbc.module.JDBCModule.prepare(JDBCModule.java:280)
at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:517)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:159)
at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:45)
at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:44)
at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
at weblogic.deploy.internal.targetserver.SystemResourceDeployment.prepare(SystemResourceDeployment.java:55)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:39)
at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191)
at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:21)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:165)
at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:122)
at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
2. My SOA server is coming up but in admin mode and giving OPSS connections errors.
Any help is really appreciated!
Thanks,
SKHi Faisal -
is your domain in development mode or production mode?
- While configuring my domian , I had selected Prod Mode, but pon start up when I see in admin server console, it is starting in developement mode already ?
Any idea how, why ?
if its production mode you can switch to development mode, change all the credentials in the config.xml and configurations under sub folders to cleartext and start the server..
- Let me still try these and get back to you.
Thanks,
SK
Maybe you are looking for
-
IPod not recognized by PC or iTunes - can no longer sync iPod
I had to shut down my PC due to a storm and I didn't realize that my iPod was still connected with the message "do not disconnet". Now my PC does not recognize my iPod. I've tried resetting it, uninstalling/reinstalling the driver and the iTunes appl
-
What is error LP100 and how do I fix it?
I recently tried to enter personal info for a credit card rewards site, where I received Error LP100. Can anyone tell me what it is and how I fix it? Thanks.
-
my iphone 4 wont connect to my laptop (windows 8) via usb but it will however register that it is there via 'photos' im not using the cable that came with my phone, does that affect the connection? i just want it to connect to my itunes again!!! Than
-
Question about creating a bootable disk image in Leopard.
I have a Powerbook G4 that originally came with OS9, I upgraded to Tiger and recently upgraded to Leopard. The computer is running great but if it should go down what are my bootable options? 1) Boot from the install disk set then load tiger upgrade
-
Multiple open db connections in a weblogic cluster
we have created a cluster in weblogic with oracle database. Whenever we are starting the cluster (managed servers), there are a lot of connections are opening in database (around 150 in database). Although we have set max capacity of cgDataSource, cg