2-way SSL using t3s protocol

Goodmorning,
I'm trying to get a 2-way SSL connection between two WLS 10.3 in production mode.
WLS #1 contains the client application and WLS #2 contains the server application.
I've got a standalone Microsoft CA.
I've configured WLSs with custom identity and trust JKS Stores.
In trust store I stored the CA certificate.
In identity store I created a selfsigned cert with RSA alg and this cert was signed from my CA.
In identity store I also stored the CA's Certificate.
I've enabled SSL with custom identity and trust store,
None host verification,
Export Key Lifespan 500,
Two Way Client Cert Behavior: Client cert requested and enforced,
SSL Rejection Logging Enabled checked,
Inbound and Outbound Certificate Validation: Builtin SSL Validation Only
I configured both WLS as explained (except identity certs that are custom for each server).
I can invoke WLS #2 Webservices from WLS #1 via https.
So I tried to invoke an EJB deployed on WLS #2 via t3s, but it didn't work.
During handshake process, the first step is ok; in fact WLS #1 trusts WLS #2 certs.
The second step goes wrong; here follows some logs.
WLS #1
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: CertificateRequest>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <8374786 SSL3/TLS MAC>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <8374786 received HANDSHAKE>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> *<No suitable identity certificate chain has been found.>*
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 7>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 134>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACSHA1>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACSHA1>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 16>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <8374786 SSL3/TLS MAC>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <8374786 received ALERT>
<2-mar-2011 11.14.13 CET> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 40
WLS #2
<2-mar-2011 11.14.12 CET> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<2-mar-2011 11.14.12 CET> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 0>
<2-mar-2011 11.14.12 CET> <Debug> <SecuritySSL> <BEA-000000> *<Required peer certificates not supplied by peer>*
<2-mar-2011 11.14.12 CET> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 4>
<2-mar-2011 11.14.12 CET> <Warning> <Security> <BEA-090508> <Certificate chain received from xpr-selex-fel01 - 192.168.60.48 was incomplete.>
<2-mar-2011 11.14.12 CET> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 4>
<2-mar-2011 11.14.12 CET> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is incomplete>
<2-mar-2011 11.14.12 CET> <Debug> <SecuritySSL> <BEA-000000> <User defined JSSE trustmanagers not allowed to override>
<2-mar-2011 11.14.12 CET> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 68>
<2-mar-2011 11.14.12 CET> <Debug> <SecuritySSL> <BEA-000000> <Trust failure (68): CERT_CHAIN_INCOMPLETE>
<2-mar-2011 11.14.12 CET> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 40
One useful info: if I deploy both EJB application and client application all on the same WLS and alient application invokes the EJB via t3s, all works fine.
Is there anything missing/wrong in the configuration?
Thanks.

Is this a typo?
In identity store I created a selfsigned cert with RSA alg and this cert was signed from my CA.It can't be both self-signed and signed by a CA.
In identity store I also stored the CA's Certificate.The identity store should not have a CA certificate in it. Either put the CA in your trust store, or chain your CA and your identity into a single cert within your identity store.
During the handshake, the server (#2) will send a list of of its trusted CA certs to the client. The client has to look in its identity store for certs which are signed by one of the CAs sent by the server.
If your client has multiple identity certs ( with the clientAuth key usage ) in its identity store, then there has to be some way to choose which cert to select. Does t3s use the SSL configuration's alias in the client as http does? You can test this by only using a client identity store with a single identity cert which is signed by one of the CA certificates presented by your server.

Similar Messages

  • 2-way SSL and access control using the client certificate

    Hi,
    I'd like to configure WLS 8.1 so that the server will use the client identity extracted from the client certificate to determine whether permissions should be granted. I am having some problems.
    Details: The client can be either a Web service or a web application. The steps for authentication and authorization should be:
    - The client sends a request to an Apache server (DMZ) which will then be forwarded to WLS.
    - The client's identity, common name from the X.509 certificate, is mapped to the "username" (using WLS default identity assertion provider).
    - Validate whether the client should be trusted (via the list in the trusted credentials)
    - Check whether the resource should be granted based on the "username".
    The on-line manual says
    "If the Web browser or Java client requests a WebLogic Server resource protected by a security policy, WebLogic Server requires that the Web browser or Java client have an identity."
    "The user corresponding to the Subject's Distinguished Name (SubjectDN) attribute in the client's digital certificate must be defined in the server's security realm; otherwise the client will not be allowed to access a protected WebLogic resource. For information on configuring users on the server, see Creating Users in Managing WebLogic Security."
    So the questions I have are:
    - If the client identity is certificate based, why should we configure users with the "user name" and "password"? How can we get around it?
    - Once I defined the security condition for my app to use "user name of the caller," a default username and password prompt automatically popped up.
    Apparently, the SSL mutual authentication configuration and the default authentication provider to use the X.509 type didn't take any effect.
    - Without defining the security policy for the application, the debugging messages show that
    getRoles(): input arguments: subject:0
    Entitlement - <Role:Annonymous with expr:Grp(everyone)>
    Any suggestions? Thanks.

    Hi,
    I am trying to use 2 way ssl using webservices client , here is my code :
    AxisProperties.setProperty("org.apache.axis.components.net.SecureSocketFactory","org.apache.axis.components.net.SunFakeTrustSocketFactory");
    SSLAdapterFactory factory = SSLAdapterFactory.getDefaultFactory();
    WLSSLAdapter adapter = (WLSSLAdapter) factory.getSSLAdapter();
    // clientCredentialFile stores in PEM format the public key and
    // all the CAs associated with it + then the private key. All this in // a concatenated manner
    FileInputStream clientCredentialFile = new FileInputStream ("C:\\sslcert\\client-pub3.pem");
    // private key password
    String pwd = "password";
    adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
    adapter.setVerbose(true);
    adapter.setTrustedCertificatesFile("C:\\certificate\\server\\server.jks");
    adapter.setStrictCheckingDefault(false);
    factory.setDefaultAdapter(adapter);
    factory.setUseDefaultAdapter(true);
    boolean idAvailability = false;
    UNSLocator locator = new UNSLocator();
    URL portAddress = new URL("https://localhost:7002/smuSSWeb/UNSResponse.xml");
    UNSPort unsprt = locator.getUNSPort(portAddress);
    idAvailability = unsprt.isIDAvailable("Yulin125", "C");
    System.out.println("Got from method :"+idAvailability);
    After runing this code i am getting the following exception :
    AxisFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
    faultSubcode:
    faultString: java.net.SocketException: Software caused connection abort: socket write error
    faultActor:
    faultNode:
    faultDetail:
    I am using .pem (clientsigned,clientinter,clientroot, root-key) files for client authentication and i am using server.jks as a keystore for my server authentication.Once i run this code , i am able to present the server certificate chain to the client but i am not able to present the client certificate chain to server.
    I am stuck with for quite sometime.
    Some insight needed from the guru's

  • T3s protocol

    Hi,
    I'm running an applet from which i'm connecting to servlet in weblogic 6.0(SSL
    is enabled). We are trying to connect using t3s protocol but it is giving us error
    that resource is not found...Can some body give me some info regarding t3s protocol
    or any ideas regarding the above problem?
    Thanks in advance...
    -Madhu

    Madhu
    U need to connect to the T3s Server .If u are using the demo certificates
    then ur request should be
    t3s://weblogic.bea.com
    and in ur hosts file if windows map the url with the IP
    Sachin
    "Madhu" <[email protected]> wrote in message
    news:3be7efd6$[email protected]..
    >
    Hi,
    I'm running an applet from which i'm connecting to servlet in weblogic6.0(SSL
    is enabled). We are trying to connect using t3s protocol but it is givingus error
    that resource is not found...Can some body give me some info regarding t3sprotocol
    or any ideas regarding the above problem?
    Thanks in advance...
    -Madhu

  • 2-Way SSL and Webservices

    Greetings,
    After spending some time searching the docs and several dev2dev newsgroups I haven't been able to find a clear cut answer to an urgent question:
    I have a two webservices, the client (.jpd) and the server (.jws) which are installed on a separate weblogic 8.1 instances on different machines. The requirement is that the webservices must communicate with one another only over a 2-Way SSL connection.
    My question is how to setup this 2-way SSL configuration between the client and sever webservices. Do I need to write code or can I configure it using the web.xml files of the two webservies? I don't think it would make sense to configure the two weblogic instances to always use 2-WaySSL (via the startup script or config.xml), in which case the webservies might not inherit the truststore and other SSL connfiguration of the respective instances.
    If someone has already solved this problem, I would appreaciate to hear from you. This is an urgent problem and I am stumped. Any help would be appreciated!
    Regards

    Hi,
    I am trying to use 2 way ssl using webservices client , here is my code :
    AxisProperties.setProperty("org.apache.axis.components.net.SecureSocketFactory","org.apache.axis.components.net.SunFakeTrustSocketFactory");
    SSLAdapterFactory factory = SSLAdapterFactory.getDefaultFactory();
    WLSSLAdapter adapter = (WLSSLAdapter) factory.getSSLAdapter();
    // clientCredentialFile stores in PEM format the public key and
    // all the CAs associated with it + then the private key. All this in // a concatenated manner
    FileInputStream clientCredentialFile = new FileInputStream ("C:\\sslcert\\client-pub3.pem");
    // private key password
    String pwd = "password";
    adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
    adapter.setVerbose(true);
    adapter.setTrustedCertificatesFile("C:\\certificate\\server\\server.jks");
    adapter.setStrictCheckingDefault(false);
    factory.setDefaultAdapter(adapter);
    factory.setUseDefaultAdapter(true);
    boolean idAvailability = false;
    UNSLocator locator = new UNSLocator();
    URL portAddress = new URL("https://localhost:7002/smuSSWeb/UNSResponse.xml");
    UNSPort unsprt = locator.getUNSPort(portAddress);
    idAvailability = unsprt.isIDAvailable("Yulin125", "C");
    System.out.println("Got from method :"+idAvailability);
    After runing this code i am getting the following exception :
    AxisFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
    faultSubcode:
    faultString: java.net.SocketException: Software caused connection abort: socket write error
    faultActor:
    faultNode:
    faultDetail:
    I am using .pem (clientsigned,clientinter,clientroot, root-key) files for client authentication and i am using server.jks as a keystore for my server authentication.Once i run this code , i am able to present the server certificate chain to the client but i am not able to present the client certificate chain to server.
    I am stuck with for quite sometime.
    Some insight needed from the guru's

  • Decrypt Error using 2-way SSL

    I am exposing a stateless Session bean as a webservice and have setup truststore/keystore to allow clients access using 2-way SSL. Recently one of the clients beagn to get TLS Alert 51 - Decrypt Error during the SSL handshake, right after "HANDSHAKEMESSAGE: CertificateVerify". Other clients of 2-way SSL don't appear to have any issues.
    Has anyone seen this?
    Thanks
    Peter
    some SSl debug follows:
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLTrustValidator returns: 0>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Trust status (0): NONE>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <HANDSHAKEMESSAGE: ClientKeyExchange RSA>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLFilter.isActivated: false>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <isMuxerActivated: false>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLFilter.isActivated: false>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <30911879 SSL3/TLS MAC>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <30911879 received HANDSHAKE>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <HANDSHAKEMESSAGE: CertificateVerify>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <NEW ALERT with Severity: FATAL, Type: 51
    java.lang.Exception: New alert stack
         at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
         at com.certicom.tls.record.handshake.ServerStateReceivedClientKeyExchange.handle(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
         at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
         at com.bea.sslplus.CerticomSSLContext.forceHandshakeOnAcceptedSocket(Unknown Source)
         at weblogic.security.utils.SSLContextWrapper.forceHandshakeOnAcceptedSocket(SSLContextWrapper.java:128)
         at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:484)
         at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
         at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    >
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <write ALERT, offset = 0, length = 2>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <close(): 7828>
    ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLIOContextTable.removeContext(ctx): 9723897>

    I too am struggling with SSL but I was given some help by BEA. This does not help me since It seems like the proxy jar I download from the WS Home Page wants to go directly to the JPD not the jws. This example of two way SSL should work for you. I am including the Main class but not the generated files it refers to. I don't know how to attach files to the news groups. The key thing it to make use of the adapters. The Impl and Port are part of the downloaded proxy.
    public static void main(String[] args) throws Exception {
    // set weblogic ServiceFactory
    System.setProperty("javax.xml.rpc.ServiceFactory", "weblogic.webservice.core.rpc.ServiceFactoryImpl");
    // set weblogic client protocol handler
    System.setProperty("java.protocol.handler.pkgs", "weblogic.webservice.client");
    // set the SSL adapter
    SSLAdapterFactory adapterFactory = SSLAdapterFactory.getDefaultFactory();
    WLSSLAdapter adapter = (WLSSLAdapter) adapterFactory.getSSLAdapter();
    // two-way SSL you must loadLocalIdentity to provide certs back to the server
    FileInputStream clientCredentialFile = new FileInputStream ("./client/clientcred.pem");
    String pwd = "canpass";
    adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
    adapter.setVerbose(true);
    adapter.setTrustedCertificatesFile("./config/ca1024.pem");
    adapter.setStrictChecking(false);
    adapterFactory.setDefaultAdapter(adapter);
    adapterFactory.setUseDefaultAdapter(true);
    String a = null;
    if (args.length < 1) {
    a = "Sample String";
    } else {
    a = args[0];
    ToUpper_Impl lookup = new ToUpper_Impl();
    ToUpperPort value = lookup.gettoUpperPort();
    String result = value.toUpper(a);
    System.out.println(result);
    }

  • Cannot get web service using 2-way SSL to work

    WebLogic 8.1 sp4, using jdk 1.4.2_05 within BEA install dir (not JRockit). Also using WLWorkshop.
    I'm trying to call a web service provided by a third-party requiring 2-way SSL; The third-party provided a server cert to trust and a key/cert to use from our client. After updating my key and trust stores, I'm able to run this with no problem from another web service test product (CapeClear).
    How does one do this from WLS? I did the following (nothing has worked):
    - Started my WLS server; using the console, updated the Configuration|Keystores & SSL section and restarted - the console output indicates that all loaded correctly. I also changed the option on Two Way Client Cert Behavior to 'Client Certs Requested and Enforced'.
    - Updated my setDomainEnv.cmd to include the following options -Dweblogic.security.SSL.ignoreHostnameVerify=true -Dweblogic.security.SSL.enforceConstraints=off; I also added the -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true options.
    - Within Workshop, created my web service control from the provided WSDL and generated a test JPF; when I run the test, I get an exception related to an invalid content type (text\html). This occurs because the client-side SSL piece did not take place and the client was presented with a login-page rather than a web-service XML result.
    - I updated the JDK security jars with domestic strength algorithms; no change in behavior.
    - No SSL errors in the debug trace (I can provide log upon request).
    What other parameter and/or setting do I need to update to get this to work?
    Any help would be tremendously appreciated.
    Thanks,
    Rick

    I too am struggling with SSL but I was given some help by BEA. This does not help me since It seems like the proxy jar I download from the WS Home Page wants to go directly to the JPD not the jws. This example of two way SSL should work for you. I am including the Main class but not the generated files it refers to. I don't know how to attach files to the news groups. The key thing it to make use of the adapters. The Impl and Port are part of the downloaded proxy.
    public static void main(String[] args) throws Exception {
    // set weblogic ServiceFactory
    System.setProperty("javax.xml.rpc.ServiceFactory", "weblogic.webservice.core.rpc.ServiceFactoryImpl");
    // set weblogic client protocol handler
    System.setProperty("java.protocol.handler.pkgs", "weblogic.webservice.client");
    // set the SSL adapter
    SSLAdapterFactory adapterFactory = SSLAdapterFactory.getDefaultFactory();
    WLSSLAdapter adapter = (WLSSLAdapter) adapterFactory.getSSLAdapter();
    // two-way SSL you must loadLocalIdentity to provide certs back to the server
    FileInputStream clientCredentialFile = new FileInputStream ("./client/clientcred.pem");
    String pwd = "canpass";
    adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
    adapter.setVerbose(true);
    adapter.setTrustedCertificatesFile("./config/ca1024.pem");
    adapter.setStrictChecking(false);
    adapterFactory.setDefaultAdapter(adapter);
    adapterFactory.setUseDefaultAdapter(true);
    String a = null;
    if (args.length < 1) {
    a = "Sample String";
    } else {
    a = args[0];
    ToUpper_Impl lookup = new ToUpper_Impl();
    ToUpperPort value = lookup.gettoUpperPort();
    String result = value.toUpper(a);
    System.out.println(result);
    }

  • Is there any way to use a file transfer protocol to upload files to icloud?

    Is there any way to use a file transfer protocol to upload files to icloud?

    Unfortunately, no.
    You will need a 3rd party web host to upload your websites to. Depending on the version of iWeb you are using you have a couple of publishing options:
    iWeb ’09 (3.0.4) you can publish to an FTP Server or a local folder. ( With the built in FTP in iWeb you will end up with an address like “www.YourDomain.com/sitename/Home.html )
    iWeb ’08 you can publish your website to a local folder
    Basically all Web Hosting companies are iWeb-compatible.
    If you’re looking for a good hosting I would recommend IX Web Hosting I have been using them to host my own websites for several years now and that their customer support is awesome too.
    http://jeffnitschke.com/IXWebHosting.html
    http://jeffnitschke.com/wordpress/2012/06/how-do-i-move-my-mobileme-site-ix-web- hosting-blog/
    "I may receive some form of compensation from my recommendation or link."

  • Two-Way SSL does not work until "Use Server Certs" is selected on client

    We have a web service application and a client application. Both applications are deployed in WebLogic 10.3. The web service application is secured by Two-Way SSL. When the client attempts to access the service, we got the following error logs on the server side:
    <Dec 8, 2009 3:25:42 PM EST> <Warning> <Security> <BEA-090508> <Certificate chain received from ... was incomplete.>
    CertPathTrustManagerUtils.certificateCallback: certPathValStype = 0
    CertPathTrustManagerUtils.certificateCallback: validateErr = 4
    CertPathTrustManagerUtils.certificateCallback: returning false because of built-in SSL validation errors
    We got the same error even if the WebLogic 10.3 domain on the client side uses the same identity and trust keystores as the server side.
    The problem was solved when we selected Environment -> Servers -> <server> -> SSL, expanded "Advanced" and selected "Use Server Certs". Could anyone tell me what "Use Server Certs" does to make the difference?
    Another question is how we can invoke this web service in a Java application since "Use Server Certs" solution only works for web application deployed in weblogic.

    "Use Server Certs" means that a client application running within Weblogic will use the WL managed server's identity certificate as its client certificate. Otherwise, the client application is responsible for selecting the keystore, and presenting the certificate as part of the handshake.
    This is a great feature in 9 & 10; client SSL was much more difficult in WL 8.
    If you are using a standalone client application to invoke anything over 2-way SSL, you are responsible for presenting the certificate. For instance, if you invoke the page from your browser, your browser can maintain client certificates and you'll get a popup to select which cert to use.

  • 2 way SSL in web services [using Axis]

    Hi,
    Can anyone tell me how to implement 2 way SSL handshake before making a web service call , using Axis.
    This is what i have to start off with:
    1. wsdl, which i use to create the client side files [using eclipse] do meet the business needs.
    2. I also have my [client] key and cert and the servers root cert, required for SSL handshake
    Thanks for the help,
    Sandy

    Hi,
    Do you have created a Service Key provider and attached the same to proxy service.
    Oracle Service Bus verifies that you have associated a service key provider with the proxy service and that the service key provider contains a key-pair binding that can be used as a digital signature.
    Service Key Providers
    Regards,
    Abhinav

  • How to Use a Certificate for Two Way SSL and another certificate for WS Security Header at Client Console Application(C# Dotnet)

    Hi,
    I want to consume a Java Web service from Dotnet based client Application. The service require one Certificate("abc.PFX") for Two Way SSL purpose and another certificate("xyz.pfx") for WS security purpose to be passed from client Application(Dotnet
    Console based). I tried configuring the App.config of Client application to pass both the certs but getting Error says:
    Could not establish secure channel for SSL/TLS with authority "******aaaa.com"
    Please suggest how to pass both the certs from client Application..

    Hi,
    This problem can be due to an Untrusted certificate. So you need just full permissions to certificates.
    And for more information, you could refer to:
    http://contractnamespace.blogspot.jp/2014/12/could-not-create-secure-channel-fix.html
    Regards

  • I am having trouble Trouble implementing one-way SSL on WebLogic 9.2...

    I am having trouble Trouble implementing one-way SSL on WebLogic 9.2. I am using Demo Identity and Demo Trust certificates with a SSL Listen Port Enabled on 7002, and a Two Way Client Cert Behavior of Client Certs Not Requested. I assume that by using Client Certs Not Requested that there is no need to install certificates on user's computers.
    When weblogic is restarted, I get the following log telling me it works...
    <Sep 11, 2012 9:35:16 AM PDT> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias DemoIdentity from the jks keystore file E:\bea\WEBLOG~1\server\lib\DemoIdentity.jks.>
    <Sep 11, 2012 9:35:17 AM PDT> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file E:\bea\WEBLOG~1\server\lib\DemoTrust.jks.>
    <Sep 11, 2012 9:35:17 AM PDT> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file e:\bea\jdk150_12\jre\lib\security\cacerts.>
    <Sep 11, 2012 9:35:17 AM PDT> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.9.20.172:7000 for protocols iiop, t3, ldap, http.>
    <Sep 11, 2012 9:35:17 AM PDT> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure" is now listening on 10.9.20.172:7002 for protocols iiops, t3s, ldaps, https.>
    However, when I open the console in https://server:7002/console, I get the following error in log file...
    <Sep 11, 2012 9:43:45 AM PDT> <Warning> <Security> <BEA-090481> <NO_CERTIFICATE alert was received from x.y.z.com - 10.37.10.54. Verify the SSL configuration has a proper SSL certificate chain and private key specified.>
    <Sep 11, 2012 9:43:45 AM PDT> <Warning> <Security> <BEA-090508> <Certificate chain received from x.y.z.com - 10.37.10.54 was incomplete.>
    I do not understand why I am getting this error when I assume there is no need to install certificates on user's computers. Can't someone please explain what is going on? Thanks in advance.

    <?xml version='1.0' encoding='UTF-8'?>
    <domain xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/security/extension http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/90/security/xacml http://www.bea.com/ns/weblogic/90/security/xacml.xsd http://www.bea.com/ns/weblogic/90/security http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/920/domain http://www.bea.com/ns/weblogic/920/domain.xsd http://www.bea.com/ns/weblogic/90/security/wls http://www.bea.com/ns/weblogic/90/security/wls.xsd">
    <name>nctcis</name>
    <domain-version>9.2.3.0</domain-version>
    <security-configuration>
    <name>nctcis</name>
    <realm>
    <sec:authentication-provider xsi:type="wls:default-authenticatorType">
    <sec:name>DefaultAuthenticator</sec:name>
    <sec:control-flag>SUFFICIENT</sec:control-flag>
    </sec:authentication-provider>
    <sec:authentication-provider xsi:type="wls:default-identity-asserterType">
    <sec:name>DefaultIdentityAsserter</sec:name>
    <sec:active-type>AuthenticatedUser</sec:active-type>
    </sec:authentication-provider>
    <sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
    <sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
    <sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
    <sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
    <sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
    <sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
    <sec:name>myrealm</sec:name>
    </realm>
    <default-realm>myrealm</default-realm>
    <anonymous-admin-lookup-enabled>true</anonymous-admin-lookup-enabled>
    <credential-encrypted>{3DES}PyUkjWRp8JGpk75BYSbvQ6OWYgA9SZq2nj2IuENa2vxrMy835GMRZ+GGKhJiWapjt0mMC2ohcxxlIMNUZJUH2gCjbB5kQUmA</credential-encrypted>
    <node-manager-username>system</node-manager-username>
    <node-manager-password-encrypted>{3DES}KmaZDZGQC6spYVY12CbJGA==</node-manager-password-encrypted>
    </security-configuration>
    <jta>
    <timeout-seconds>1800</timeout-seconds>
    <abandon-timeout-seconds>3600</abandon-timeout-seconds>
    <max-transactions>100000</max-transactions>
    <max-resource-unavailable-millis>100000</max-resource-unavailable-millis>
    </jta>
    <log>
    <name>nctcis</name>
    <file-name>e:/netcracker/logs/wl-domain.log</file-name>
    <file-min-size>5120</file-min-size>
    </log>
    <server>
    <name>nctcisAdmin</name>
    <ssl>
    <enabled>true</enabled>
    <hostname-verifier xsi:nil="true"></hostname-verifier>
    <hostname-verification-ignored>false</hostname-verification-ignored>
    <client-certificate-enforced>true</client-certificate-enforced>
    <two-way-ssl-enabled>false</two-way-ssl-enabled>
    <server-private-key-alias>tcisdevbpagov_cert</server-private-key-alias>
    <server-private-key-pass-phrase-encrypted>{3DES}T21dXO5l79SRI+xSmGOE+A==</server-private-key-pass-phrase-encrypted>
    <use-server-certs>false</use-server-certs>
    </ssl>
    <log>
    <name>nctcisAdmin</name>
    <file-name>e:/netcracker/logs/weblogic.log</file-name>
    <file-min-size>5120</file-min-size>
    </log>
    <listen-port>7000</listen-port>
    <web-server>
    <name>nctcisAdmin</name>
    <web-server-log>
    <name>nctcisAdmin</name>
    <file-name>e:/netcracker/logs/access.log</file-name>
    <file-min-size>5120</file-min-size>
    </web-server-log>
    </web-server>
    <listen-address>tcis.dev.bpa.gov</listen-address>
    <key-stores>DemoIdentityAndDemoTrust</key-stores>
    <custom-identity-key-store-file-name>E:\bea\jdk150_12\bin\tcisdevbpagov_identity.jks</custom-identity-key-store-file-name>
    <custom-identity-key-store-type>JKS</custom-identity-key-store-type>
    <custom-identity-key-store-pass-phrase-encrypted>{3DES}T21dXO5l79SRI+xSmGOE+A==</custom-identity-key-store-pass-phrase-encrypted>
    <custom-trust-key-store-file-name>E:\bea\jdk150_12\bin\tcisdevbpagov_trust.jks</custom-trust-key-store-file-name>
    <custom-trust-key-store-type>JKS</custom-trust-key-store-type>
    <custom-trust-key-store-pass-phrase-encrypted>{3DES}I++r0/FEMRGFrqF47pYZJA==</custom-trust-key-store-pass-phrase-encrypted>
    </server>
    <embedded-ldap>
    <name>nctcis</name>
    <credential-encrypted>{3DES}i51JYfmoGyFTxPjiCjjtXWwza1t13k56Ls7fmdqtKB0=</credential-encrypted>
    </embedded-ldap>
    <configuration-version>9.2.3.0</configuration-version>
    <app-deployment>
    <name>NetCracker</name>
    <target>nctcisAdmin</target>
    <module-type>ear</module-type>
    <source-path>applications\NetCracker</source-path>
    <security-dd-model>DDOnly</security-dd-model>
    <staging-mode>nostage</staging-mode>
    </app-deployment>
    <app-deployment>
    <name>pictures</name>
    <target>nctcisAdmin</target>
    <module-type>war</module-type>
    <source-path>e:\pictures</source-path>
    <security-dd-model>DDOnly</security-dd-model>
    <staging-mode>nostage</staging-mode>
    </app-deployment>
    <jms-server>
    <name>NCJMSServer</name>
    <target>nctcisAdmin</target>
    <temporary-template-resource>NCJMSModule</temporary-template-resource>
    <temporary-template-name>NetCrackerTemplate</temporary-template-name>
    <message-buffer-size>100000</message-buffer-size>
    </jms-server>
    <self-tuning>
    <max-threads-constraint>
    <name>MaxThreadsConstraint</name>
    <target>nctcisAdmin</target>
    <count>40</count>
    </max-threads-constraint>
    <work-manager>
    <name>default</name>
    <target>nctcisAdmin</target>
    <max-threads-constraint>MaxThreadsConstraint</max-threads-constraint>
    <work-manager-shutdown-trigger>
    <stuck-thread-count>1000</stuck-thread-count>
    </work-manager-shutdown-trigger>
    </work-manager>
    </self-tuning>
    <jms-system-resource>
    <name>NCJMSModule</name>
    <target>nctcisAdmin</target>
    <sub-deployment>
    <name>BEA_JMS_MODULE_SUBDEPLOYMENT_NCJMSServer</name>
    <target>NCJMSServer</target>
    </sub-deployment>
    <descriptor-file-name>jms/ncjmsmodule-jms.xml</descriptor-file-name>
    </jms-system-resource>
    <admin-server-name>nctcisAdmin</admin-server-name>
    <jdbc-system-resource>
    <name>NetCrackerDataSource</name>
    <target>nctcisAdmin</target>
    <descriptor-file-name>jdbc/NetCrackerDataSource-5713-jdbc.xml</descriptor-file-name>
    </jdbc-system-resource>
    <jdbc-system-resource>
    <name>NetCrackerDataSourceNonTX</name>
    <target>nctcisAdmin</target>
    <descriptor-file-name>jdbc/NetCrackerDataSourceNonTX-6926-jdbc.xml</descriptor-file-name>
    </jdbc-system-resource>
    </domain>
    Edited by: user6904153 on Sep 12, 2012 6:57 AM

  • Urgent : Problem with Client when OC4J has been setup in 2 way SSL mode

    This is the output that is generated in the JDeveloper console on running the example from b14429.pdf. Examle :
    ====================================================
    import HTTPClient.HTTPConnection;
    import HTTPClient.HTTPResponse;
    import javax.security.cert.X509Certificate;
    import oracle.security.ssl.OracleSSLCredential;
    import java.io.IOException;
    import javax.net.ssl.SSLPeerUnverifiedException;
    public class SSLSocketClientWithClientAuth {
    public static void main(String[] args) {
    if (args.length < 4) {
    System.out.println("Usage: java HTTPSConnectionTest [host] [port] " +
    "[wallet] [password]");
    System.exit(-1);
    String hostname = args[0].toLowerCase();
    int port = Integer.decode(args[1]).intValue();
    String walletPath = args[2];
    String password = args[3];
    HTTPConnection httpsConnection = null;
    OracleSSLCredential credential = null;
    try {
    httpsConnection = new HTTPConnection("https", hostname, port);
    } catch (IOException e) {
    System.out.println("HTTPS Protocol not supported");
    System.exit(-1);
    try {
    credential = new OracleSSLCredential();
    credential.setWallet(walletPath, password);
    } catch (IOException e) {
    System.out.println("Could not open wallet");
    System.exit(-1);
    httpsConnection.setSSLEnabledCipherSuites(new String[]{"SSL_RSA_WITH_3DES_EDE_CBC_SHA"});
    httpsConnection.setSSLCredential(credential);
    try {
    httpsConnection.connect();
    } catch (IOException e) {
    System.out.println("Could not establish connection");
    e.printStackTrace();
    System.exit(-1);
    // X509Certificate x509 = new X509Certificate();
    //javax.servlet.request.
    X509Certificate[] peerCerts = null;
    try {
    peerCerts =
    (httpsConnection.getSSLSession()).getPeerCertificateChain();
    } catch (javax.net.ssl.SSLPeerUnverifiedException e) {
    System.err.println("Unable to obtain peer credentials");
    e.printStackTrace();
    System.exit(-1);
    String peerCertDN =
    peerCerts[peerCerts.length - 1].getSubjectDN().getName();
    peerCertDN = peerCertDN.toLowerCase();
    if (peerCertDN.lastIndexOf("cn=" + hostname) == -1) {
    System.out.println("Certificate for " + hostname +
    " is issued to " + peerCertDN);
    System.out.println("Aborting connection");
    System.exit(-1);
    try {
    HTTPResponse rsp = httpsConnection.Get("/");
    System.out.println("Server Response: ");
    System.out.println(rsp);
    } catch (Exception e) {
    System.out.println("Exception occured during Get");
    e.printStackTrace();
    System.exit(-1);
    ================================================================
    C:\j2sdk1.4.2_09\bin\javaw.exe -client -classpath "D:\eclipse\workspace\OC4JClient\OC4JClient\classes;D:\eclipse\workspace\jdev\extensions\.jar;C:\Documents and Settings\nilesh_bafna\Desktop\Nitin\lib\jssl-1_1.jar;E:\product\10.1.3.1\OracleAS_1\j2ee\home\lib\http_client.jar;E:\product\10.1.3.1\OracleAS_1\jlib\javax-ssl-1_1.jar" -Djava.protocol.handler.pkgs=HTTPClient -Djavax.net.debug=ssl -Djavax.net.ssl.keyStore=F:/oc4jcert/client.keystore -Djavax.net.ssl.keyStorePassword=welcome1 -Djavax.net.ssl.trustStore=F:/oc4jcert/client.keystore -Djavax.net.ssl.trustStorePassword=welcome1 -DOracle.ssl.defaultCipherSuites=SSL_RSA_WITH_RC4_128_MD5 SSLSocketClientWithClientAuth ps4372.persistent.co.in 443 F:/oc4jcert/client.keystore welcome1
    keyStore is : F:/oc4jcert/client.keystore
    keyStore type is : jks
    init keystore
    init keymanager of type SunX509
    found key for : oracle-client
    chain [0] = [
    Version: V3
    Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    87fcc8e9 0ffcef8e 61f3be10 be7c9715 2792849b 3bbdeb1c cc76b337 4b82bbab
    86972c63 9af3adfd 35b5df99 9078a0d1 6dc760d8 0549a95a bfa7648a 9eadd326
    a6bc4b61 d8f8b42f 44e0b178 ff1dee20 db8406cd d800c26a 9c5a6ed9 4d6f2aef
    bc919814 3b46be39 e129280c e83afe12 c9d4e3d7 fb5787b1 d98bed4a 4f0833d5
    Validity: [From: Thu Jan 18 21:18:14 GMT+05:30 2007,
                   To: Wed Apr 18 21:18:14 GMT+05:30 2007]
    Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    SerialNumber: [    45af96be]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 41 47 35 41 90 10 E3 77 A7 F3 F5 81 37 49 4F 57 AG5A...w....7IOW
    0010: 01 11 82 A2 FB 69 46 E8 18 6C EE 11 23 A6 67 2E .....iF..l..#.g.
    0020: 68 4D D6 A6 E7 09 45 24 58 18 9A E5 44 49 10 9B hM....E$X...DI..
    0030: F1 EC 99 4A 45 5F A4 4F 71 3F 05 3D 45 29 42 CD ...JE_.Oq?.=E)B.
    0040: 11 87 DA 0C AA DC 55 4E CF 22 4A 94 85 CB E5 EB ......UN."J.....
    0050: BA E1 10 D2 C8 80 2C 6B 65 94 13 01 1F 6E 18 C3 ......,ke....n..
    0060: 87 33 8C 65 C7 03 16 03 24 FB 0D B0 6D D8 E7 AA .3.e....$...m...
    0070: A1 A5 48 90 0D D6 8C 47 50 2A AA 7C 7B 14 E5 B7 ..H....GP*......
    trustStore is: F:\oc4jcert\client.keystore
    trustStore type is : jks
    init truststore
    adding as trusted cert:
    Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    Algorithm: RSA; Serial number: 0x45af96be
    Valid from Thu Jan 18 21:18:14 GMT+05:30 2007 until Wed Apr 18 21:18:14 GMT+05:30 2007
    adding as trusted cert:
    Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    Algorithm: RSA; Serial number: 0x45af95dc
    Valid from Thu Jan 18 21:14:28 GMT+05:30 2007 until Wed Apr 18 21:14:28 GMT+05:30 2007
    init context
    trigger seeding of SecureRandom
    done seeding SecureRandom
    %% No cached client session
    *** ClientHello, TLSv1
    RandomCookie: GMT: 1152299454 bytes = { 41, 212, 166, 48, 109, 77, 185, 232, 204, 95, 158, 141, 60, 96, 196, 172, 49, 19, 49, 22, 222, 234, 47, 76, 27, 130, 5, 176 }
    Session ID: {}
    Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
    Compression Methods: { 0 }
    main, WRITE: TLSv1 Handshake, length = 73
    main, WRITE: SSLv2 client hello message, length = 98
    main, READ: TLSv1 Handshake, length = 839
    *** ServerHello, TLSv1
    RandomCookie: GMT: 1152299454 bytes = { 206, 186, 162, 116, 179, 72, 44, 198, 189, 25, 70, 227, 170, 235, 83, 186, 152, 49, 194, 222, 248, 3, 191, 170, 248, 95, 134, 35 }
    Session ID: {69, 175, 178, 190, 47, 141, 131, 115, 241, 226, 39, 29, 241, 65, 235, 165, 57, 40, 52, 85, 68, 85, 68, 84, 108, 141, 1, 125, 193, 191, 158, 208}
    Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
    Compression Method: 0
    %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
    ** SSL_RSA_WITH_RC4_128_MD5
    *** Certificate chain
    chain [0] = [
    Version: V3
    Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    6f24d75b 96919725 ad6ea93a cab0bd96 a49d2f3c e14f5c09 0e228e36 de64e0f2
    f2b82740 1653bdb4 5024d281 21ed8c4c 89bc322b 4dc9ffb2 0e97cd95 16e6fe1e
    380340c9 f3c67e2c 18d06461 f4f30eaf 4394716e 7bc66d80 810a9cb5 9c168b36
    cdd99919 67074ebc edebf02e ebf0accb 2193bc38 7ae1cdda af5ff300 ed0e7763
    Validity: [From: Thu Jan 18 21:14:28 GMT+05:30 2007,
                   To: Wed Apr 18 21:14:28 GMT+05:30 2007]
    Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    SerialNumber: [    45af95dc]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 05 4E EE 12 5B DD 7F 26 92 37 67 C9 D0 73 46 4D .N..[..&.7g..sFM
    0010: 7E A5 1E 67 38 06 D9 5F 9F B7 2F E8 F6 9E BF 88 ...g8.._../.....
    0020: 01 31 7D EA 42 5E 4F 9E D7 8F DA 9F 94 A5 EF 47 .1..B^O........G
    0030: E3 E9 BA DE 94 15 C6 03 DE C9 C0 7D CE 58 C0 27 .............X.'
    0040: 0F 1A 66 EC 73 53 5D 1D DE 7E FA 35 15 E0 2A CC ..f.sS]....5..*.
    0050: C9 74 CC 58 E9 B6 2F 68 A0 89 2B F3 E6 61 7D E1 .t.X../h..+..a..
    0060: 21 AF BE E8 83 49 B1 BD 36 C5 2D 1B 0D A1 0E 63 !....I..6.-....c
    0070: 02 4A 82 71 B0 E1 9C AD 55 67 F9 17 A5 96 18 EB .J.q....Ug......
    Found trusted certificate:
    Version: V3
    Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    6f24d75b 96919725 ad6ea93a cab0bd96 a49d2f3c e14f5c09 0e228e36 de64e0f2
    f2b82740 1653bdb4 5024d281 21ed8c4c 89bc322b 4dc9ffb2 0e97cd95 16e6fe1e
    380340c9 f3c67e2c 18d06461 f4f30eaf 4394716e 7bc66d80 810a9cb5 9c168b36
    cdd99919 67074ebc edebf02e ebf0accb 2193bc38 7ae1cdda af5ff300 ed0e7763
    Validity: [From: Thu Jan 18 21:14:28 GMT+05:30 2007,
                   To: Wed Apr 18 21:14:28 GMT+05:30 2007]
    Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    SerialNumber: [    45af95dc]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 05 4E EE 12 5B DD 7F 26 92 37 67 C9 D0 73 46 4D .N..[..&.7g..sFM
    0010: 7E A5 1E 67 38 06 D9 5F 9F B7 2F E8 F6 9E BF 88 ...g8.._../.....
    0020: 01 31 7D EA 42 5E 4F 9E D7 8F DA 9F 94 A5 EF 47 .1..B^O........G
    0030: E3 E9 BA DE 94 15 C6 03 DE C9 C0 7D CE 58 C0 27 .............X.'
    0040: 0F 1A 66 EC 73 53 5D 1D DE 7E FA 35 15 E0 2A CC ..f.sS]....5..*.
    0050: C9 74 CC 58 E9 B6 2F 68 A0 89 2B F3 E6 61 7D E1 .t.X../h..+..a..
    0060: 21 AF BE E8 83 49 B1 BD 36 C5 2D 1B 0D A1 0E 63 !....I..6.-....c
    0070: 02 4A 82 71 B0 E1 9C AD 55 67 F9 17 A5 96 18 EB .J.q....Ug......
    *** CertificateRequest
    Cert Types: RSA, DSS,
    Cert Authorities:
    <CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US>
    *** ServerHelloDone
    matching alias: oracle-client
    *** Certificate chain
    chain [0] = [
    Version: V3
    Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    87fcc8e9 0ffcef8e 61f3be10 be7c9715 2792849b 3bbdeb1c cc76b337 4b82bbab
    86972c63 9af3adfd 35b5df99 9078a0d1 6dc760d8 0549a95a bfa7648a 9eadd326
    a6bc4b61 d8f8b42f 44e0b178 ff1dee20 db8406cd d800c26a 9c5a6ed9 4d6f2aef
    bc919814 3b46be39 e129280c e83afe12 c9d4e3d7 fb5787b1 d98bed4a 4f0833d5
    Validity: [From: Thu Jan 18 21:18:14 GMT+05:30 2007,
                   To: Wed Apr 18 21:18:14 GMT+05:30 2007]
    Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    SerialNumber: [    45af96be]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 41 47 35 41 90 10 E3 77 A7 F3 F5 81 37 49 4F 57 AG5A...w....7IOW
    0010: 01 11 82 A2 FB 69 46 E8 18 6C EE 11 23 A6 67 2E .....iF..l..#.g.
    0020: 68 4D D6 A6 E7 09 45 24 58 18 9A E5 44 49 10 9B hM....E$X...DI..
    0030: F1 EC 99 4A 45 5F A4 4F 71 3F 05 3D 45 29 42 CD ...JE_.Oq?.=E)B.
    0040: 11 87 DA 0C AA DC 55 4E CF 22 4A 94 85 CB E5 EB ......UN."J.....
    0050: BA E1 10 D2 C8 80 2C 6B 65 94 13 01 1F 6E 18 C3 ......,ke....n..
    0060: 87 33 8C 65 C7 03 16 03 24 FB 0D B0 6D D8 E7 AA .3.e....$...m...
    0070: A1 A5 48 90 0D D6 8C 47 50 2A AA 7C 7B 14 E5 B7 ..H....GP*......
    JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
    *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
    Random Secret: { 3, 1, 236, 206, 185, 158, 75, 201, 230, 16, 170, 40, 193, 70, 188, 134, 36, 134, 14, 20, 191, 121, 246, 8, 7, 2, 137, 66, 166, 10, 185, 246, 104, 154, 27, 82, 161, 133, 11, 130, 11, 130, 71, 84, 155, 165, 239, 227 }
    main, WRITE: TLSv1 Handshake, length = 763
    SESSION KEYGEN:
    PreMaster Secret:
    0000: 03 01 EC CE B9 9E 4B C9 E6 10 AA 28 C1 46 BC 86 ......K....(.F..
    0010: 24 86 0E 14 BF 79 F6 08 07 02 89 42 A6 0A B9 F6 $....y.....B....
    0020: 68 9A 1B 52 A1 85 0B 82 0B 82 47 54 9B A5 EF E3 h..R......GT....
    CONNECTION KEYGEN:
    Client Nonce:
    0000: 45 AF B2 BE 29 D4 A6 30 6D 4D B9 E8 CC 5F 9E 8D E...)..0mM..._..
    0010: 3C 60 C4 AC 31 13 31 16 DE EA 2F 4C 1B 82 05 B0 <`..1.1.../L....
    Server Nonce:
    0000: 45 AF B2 BE CE BA A2 74 B3 48 2C C6 BD 19 46 E3 E......t.H,...F.
    0010: AA EB 53 BA 98 31 C2 DE F8 03 BF AA F8 5F 86 23 ..S..1......._.#
    Master Secret:
    0000: CA 5C BA B3 D0 C9 26 A9 3A 06 08 8F 27 2E CE 17 .\....&.:...'...
    0010: 93 98 BC DF EF 78 2A 99 DB 3E 50 3B 01 D1 84 5F .....x*..>P;..._
    0020: 28 80 CE 7C 7C C1 12 A4 11 F6 33 9B 2E D9 6F BE (.........3...o.
    Client MAC write Secret:
    0000: 80 FF CE 99 7C 45 4C D8 60 FA 40 79 A2 A4 36 7C .....EL.`[email protected].
    Server MAC write Secret:
    0000: 2D F1 A0 A8 ED A1 7B DD 89 A5 01 90 43 BF F1 19 -...........C...
    Client write key:
    0000: E1 3F 33 54 D3 C5 3A 26 4A 41 65 DA AC 44 3B 28 .?3T..:&JAe..D;(
    Server write key:
    0000: C5 08 52 AE A9 0A 4F D0 AD 54 49 C6 4E 2F 9C 4E ..R...O..TI.N/.N
    ... no IV for cipher
    JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
    *** CertificateVerify
    main, WRITE: TLSv1 Handshake, length = 134
    main, WRITE: TLSv1 Change Cipher Spec, length = 1
    main, handling exception: java.net.SocketException: Software caused connection abort: socket write error
    main, SEND TLSv1 ALERT: fatal, description = unexpected_message
    main, WRITE: TLSv1 Alert, length = 2
    Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
    main, called closeSocket()
    IOException in getSession(): java.net.SocketException: Software caused connection abort: socket write error
    Unable to obtain peer credentials
    javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
         at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA12275)
         at SSLSocketClientWithClientAuth.main(SSLSocketClientWithClientAuth.java:56)
    Process exited with exit code -1.
    =====================================================
    I think this is the problem with ciphers. So can anybody please help me with this!!!. This is very urgent!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    Thanks in advance
    Nilesh

    Thanks for your prompt reply I was able to make it run. Actually I am using the same keystore and truststore at both the client and the server end. I added those properties in opmn.xml as startup parameters.
    I have another query I am using JDev to create a client proxy for my webservice that is deployed in OC4J. I have setup OC4J in 2 way SSL (mutual authentication)
    When I invoke my client proxy with these system properties set
    System.setProperty("javax.net.ssl.keyStore",keyStore);
    System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
    System.setProperty("javax.net.ssl.trustStore", trustStore);
    System.setProperty("javax.net.ssl.trustStorePassword",trustStorePassword);
    System.setProperty("javax.net.ssl.keyStoreType","JKS");
    System.setProperty("javax.net.ssl.trustStoreType","JKS");
    I get an exception in the log.xml which is
    <MSG_TEXT>IOException in ServerSocketAcceptHandler$AcceptHandlerHorse:run</MSG_TEXT>
    <SUPPL_DETAIL><![CDATA[javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
                at com.sun.net.ssl.internal.ssl.ServerHandshaker.handshakeAlert(ServerHandshaker.java:1031)
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1535)
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:863)
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
                at oracle.oc4j.network.ServerSocketAcceptHandler.doSSLHandShaking(ServerSocketAcceptHandler.java:250)
                at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:868)
                at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
                at java.lang.Thread.run(Thread.java:595)
    ]]></SUPPL_DETAIL>
    Isn't setting these properties enough for sending a client certificate. Please help!!!!
    Thanks,
    Nilesh.

  • 1 WAY SSL issue.

    Our Domain has one proxy server and a weblogic cluster with 2 managed server running on Weblogic Integration Server 8.1 SP5.
    The proxy will forward the request to the cluster in a round robin.
    The environment is configured for 2 way SSL and the configuration works fine.
    The authorization used is perimeter authorization using HttpClusterServlet.
    Now I need one way ssl.
    Since the managed servers are configured for 1 way ssl I am trying to access the managed servers by bypassing the proxy.
    I am getting the following error.
    "Error 401--Unauthorized xxx
    From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
    10.4.2 401 Unauthorized
    I cehcked the server logs are getting the following error.
    Any help?
    Thanks && Regards,
    Rajeev
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 10330858>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <SSLSocket will be Muxing>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.findContext(is): 20100894>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <31630577 readRecord()>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <31630577 SSL3/TLS MAC>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <31630577 received HANDSHAKE>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ClientHello>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 58>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 2120>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 4>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <31630577 readRecord()>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <31630577 SSL3/TLS MAC>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <31630577 received HANDSHAKE>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ClientKeyExchange>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ClientKeyExchange RSA>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <31630577 readRecord()>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <31630577 SSL3/TLS MAC>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <31630577 received CHANGE_CIPHER_SPEC>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: false>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <31630577 readRecord()>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <31630577 SSL3/TLS MAC>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <31630577 received HANDSHAKE>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC offset = 0 length = 1>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <write HANDSHAKE offset = 0 length = 40>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.findContext(sock): 9712642>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <activateNoRegister()>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <avalable(): 31630577 : 0 + 0 = 0>
    <Nov 27, 2006 4:33:45 PM EST> <Debug> <TLS> <000000> <SSLFilter.activate(): activated: 20100894 31630577>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <31630577 read( offset: 0 length: 4080 )>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: true>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: true>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: true>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <hasSSLRecord()>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <hasSSLRecord returns true>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <31630577 readRecord()>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <31630577 SSL3/TLS MAC>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <31630577 received APPLICATION_DATA>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <31630577 APPDATA databufferLen 0>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <31630577 APPDATA contentLength 572>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <31630577 read databufferLen 572>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <31630577 read A returns 572>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <31630577 read( offset: 572 length: 3508 )>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: true>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: true>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: true>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <hasSSLRecord()>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <hasSSLRecord returns false 1>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <31630577 Rethrowing InterruptedIOException>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.findContext(sock): 9712642>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <activateNoRegister()>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <avalable(): 31630577 : 0 + 0 = 0>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <SSLFilter.activate(): activated: 20100894 31630577>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <31630577 read( offset: 572 length: 3508 )>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: true>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <isMuxerActivated: true>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <SSLFilter.isActivated: true>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <hasSSLRecord()>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <hasSSLRecord returns false 1>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <31630577 Rethrowing InterruptedIOException>
    *** ServletRequestImpl.setClientCertProxy.x509ProxyClientCert ***null
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <write APPLICATION_DATA offset = 0 length = 339>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <write APPLICATION_DATA offset = 6 length = 1526>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls.record.alert.Alert@89314f Severity: 1 Type: 0
    java.lang.Throwable: Stack trace
    at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
    at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
    at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
    at weblogic.socket.SocketMuxer.closeSocket(SocketMuxer.java:267)
    at weblogic.socket.SocketMuxer.cleanupSocket(SocketMuxer.java:605)
    at weblogic.socket.SocketMuxer.deliverExceptionAndCleanup(SocketMuxer.java:569)
    at weblogic.socket.SocketMuxer.deliverEndOfStream(SocketMuxer.java:513)
    at weblogic.servlet.internal.ServletResponseImpl.send(ServletResponseImpl.java:1221)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2637)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    >
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <avalable(): 31630577 : 0 + 0 = 0>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <write ALERT offset = 0 length = 2>
    <Nov 27, 2006 4:33:46 PM EST> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 10330858>

    I have exactly the same problem, except that I regularly open up the npr site. But here is the real problem. I open firefox>preferences>advanced>encryption>view certificates>add exception. But here is the problem. I can not click on the box to permanently store exception. This box appears permanently closed.
    I am currently running firefox 9.01, and I've got to say I never had any problems with firefox in all the years I've used it. But ever since it went through this dizzying series of upgrades from 3.6 to the present it has given me problems.
    I am a regular npr listener, and so this annoying error message is really making me consider permanently leaving firefox for chrome or safari.

  • Weblogic 6.1's 2-way SSL

    I'm using wsl proxy plug-in between iPlanet Webserver 4.1SP9 and
    wsl 6.1.
    The obj.conf of iPlanet web server was configured to use path proxy:
    -------- httpd.conf --------
    Init fn="load-modules" funcs="wl_proxy,wl_init" shlib="/usr/netscape/web/plugin\
    s/lib/libproxy.so"
    Init fn="wl_init"
    <Object name="weblogic" ppath="*/weblogic/*">
    Service fn="wl_proxy" WebLogicHost="wsl61.test.com" WebLogicPort="7001" Pat
    hTrim="/weblogic"
    </Object>
    The "Seccurity" parameter "magnus.conf" is set to on and an certificate
    was installed on this iPlnet web server.
    I was able to open:
    https://iplanet.test.com:443/weblogic/console
    to set 'Client Certificate Enforced' option in
    Petstore's SSL section with port 7002.
    I can also access:
    https://iplanet.test.com:443/weblogic/estore
    to bring up the top page and some pages of the petstore sample
    program. But the browser got no data fromt the web server
    when I clicked on "Enter the "Store". I then tried to "Enter the Store"
    directly through port 7002 (without proxying through iPlanet web server)
    and it also returned on data.
    I suppose that I have to modify petstore sample codes SSL protocol -
    even in 1-way SSL verification. Is this true?
    I also tried to change WebLogicPort="7001" to "7002" in obj.conf.
    which is tied to the SSL port of wsl61 with some sample certificates.
    When I open:
    https://iplanet.test.com:443/weblogic/console
    The server couldn't locate that object. I checked the adminGuide of
    of wsl6.1 on page 13-10. It mentioned 'SecurieProxy' parameter in
    the 'Service' directive in the obj.conf has to be set to ON.
    So I appended SecureProxy="on" as the following:
    <Object name="weblogic" ppath="*/weblogic/*">
    Service fn="wl_proxy" WebLogicHost="wsl61.test.com" WebLogicPort="7002" Pat
    hTrim="/weblogic" SecureProxy="on"
    </Object>
    But it still failed to connect to port 7002 of wsl61.
    In the FAQs of wsl61 has the section:
    Does the 6.1 plug-in support two-way SSL?
    No. But the plug-in can be set-up to require the client certificate and
    pass it on to WebLogic Server. For example:
    apache ssl
    SSLVerifyClient require
    SSLVerifyDepth 10
    SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars
    +StrictRequire
    I am confused with adminGuide's page 14-49. It talked about how to
    confiure 'Mutual Authentification' breifly - it only mentioned
    the opton of 'Client Certificate Enforced' besides copying root
    certificates into 'config' directory.
    Can someone explain to me whether the 2-way authentication can be done
    via plug-in proxy? If not, what is the right way/best way for 2-way
    authentication? Is anyone have some sample programs like petstore
    that work with iPlnet Web server and wsl61 with 2-way authentication?
    Thanks in advance.
    -kl

    I got some progress after digging into appendix
    of adminGuide.
    I added two more paramaters into obj.conf
    service directive:
    <Object name="weblogics" ppath="*/weblogics/*">
    Service fn="wl_proxy" WebLogicHost="wsl61.test.com" WebLogicPort="7002" Pat\
    hTrim="/weblogics" SecureProxy="ON" TrustedCAFile="/usr/netscape/server4/alias/\
    ca.pem"
    </Object>
    When I tried:
    https://iplanet.test.com:443/weblogics/
    It didn't hang. The browser showed:
    No backend server available for connection: timed out after 10 seconds.
    But I tested backend server. It was alive.
    Anyone got this working?
    Thanks.
    -kl

  • 2-Way SSL with a WebService

    Hi,
    unfortunately I have some problem to setup a Client that interacts with a Web Service via 2-way SSL. I hope that anybody of you can give me a useful hint to solve the problem.
    Client Side: I used a Java Client (just for testing) that runs as a program with the setExampleEnv-Settings.
    JAVA_OPTIONS="-Dbea.home=c:/bea -Dssl.debug=true -Djava.protocol.handler.pkgs=weblogic.webservice.client -Dweblogic.webservice.client.verbose=true -Dweblogic.security.SSL.verbose=true -Dweblogic.StdoutDebugEnabled=true -Dweblogic.webservice.client.ssl.strictcertchecking=false -Dweblogic.security.SSL.ignoreHostnameVerification=examples.security.sslclient.NulledHostnameVerifier"
    try {
    // set the SSL adapter
    SSLAdapterFactory adapterFactory = SSLAdapterFactory.getDefaultFactory();
    WLSSLAdapter adapter = (WLSSLAdapter) adapterFactory.getSSLAdapter();
    adapter.setVerbose( true );
    adapter.setStrictChecking( false );
    adapter.setTrustedCertificatesFile( "c:/bea/keytest/testidentity_server/testcertgenca.pem" );
    // two-way SSL you must loadLocalIdentity to provide certs back to the server
    FileInputStream clientCredentialFile = new FileInputStream ( "c:/bea/keytest/testidentity_client/testidentity.pem" );
    String pwd = "weblogic";
    adapter.loadLocalIdentity( clientCredentialFile, pwd.toCharArray() );
    adapterFactory.setDefaultAdapter( adapter );
    adapterFactory.setUseDefaultAdapter( true );
    DummyXYZConnection_Impl lookup = new DummyXYZConnection_Impl( "https://10.30.52.52:7612/DummyXYZConnection_webapp/DummyXYZConnection?WSDL" );
    DummyXYZConnectionPort value = lookup.getDummyXYZConnectionPort();
    result = value.operationalAvailability();
    System.out.println( "********************************************" );
    System.out.println( result );
    System.out.println( "********************************************" );
    } catch ( Exception e ) {
    System.out.println( "Interner Anwendungsfehler: " + e.getMessage() );
    e.printStackTrace();
    - Trusted Certificates File: Server certificate and the certificate from CertGenCA.pem
    - Client Credential File: Client certificate, certificate from CertGenCA.pem and private key
    Server Side: There is a Web Service deployed.
    JAVA_OPTIONS="-Dssl.debug=true -Djava.protocol.handler.pkgs=weblogic.webservice.client -Dweblogic.webservice.client.verbose=true -Dweblogic.security.SSL.verbose=true -Dweblogic.StdoutDebugEnabled=true -Dweblogic.webservice.client.ssl.strictcertchecking=false -Dweblogic.security.SSL.ignoreHostnameVerification=examples.security.sslclient.NulledHostnameVerifier -Dweblogic.webservice.client.ssl.trustedcertfile=/export/home/weblogic/keytest/testidentity_client/testcertgenca.pem"
    The Trusted Certificates File "testcertgenca.pem" includes the Client certificate and the certificate from CertGenCA.pem.
    In addition to that I have configured the SSL Listen Port, the Custom Identity Store and the Java Trust Store.
    - Custom Identity Keystore (jks): Server certificate and private key
    - Java Standard Trust Keystore:     JAVA_HOME/jre/lib/security/cacerts
    - Client Certs Requested And Enforced
    When I run the client now, I always receive the following stack trace:
    <02.03.2005 19.52 Uhr CET> <Info> <WebService> <BEA-220094> <An IOException was thrown trying to access the WSDL at the given URL.>
    <02.03.2005 19.52 Uhr CET> <Info> <WebService> <BEA-220034> <A stack trace associated with message 220094 follows:
    javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE alert received from 10.30.52.52 - 10.30.52.52. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hostname verification settings.
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertReceived(Unknown Source)
         at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)
         at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
         at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at com.certicom.tls.record.WriteHandler.write(Unknown Source)
         at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
         at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
         at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown Source)
         at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLConnection.java:228)
         at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(DefinitionFactory.java:106)
         at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:76)
         at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:108)
         at weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:91)
         at weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:66)
         at com.itellium.ecom.webservice.EComAMSConnection_Impl.<init>(EComAMSConnection_Impl.java:22)
         at Ssl2WayTest.main(Ssl2WayTest.java:53)
    >
    Interner Anwendungsfehler: Failed to retrieve WSDL from https://10.30.52.52:7612/EComAMSConnection_webapp/EComAMSConnection?WSDL. Please check the URL and make sure that it is a valid XML file [javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE alert received from 10.30.52.52 - 10.30.52.52. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hostname verification settings.]
    Where is the problem, the trusted CAs?
    When is choose "Client Certs Requested But Not Enforced" everything is working fine!
    All keys are build with the "utils.CertGen"-Tool and selfsigned.
    Thank you very much for your support.
    Best regards,
    Stefan
    P.S.: My environment settings are: BEA WLS 8.1 SP2 with JDK 1.4.1_05.

    Turn ssl debug on on the server: -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
    The server should log the reason why it rejected the connection - probably because the client did not provide any identity certificate. If this is the case make sure the server trusts the client certificate. SSL server sends the list of trusted certificates' subject names to the client with the certificate request, and if the client's identity cert issuer is not in the list the client will not send its identity certificate at all. See server log for the list of its trusted certificates.
    Pavel.

Maybe you are looking for

  • Adding new loops

    I just downloaded some loops, but how can I add em to garage band? thanks

  • Quantum Gateway Router no longer available??

    It's disappeared from the Verizon FiOS Equipment and Accessories Store list! Just yesterday it did show on that list. Here: https://teleproducts.verizon.com/fios/index.cfm/eh/DisplayProducts Anybody know anything about this? Pulled for problems? (See

  • Problem while installaing ADM management server.

    Hi all, I have installed siebel 8.1 with Oracle 10g. I have successfully installed everything but when I am trying to install ADM Management Server its giving error. Error: Unable to write out string table for language pack. Setup cannot continue.(SB

  • Mexico Digital Invoice Implementation without XI.

    Hi All, We are in the process of generating Digital invoice for Mexico. Is it possible to generate the Digital invoice without the XI system? If possible then what are the hurdles and challenges in achieving this. I did go through the list of Notes m

  • Unable to load plugin

    Hi, Intermitently we can see the following error. We see the following in the error logs of the directory: [24/Apr/2005:15:28:24 -0400] - Sun-ONE-Directory/5.2 B2003.143.0020 (64-bit) starting up [24/Apr/2005:15:28:26 -0400] - ERROR<4138> - plugin_de