Accepting runtime-specified SSL certificates in WebLogic 11g

Hi all!
In our application we need to call several Web Servervices based on URL's and trusted SSL certificates that are stored in database. Those certificates are self-signed but we cannot add them in the WebLogic truststore (we only want to accept them for those specific web service calls). This is 2-way SSL but our server refuses the remote certificate.
What is the right way to do this?
In WebLogic 10g we used to do the following:
    WlsSSLAdapter adapter = new WlsSSLAdapter();
    try {
        // setup for client certificate
        adapter.setKeystore(…);
        adapter.setClientCert(…);
        // setup for accepting the remote certificate
        adapter.setTrustManager(new TrustManager() {
            @Override
            public boolean certificateCallback(X509Certificate[] paramArrayOfX509Certificate, int paramInt) {
                return paramArrayOfX509Certificate[0] == expectedCertificate;
    } catch (Exception e) {
        throw new RuntimeException(e);
    ((weblogic.wsee.jaxrpc.StubImpl) servicePort)._setProperty(weblogic.wsee.jaxrpc.WLStub.SSL_ADAPTER, adapter);However in WebLogic 11g it appears that even if the <tt>TrustManager</tt> is called (which we checked by using a debugger), WebLogic refuses the certificate:
<validationCallback: validateErr = 16>
< cert[0] = Serial number: 9232073310112809071929676484517784211
    Issuer:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=mestoudi2
    Subject:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=mestoudi2
    Not Valid Before:Tue Nov 01 14:33:31 CET 2011
    Not Valid After:Sun Nov 02 14:33:31 CET 2031
    Signature Algorithm:MD5withRSA
    >
<weblogic user specified trustmanager validation status 16>
<Certificate chain received from mestoudi2 - 10.142.0.23 was not trusted causing SSL handshake failure.>
<Validation error = 16>
<Certificate chain is untrusted>
<SSLTrustValidator returns: 16>
<Trust status (16): CERT_CHAIN_UNTRUSTED>
<NEW ALERT with Severity: FATAL, Type: 42
    java.lang.Exception: New alert stack
      at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
      at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
…I think the first difference occurs on the line "+weblogic user specified trustmanager validation status 16+" where in WebLogic 10g the value was 0 instead of 16.
If we check "Use JSSE SSL" in the WebLogic administration console (which switches the implementation to com.sun.net.ssl instead of com.certicom.tls), the <tt>TrustManager</tt> is not called at all.
We also tried to configure the <tt>TrustManager</tt> by implementing a <tt>javax.net.ssl.X509TrustManager</tt> that we set on a <tt>weblogic.wsee.connection.transport.https.HttpsTransportInfo</tt> passed to the stub using
((weblogic.wsee.jaxrpc.StubImpl) servicePort)._setProperty(TRANSPORT_INFO, transportInfo);But it is not called either – however it works for setting up a proxy for example. We are generating the stubs using the clientgen Ant task (<tt>weblogic.wsee.tools.anttasks.ClientGenTask</tt>).
We are a little bit stuck, any idea of what we should do? Is the WebLogic 11g behavior a regression or is there something else we should configure to get back the old behavior?

Hello,
Weblogic has two keystores : identity (if you are doing 2 ways SSL) and trust. you should import your "external" certificate in the "trust" key store.
look at your server config to know your config : Home >Summary of Servers >AdminServer-->configuration-->keystore
I suggest that you change the default configuration (not using the demo one),
then when you know where is yo key store use the command line to add your certificate to trusted store (this is a example) :
opt/weblogic10_3_3/jdk160_18/jre/bin/keytool -import -noprompt -trustcacerts -alias BLCCertificateAuthority -file cacert2035.pem -keystore /opt/weblogic10_3_3/jdk160_18/jre/lib/security/cacerts
once your certificated is added to your trust store it should work.
I hope it will help.

Similar Messages

Problem in installation of free SSL certificate on Weblogic using keytool

We tried to install SSL certificate on weblogic certificate using Keystore ..but it is giving error in console at startup and server shutdowns automatically...
Steps followed:-
1) To generate keystore and private key and digital cerficate:-
keytool -genkey -alias mykey2 -keyalg RSA -keystore webconkeystore.jks -storepass webconkeystorepassword
2) To generate CSR
keytool -certreq -alias mykey2 -file webconcsr1.csr -keyalg RSA -storetype jks -keystore webconkeystore.jks -storepass webconkeystorepassword
3) CSR is uploaded on verisign site to generate free ssl certificate.All certificate text received is paste into file (cacert.pem)
4) Same certificate is put into same keystore using following command
keytool -import -alias mykey2 -keystore webconkeystore.jks -trustcacerts -file cacert.pem
5) Before step 4), we have also installed root /intermediate certificate to include chain using following command.
(intermediateCa.cer file is downloaded from verisign site)
keytool -import -alias intermediateca -keystore webconkeystore.jks -trustcacerts -file intermediateCa.cer
6) After this configuration we used weblogic admin module to configure Keystore and SSL.
7) For KeyStore tab in weblogic admin module, we have select option Custom Identity And Custom Trust provided following details under Identity and Trust columns:-
Private key alias: mykey2
PassKeyphrase: webconkeystorepassword
Location of keystore: location of webconkeystore.jks file on server
8) For SSL tab in weblogic admin module, we have select option KeyStores for Identity and Trust locations.
Error on console:
<Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore.jks under alias mykey2 on server AdminServer.>
<Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090087> <Server failed to bind to the configured Admin port. The port may already be used by another process.>
<Nov 3, 2009 3:00:17 PM IST> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: Server failed to bind to any usable port. See preceeding log message for details.>
<Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Nov 3, 2009 3:00:17 PM IST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
If anyone knows the solution ,please help us out.Thanx in advance.
I was really happy to get reply yesterday from "mv".I was not expecting such instant response.

Thanx all guys for your interest and support.
I have solved this issue.
We have weblogic 9 on unix env.
Following steps which I followed:
#generate private key
keytool -genkey -v -alias uinbrdcsap01_apac_nsroot_net -keyalg RSA -keysize 1024 -dname "CN=linuxbox042, OU=ASIA, O=Citigroup, L=CALC, S=MH, C=IN" -validity 1068 -keypass "webconkeystorepassword" -keystore "cwebconkeystore"
#generate csr
keytool -certreq -v -alias uinbrdcsap01_apac_nsroot_net -file linuxbox042.csr -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass webconkeystorepassword
Then we uploaded this csr on verisigns free ssl certificate to generate and receive certificate text.
We copied that text file in "ert4nov2009.crt" rt file used below.
Apart from that , mail which we received from verisign also contains links to download root ca certificate and intermediate ca certificate.We downloaded them.
roo ca in "root4nov2009.cer" file.
intermediate ca in "intermediateca4nov2009.cer"
both these files used in
#import root certificate
keytool -import -alias rootca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "root4nov2009.cer"
#import intermediate ca certificate
keytool -import -alias intermediateca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "intermediateca4nov2009.cer"
#install free ssl certifiate
keytool -import -alias uinbrdcsap01_apac_nsroot_net -file "cert4nov2009.crt" -trustcacerts -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass "webconkeystorepassword"
#after this admin configuration
In weblogic admin console module, we did following settings:-
1. under Configuration tab
a. Under KeyStore tab
For keystore , we selected "Custom identity and Custom Trust"
Under Identity,
Custom Identity Keystore:location of keystore "webconkeystore" on weblogic server
Custom Identity Keystore Type: JKS
Custom Identity Keystore Passphrase:password for keystore mentioend above.In our case, webconkeystorepassword
Same we copied Under "Trust", as we have not created separate keystore for trust.
Save setting.
b. Under SSL tab
Identity and Trust Locations: select "Keystores"
Private Key Alias: alias used while creating private keyi.e. in our case "uinbrdcsap01_apac_nsroot_net"
Save setting.
c. Under General tab
Check checkbox "SSL Listen Port Enabled"
and mention ssl port "SSL Listen Port"
Save setting.
After this activate changes.You might see error on admin module.
Using command prompt, stop the server and again restart and then try to access using https and port ...
you will definately get output...
in our case issue might be due to key size..we used 1024 key size ..it solve problem.
for your further reference plz find link below..it is also helpful.
http://download.oracle.com/docs/cd/E13222_01/wls/docs81/plugins/nsapi.html#112674

Godaddy SSL certificate on weblogic

Hello,
Recentally I purchased ssl certificate from godaddy, they send me 2 files (mydomain.crt) and (gd_bundle.crt).
now I don't know how to create .pem file just to complete the installation. below the instruction I did.
- keytool -genkey -alias client -keyalg RSA -keysize 2048 -keystore identity.jks -storepass password -keypass password
- keytool -certreq -keyalg RSA -keysize 2048 -alias client -file certreq.csr -keystore identity.jks -storepass password
here when I enter this I get an error ( keytool error: java.io.FileNotFoundException: CertChain.pem (No such file or directory not found). so how to create the CertChain.pem from the files I got from godaddy.
- keytool -import -file CertChain.pem -alias client -keystore identity.jks -storepass password
- keytool -import -file rootCA.cer -alias RootCA -keystore trust.jks -storepass password
Keytool –list –v –keystore <keystore-name> -storepass <keystore-password>

I found out how to install godaddy ssl certificate on weblogic follow the link below.
http://coreygilmore.com/blog/2009/06/02/install-a-go-daddy-ssl-certificate-for-use-with-jboss-or-the-bes-5-bas/
but I still get This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.

How to configure SSL certificates on weblogic 10.3.5?

Hi everybody,
i' ve got 2 certificates: Server and Intermediate CA. I used java keytool command to import these two certificates into new keystore:
keytool -import -v -alias server_cert -file certificate.pem -keystore keystore.jks
keytool -import -v -alias intermediate_ca -file intermediate.pem -keystore keystore.jks
Then as weblogic 10.3.5 documentation says i need to use ImportPrivateKey utility in order to import private key into keystore, so i use this command:
java utils.ImportPrivateKey -keystore private.jks -storepass password -keyfile mykey -keyfilepass password -keyfile private.pem -alias private
and get the following error:
Exception in thread "main" java.lang.NoClassDefFoundError: utils.ImportPrivateKey
at gnu.java.lang.MainThread.run(libgcj.so.7rh)
Caused by: java.lang.ClassNotFoundException: utils.ImportPrivateKey not found in gnu.gcj.runtime.SystemClassLoader{urls=[file:./], parent=gnu.gcj.runtime.ExtensionClassLoader{urls=[], parent=null}}
at java.net.URLClassLoader.findClass(libgcj.so.7rh)
at java.lang.ClassLoader.loadClass(libgcj.so.7rh)
at java.lang.ClassLoader.loadClass(libgcj.so.7rh)
at gnu.java.lang.MainThread.run(libgcj.so.7rh)
Any ideas? Thanks.
Regards,
Karolis M.

Hello,
Weblogic has two keystores : identity (if you are doing 2 ways SSL) and trust. you should import your "external" certificate in the "trust" key store.
look at your server config to know your config : Home >Summary of Servers >AdminServer-->configuration-->keystore
I suggest that you change the default configuration (not using the demo one),
then when you know where is yo key store use the command line to add your certificate to trusted store (this is a example) :
opt/weblogic10_3_3/jdk160_18/jre/bin/keytool -import -noprompt -trustcacerts -alias BLCCertificateAuthority -file cacert2035.pem -keystore /opt/weblogic10_3_3/jdk160_18/jre/lib/security/cacerts
once your certificated is added to your trust store it should work.
I hope it will help.

Problems using 4096 bit SSL certificate with WebLogic Apache 2.2 plug-in

Hi,
'm using WebLogic 9.2 MP3 and Apache HTTP Server (version 2.2) Plug-In. For security reasons, I have SSL installed on both Apache and WebLogic. So Apache must communicate with WebLogic via https.
I get the following error when attempting to access WebLogic via Apache:
Internet Explorer cannot display the webpage
These are the last lines in wlproxy log:
Fri Feb 26 14:08:59 2010 <71212672221392> INFO: SSL is configured
Fri Feb 26 14:08:59 2010 <71212672221392> SSL Main Context not set. Calling InitSSL
Fri Feb 26 14:08:59 2010 <71212672221331> INFO: Initializing SSL library
I've found that the problem is caused by using a 4096 bit intermediate cert. When I include this 4096 bit cert in the file referenced by plugin parameter "TrustedCAFile", it is unable to load it. I've tested 4096 bit certs from a few different certificate authorities, and consistently see this problem, so I know the problem is not related to the specific certificate. If I use a 2048 bit intermediate certificate, everything works perfectly fine.
Do you know if there are limitations to the certificate length that the plug-in can use?

Yes 4096 bit Certificates are not supported by the plugin.
You can use up to 2048 bit.
There is a Bug which clearly mentions it.
I dont remember the Bug Number, but an Oracle Support person will be able to tell you.
Hope this helps.
Faisal Khan
Edited by: Faisal Khan on Feb 27, 2010 2:08 PM

Inccorect Encrypted block when inserting SSL certificate

Generated new SSL certificate for Weblogic Serer 6.1, inserted Server certificate, the Root Certificate Authority (Chain File), the Private key file but is getting the following error - can anyone assist?
weblogic.security.AuthenticationException: Incorrect encrypted block possibly incorrect SSLServerCertificateChainFileName set for this server certificate at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:291)...

This might be caused by an invalid/not specified private key password.
Pavel.
bibi <[email protected]> wrote:
Generated new SSL certificate for Weblogic Serer 6.1, inserted Server
certificate, the Root Certificate Authority (Chain File), the Private
key file but is getting the following error - can anyone assist?
weblogic.security.AuthenticationException: Incorrect encrypted block
possibly incorrect SSLServerCertificateChainFileName set for this server
certificate at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:291)...

OHS not passing the client certificate in headers to WebLogic 11g

I'm struggling with the ssl configuration on Oracle HTTP Server, I have it configured so that it request the correct client certificate, I select it but when it performs the http redirects between itself and WebLogic none of the headers I configured in the httpd.conf are passed to WebLogic.
ssl.conf
# OHS Listen Port
# Listen 4443
Listen 443
<IfModule ossl_module>
## SSL Global Context
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
# Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache "shmcb:${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/ssl_scache(512000)"
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
<IfModule mpm_winnt_module>
SSLMutex "none"
</IfModule>
<IfModule !mpm_winnt_module>
SSLMutex pthread
</IfModule>
## SSL Virtual Host Context
<VirtualHost *:443>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional and require.
SSLVerifyClient optional
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
# SSL Certificate Revocation List Check
# Valid values are On and Off
SSLCRLCheck Off
#Path to the wallet
SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
SimulateHttps On
</VirtualHost>
</IfModule>
I added the following to the httpd.conf
LoadModule certheaders_module "${ORACLE_HOME}/ohs/modules/mod_certheaders.so"
AddCertHeader HTTPS
AddCertHeader SSL_CLIENT_CERT
AddCertHeader SSL_CLIENT_S_DN
AddCertHeader SSL_CLIENT_S_DN_CN
AddCertHeader SSL_SERVER_CERT
The only errors I see in the logs are:
[ERROR:32] [OHS-9999] [core.c] [host_id: angkor.englink.bah.com] [host_addr: 127.0.0.1] [tid: 1335089472] [user: root] [ecid: 004bXaue_EwFw000jzwkno0006kT00000K] [rid: 0] [VirtualHost: main] File does not exist: /u01/app/oracle/Middleware/WT/Runtime/config/OHS/englink/htdocs/favicon.ico
Other things to mention:
I do have a certificate error but I don't see anything in the logs as to why and to be honest i'm not sure where to look.
And I did not originally configure this server but i'm concerned that the above thinks the host_addr is 127.0.0.1 instead of the actual ip of the server (should I change this?)
Any help is appreciated.
Edited by: 843394 on Mar 10, 2011 6:28 AM

Were you able to resolve this issue? I am currently having the same issue. I thought that it was likely that my ssl.conf didn't have SSLOptions +ExportCertData ... but I still have the issue after modifying ssl.conf.

Can I reference 2 different SSL certificates in the same weblogic.properties

Hello,
Can I reference 2 different SSL certificates in the same
weblogic.properties
file?
Reason is we have 2 groups of users for a web application: one will use
a
French-language DNS to access
the application, and the other will use English DNS. Both DNS will point
to
the same application on the same
server.
Example of what we require:
weblogic.security.certificate.server=mycert1.pem
weblogic.security.key.server=mykey1.der
weblogic.security.certificate.authority=rootCertificate1.pem
----and---
weblogic.security.certificate.server=mycert2.der
weblogic.security.key.server=mykey2.der
weblogic.security.certificate.authority=rootCertificate2.pem
mycert1 will correspond to DNS1, and mcert2 will correspond to DNS2, and
both
DNS1 and DNS2 point to the same application on the same box.
Thanks,
Ragu

I think that you can only have one server certificate per server currently
since the certificate establishes the server's identity and there isn't
support for a server to have two identities at the same time.
"RAGUTAM BOMMAREDDY" <[email protected]> wrote in message
news:[email protected]..
Hello,
Can I reference 2 different SSL certificates in the same
weblogic.properties
file?
Reason is we have 2 groups of users for a web application: one will use
a
French-language DNS to access
the application, and the other will use English DNS. Both DNS will point
to
the same application on the same
server.
Example of what we require:
weblogic.security.certificate.server=mycert1.pem
weblogic.security.key.server=mykey1.der
weblogic.security.certificate.authority=rootCertificate1.pem
----and---
weblogic.security.certificate.server=mycert2.der
weblogic.security.key.server=mykey2.der
weblogic.security.certificate.authority=rootCertificate2.pem
mycert1 will correspond to DNS1, and mcert2 will correspond to DNS2, and
both
DNS1 and DNS2 point to the same application on the same box.
Thanks,
Ragu

How can the client know if the SSL certificate specified in the service-config.xml file is invalid/u

Hi,
How can the client know if the SSL certificate specified in the service-config.xml file is invalid/untrusted/expired? For example using iOS client, the trusted certificate will not work and the client has no way to know that the certificate is untrusted. Can the lcds server return any specific exceptions for SSL errors?
Thanks,
Swathi.

We use a standard Java keystore and certificate validation can be handled as per standard best practices. At present we do not provide a hook point to validate the server certificate. However, you can register a bootstrap service which validates the certificate on system startup: http://help.adobe.com/en_US/dataservicesjee/4.6/Developing/WSc3ff6d0ea77859461172e0811f00f 6fe7f-7ffeUpdate.html This would require you to pass another copy of the keystore configuration to you Bootstrap service and then you can inspect the certificate in the keystore and validate it.

WebLogic SSL Certificate

Can I install two SSL certificate in one weblogic instance.
The server is connected through the Load Balancer.
So I need one certificate with Alteon URL and one more for direct server.
Thanks for your help.
Lax
309-735-1038.

Hi Lax,
This thread addresses your question
http://newsgroups.bea.com/cgi-bin/dnewsweb?utag=&group=weblogic.developer.interest.security&xrelated=6279&cmd_thread_last.x=56&cmd_thread_last.y=8
Cheers,
Joe Jerry
Laxman wrote:
Can I install two SSL certificate in one weblogic instance.
The server is connected through the Load Balancer.
So I need one certificate with Alteon URL and one more for direct server.
Thanks for your help.
Lax
309-735-1038.

Weblogic 11g hangs after adding -Xmanagement start parameter

Hi.
I've got very strange problem with Weblogic 11g.
After adding to startup parameter:
-Xmanagement:port=3107,authenticate=false,ssl=false
server hangs during start.
<May 2, 2012 2:45:19 PM> <INFO> <NodeManager> <Server output log file is '/u01/app/Oracle/Middleware/user_projects/domains/jmsZycie/servers/srv1/logs/srv1.out
'>
JAVA Memory arguments: -Xms512m -Xmx512m
WLS Start Mode=Production
CLASSPATH=/u01/app/Oracle/Middleware/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/app/Oracle/Middleware/jrockit-jdk1.6.0_29-R
28.2.2-4.1.0/lib/tools.jar:/u01/app/Oracle/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/u01/app/Oracle/Middleware/wlserver_10.3/server/lib/weblogic.ja
r:/u01/app/Oracle/Middleware/modules/features/weblogic.server.modules_10.3.6.0.jar:/u01/app/Oracle/Middleware/wlserver_10.3/server/lib/webservices.jar:/u01/ap
p/Oracle/Middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/u01/app/Oracle/Middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:/u01/a
pp/Oracle/Middleware/wlserver_10.3/common/derby/lib/derbyclient.jar:/u01/app/Oracle/Middleware/wlserver_10.3/server/lib/xqrl.jar:/u01/app/Oracle/Middleware/pa
tch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/app/Oracle/Middleware/jrockit-jdk1.6.0_29-R28.2.2-4.1.0/lib/tools.jar:/u01/app/Ora
cle/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/u01/app/Oracle/Middleware/wlserver_10.3/server/lib/weblogic.jar:/u01/app/Oracle/Middleware/modules/fe
atures/weblogic.server.modules_10.3.6.0.jar:/u01/app/Oracle/Middleware/wlserver_10.3/server/lib/webservices.jar:/u01/app/Oracle/Middleware/modules/org.apache.
ant_1.7.1/lib/ant-all.jar:/u01/app/Oracle/Middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar::/u01/app/Oracle/Middleware
PATH=/u01/app/Oracle/Middleware/wlserver_10.3/server/bin:/u01/app/Oracle/Middleware/modules/org.apache.ant_1.7.1/bin:/u01/app/Oracle/Middleware/jrockit-jdk1.6
.0_29-R28.2.2-4.1.0/jre/bin:/u01/app/Oracle/Middleware/jrockit-jdk1.6.0_29-R28.2.2-4.1.0/bin:/u01/app/Oracle/Middleware/wlserver_10.3/server/bin:/u01/app/Orac
le/Middleware/modules/org.apache.ant_1.7.1/bin:/u01/app/Oracle/Middleware/jrockit-jdk1.6.0_29-R28.2.2-4.1.0/jre/bin:/u01/app/Oracle/Middleware/jrockit-jdk1.6.
0_29-R28.2.2-4.1.0/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http://hostname:port/console *
starting weblogic with Java version:
java version "1.6.0_29"
Java(TM) SE Runtime Environment (build 1.6.0_29-b11)
Oracle JRockit(R) (build R28.2.2-7-148152-1.6.0_29-20111221-2104-linux-x86_64, compiled mode)
Starting WLS with line:
/u01/app/Oracle/Middleware/jrockit-jdk1.6.0_29-R28.2.2-4.1.0/bin/java -jrockit -Xms512m -Xmx512m -Dweblogic.Name=srv1 -Djava.security.policy=/u01/app/Oracle
/Middleware/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -Dweblogic.system.BootIdentityFile=/u01/app/Oracle/Middleware/user
_projects/domains/jmsZycie/servers/srv1/data/nodemanager/boot.properties -Dweblogic.nodemanager.ServiceEnabled=true -Dweblogic.security.SSL.ignoreHostnameVeri
fication=false -Dweblogic.ReverseDNSAllowed=false -Xms2048m -Xmx2048m -Xnohup -Xverbose:gcpause,gcreport,memory -Xverify=none -Xmanagement:port=3107,authentic
ate=false,ssl=false -Xss:512k -Xdebug -da -Dplatform.home=/u01/app/Oracle/Middleware/wlserver_10.3 -Dwls.home=/u01/app/Oracle/Middleware/wlserver_10.3/server
-Dweblogic.home=/u01/app/Oracle/Middleware/wlserver_10.3/server -Dweblogic.management.discover=false -Dweblogic.management.server=http://10.2.124.194:7080
-Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/u01/app/Oracle/Middleware/patch_wls1036/profiles/default
/sysext_manifest_classpath weblogic.Server
[INFO ][memory ] Running with 32 bit heap and compressed references.
[INFO ][memory ] GC mode: Garbage collection optimized for throughput, strategy: Generational Parallel Mark & Sweep.
[INFO ][memory ] Heap size: 2097152KB, maximal heap size: 2097152KB, nursery size: 1048576KB.
[INFO ][memory ] <start>-<end>: <type> <before>KB-><after>KB (<heap>KB), <time> ms, sum of pauses <pause> ms.
[INFO ][memory ] <start> - start time of collection (seconds since jvm start).
[INFO ][memory ] <type> - OC (old collection) or YC (young collection).
[INFO ][memory ] <end> - end time of collection (seconds since jvm start).
[INFO ][memory ] <before> - memory used by objects before collection (KB).
[INFO ][memory ] <after> - memory used by objects after collection (KB).
[INFO ][memory ] <heap> - size of heap after collection (KB).
[INFO ][memory ] <time> - total time of collection (milliseconds).
[INFO ][memory ] <pause> - total sum of pauses during collection (milliseconds).
[INFO ][memory ] Run with -Xverbose:gcpause to see individual phases.
[INFO ][mgmnt ] Remote JMX connector started at address poc1:3107
[INFO ][mgmnt ] Local JMX connector started
<May 2, 2012 2:45:22 PM CEST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable th
is check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<May 2, 2012 2:45:23 PM CEST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disab
le this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<May 2, 2012 2:45:24 PM CEST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Oracle JRockit(R) Version R28.2.2-7-148152-1.6.0_29-20111221
-2104-linux-x86_64 from Oracle Corporation>
<May 2, 2012 2:45:26 PM CEST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.6.0 Tue Nov 15 08:52:36 PST 2011 1441050 >
<May 2, 2012 2:45:29 PM CEST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<May 2, 2012 2:45:29 PM CEST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
And this is it.
I am able to connetct from JRMC. After removing -Xmanagement all is working.

Can you please take a thread dump and copy paste the stack trace for the Thread called "main" thread.
Please take atleast 3 thread dumps with an interval of 10 seconds and paste the "main" thread stack trace from all the 3 thread dumps.
After analyzing the stack trace we might be able to determine where it is hanging and thus giving us a clue where the issue could be.
Arun

Error while deployment of CMP 2.0 bean on weblogic 11g

Hi,
I am not able to deploy my CMP 2.0 bean on Weblogic 11g. There are two JVM available in weblogic 11g.
1) Java(TM) SE Runtime Environment (build 1.6.0_22-b04)
2) Oracle JRockit(R) (build R28.1.1-14-139783-1.6.0_22-20101206-0241-windows-ia32, compiled mode)
When we are using "Oracle JRockit(R) (build R28.1.1-14-139783-1.6.0_22-20101206-0241-windows-ia32, compiled mode)" And deploying the CMP bean then we got the Error as below:
D:\Oracle\Middleware\wlserver_10.3\server\bin>java weblogic.appc -verbose C:\temp\Jproject.ear\DefinitionWizardBean.jar
Created working directory: C:\DOCUME~1\cxp\LOCALS~1\Temp\1\appcgen_1309496813354_DefinitionWizardBean.jar
<01-Jul-2011 06:06:57 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version attribute was not found in element persis
tence in the deployment descriptor in C:\temp\Jproject.ear\DefinitionWizardBean.jar/META-INF/weblogic-ejb-jar.xml. A vers
ion attribute is required, but this version of the Weblogic Server will assume that the JEE5 is used. Future versions of
the Weblogic Server will reject descriptors that do not specify the JEE version.>
java.lang.NoClassDefFoundError: EntityBean
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClassCond(ClassLoader.java:632)
at java.lang.ClassLoader.defineClass(ClassLoader.java:616)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
at weblogic.utils.classloaders.GenericClassLoader.defineClass(GenericClassLoader.java:343)
at weblogic.utils.classloaders.GenericClassLoader.findLocalClass(GenericClassLoader.java:302)
at weblogic.utils.classloaders.GenericClassLoader.findClass(GenericClassLoader.java:270)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at java.lang.ClassLoader.loadClass(ClassLoader.java:296)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
at weblogic.utils.classloaders.GenericClassLoader.loadClass(GenericClassLoader.java:179)
at weblogic.ejb.container.deployer.BeanInfoImpl.loadClass(BeanInfoImpl.java:510)
at weblogic.ejb.container.deployer.BeanInfoImpl.<init>(BeanInfoImpl.java:242)
at weblogic.ejb.container.deployer.ClientDrivenBeanInfoImpl.<init>(ClientDrivenBeanInfoImpl.java:156)
at weblogic.ejb.container.deployer.EntityBeanInfoImpl.<init>(EntityBeanInfoImpl.java:115)
at weblogic.ejb.container.deployer.BeanInfoImpl.createBeanInfoImpl(BeanInfoImpl.java:695)
at weblogic.ejb.container.deployer.MBeanDeploymentInfoImpl.initializeBeanInfos(MBeanDeploymentInfoImpl.java:558)
at weblogic.ejb.container.deployer.MBeanDeploymentInfoImpl.<init>(MBeanDeploymentInfoImpl.java:236)
at weblogic.ejb.container.ejbc.EJBCompiler.getStandAloneDeploymentInfo(EJBCompiler.java:1185)
at weblogic.ejb.container.ejbc.EJBCompiler.setupEJB(EJBCompiler.java:156)
at weblogic.ejb.container.ejbc.EJBCompiler.compileEJB(EJBCompiler.java:439)
at weblogic.ejb.container.ejbc.EJBCompiler.compileEJB(EJBCompiler.java:396)
at weblogic.application.compiler.AppcUtils.compileEJB(AppcUtils.java:316)
at weblogic.application.compiler.EJBModule.compile(EJBModule.java:128)
at weblogic.application.compiler.flow.SingleModuleCompileFlow.proecessModule(SingleModuleCompileFlow.java:18)
at weblogic.application.compiler.flow.SingleModuleFlow.compile(SingleModuleFlow.java:36)
at weblogic.application.compiler.FlowDriver$FlowStateChange.next(FlowDriver.java:69)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.compiler.FlowDriver.nextState(FlowDriver.java:36)
at weblogic.application.compiler.FlowDriver.run(FlowDriver.java:26)
at weblogic.application.compiler.EJBCompiler.compile(EJBCompiler.java:29)
at weblogic.application.compiler.flow.AppCompilerFlow.compileInput(AppCompilerFlow.java:112)
at weblogic.application.compiler.flow.AppCompilerFlow.compile(AppCompilerFlow.java:37)
at weblogic.application.compiler.FlowDriver$FlowStateChange.next(FlowDriver.java:69)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.compiler.FlowDriver.nextState(FlowDriver.java:36)
at weblogic.application.compiler.FlowDriver.run(FlowDriver.java:26)
at weblogic.application.compiler.Appc.runBody(Appc.java:203)
at weblogic.utils.compiler.Tool.run(Tool.java:158)
at weblogic.utils.compiler.Tool.run(Tool.java:115)
at weblogic.application.compiler.Appc.main(Appc.java:262)
at weblogic.appc.main(appc.java:14)
EntityBean
But I use JVM " Java(TM) SE Runtime Environment (build 1.6.0_22-b04) " and deploying CMP bean then i got error as below:
D:\Oracle\Middleware\wlserver_10.3\server\bin>d:\Oracle\Middleware\jdk160_21\bin\java weblogic.appc -verbose C:\temp\Tr
ading.ear\DefinitionWizardBean.jar
Created working directory: C:\DOCUME~1\cxp\LOCALS~1\Temp\1\appcgen_1309496852057_DefinitionWizardBean.jar
<01-Jul-2011 06:07:35 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version attribute was not found in element persis
tence in the deployment descriptor in C:\temp\Jproject.ear\DefinitionWizardBean.jar/META-INF/weblogic-ejb-jar.xml. A vers
ion attribute is required, but this version of the Weblogic Server will assume that the JEE5 is used. Future versions of
the Weblogic Server will reject descriptors that do not specify the JEE version.>
java.lang.ClassNotFoundException: EntityBean
at weblogic.utils.classloaders.GenericClassLoader.findLocalClass(GenericClassLoader.java:297)
at weblogic.utils.classloaders.GenericClassLoader.findClass(GenericClassLoader.java:270)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
at weblogic.utils.classloaders.GenericClassLoader.loadClass(GenericClassLoader.java:179)
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClassCond(ClassLoader.java:632)
at java.lang.ClassLoader.defineClass(ClassLoader.java:616)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
at weblogic.utils.classloaders.GenericClassLoader.defineClass(GenericClassLoader.java:343)
at weblogic.utils.classloaders.GenericClassLoader.findLocalClass(GenericClassLoader.java:302)
at weblogic.utils.classloaders.GenericClassLoader.findClass(GenericClassLoader.java:270)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at java.lang.ClassLoader.loadClass(ClassLoader.java:296)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
at weblogic.utils.classloaders.GenericClassLoader.loadClass(GenericClassLoader.java:179)
at weblogic.ejb.container.deployer.BeanInfoImpl.loadClass(BeanInfoImpl.java:510)
at weblogic.ejb.container.deployer.BeanInfoImpl.<init>(BeanInfoImpl.java:242)
at weblogic.ejb.container.deployer.ClientDrivenBeanInfoImpl.<init>(ClientDrivenBeanInfoImpl.java:156)
at weblogic.ejb.container.deployer.EntityBeanInfoImpl.<init>(EntityBeanInfoImpl.java:115)
at weblogic.ejb.container.deployer.BeanInfoImpl.createBeanInfoImpl(BeanInfoImpl.java:695)
at weblogic.ejb.container.deployer.MBeanDeploymentInfoImpl.initializeBeanInfos(MBeanDeploymentInfoImpl.java:558)
at weblogic.ejb.container.deployer.MBeanDeploymentInfoImpl.<init>(MBeanDeploymentInfoImpl.java:236)
at weblogic.ejb.container.ejbc.EJBCompiler.getStandAloneDeploymentInfo(EJBCompiler.java:1185)
at weblogic.ejb.container.ejbc.EJBCompiler.setupEJB(EJBCompiler.java:156)
at weblogic.ejb.container.ejbc.EJBCompiler.compileEJB(EJBCompiler.java:439)
at weblogic.ejb.container.ejbc.EJBCompiler.compileEJB(EJBCompiler.java:396)
at weblogic.application.compiler.AppcUtils.compileEJB(AppcUtils.java:316)
at weblogic.application.compiler.EJBModule.compile(EJBModule.java:128)
at weblogic.application.compiler.flow.SingleModuleCompileFlow.proecessModule(SingleModuleCompileFlow.java:18)
at weblogic.application.compiler.flow.SingleModuleFlow.compile(SingleModuleFlow.java:36)
at weblogic.application.compiler.FlowDriver$FlowStateChange.next(FlowDriver.java:69)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.compiler.FlowDriver.nextState(FlowDriver.java:36)
at weblogic.application.compiler.FlowDriver.run(FlowDriver.java:26)
at weblogic.application.compiler.EJBCompiler.compile(EJBCompiler.java:29)
at weblogic.application.compiler.flow.AppCompilerFlow.compileInput(AppCompilerFlow.java:112)
at weblogic.application.compiler.flow.AppCompilerFlow.compile(AppCompilerFlow.java:37)
at weblogic.application.compiler.FlowDriver$FlowStateChange.next(FlowDriver.java:69)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.compiler.FlowDriver.nextState(FlowDriver.java:36)
at weblogic.application.compiler.FlowDriver.run(FlowDriver.java:26)
at weblogic.application.compiler.Appc.runBody(Appc.java:203)
at weblogic.utils.compiler.Tool.run(Tool.java:158)
at weblogic.utils.compiler.Tool.run(Tool.java:115)
at weblogic.application.compiler.Appc.main(Appc.java:262)
at weblogic.appc.main(appc.java:14)
EntityBean
Please assist me regarding above error
Thanks,
Amritesh
Edited by: 869636 on 01-Jul-2011 00:49

What is the jee version you have on that server? are the environment variables correctly set?

SSL Certificate Install Problem

To all Sun App Server Gurus,
I face a major challenge trying to install an SSL certificate on our Application Server.
The Manage Database was successful.
I filled out the certificate request form in the Security > Certificate Management > Request section and forwared the information / CSR to the CA.
The certificate is issued and validated by our CA.
I follow the steps according the documentation to import the certificate.
I specify the following to import the certificate
1) Certificate for : o This Server
2) Cryptographic Module: internal
3) Key Pair File Password: **************
4) Message Text (with headers):
-----BEGIN CERTIFICATE-----
U0UgT05MWSAtIE5PIFdBUlJBTlRZIEFUVEFDSE.....
-----END CERTIFICATE-----
5) Click OK
The next screen shows the certificate information which are correct as well.
After pressing "Add Server Certificate" it take about 20 seconds until I receive a pop error message. It says: "Incorrect Useage: No Private Key. The server could not find the private key associated with this certificate."
After I click OK the Admin GUI displays the following error in the browser: "Not Found
The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it. "
Security > General
Log Level: finest
Audit Logging Enabled: unchecked
Default Realm: file
Anonymous Roule: ANYONE
In the admin server log I get the following entry:
WARNING ( 1182): for host x.x.x.x trying to GET /instance-server1/admin/bin/(null), cgi_start_exec reports: HTTP4049: cannot find CGI program /opt/SUNWappserver7/lib/admincgi/(null) (File not found)
I checked the directories and they all exist and the admincgi even has files included. I don't know which one should be missing.
I also reinstalled the App Server twice so far and used the default options.
If anyone could please help me with this that would be extremly helpful.
Thank you.
Regards,
Martin

try converting your key from der2pem using
java utils.der2pem {keyfile in der} {keyfile out in pem}
thanks
kiran
"eraldo" <[email protected]> wrote in message
news:[email protected]..
hi,
I tried to install SSL certicate on a Weblogic 6.1 SP3 (running on a
Solaris 8). Following the post 5457 (found in your newsgroup) I made
this steps:
- I generated CSR using web application /certificate
- I sent CSR to Entrust.com obtaining a certicate and a chain
certificate
- I configured the server under "Configuration - SSL" with following
parameters:
- Enabled = true
- Listen port = 8002
- Server Key File Name = <path to private key ".der" file>
- Server Certificate File Name = <path to Entrust CRT ".pem" file>
- Server Certificate Chain File Name = <path to Entrust CA ".pem"
file>
- Key Encrypted = true
- I changed startWebLogic.sh:
- added "-Dweblogic.management.pkpassword=<my_pwd>" to JAVA command
line
Launchin' the script I got the following exception:
<Nov 22, 2002 2:34:44 PM GMT-01:00> <Alert> <WebLogicServer> <Security
configuration problem with ce
rtificate file config/sdfdomain/H3MIS097_H3G_IT-key.der,
java.io.IOException: weblogic.security.Ciph
erException: Invalid padding length 48>
java.io.IOException: weblogic.security.CipherException: Invalid
padding length 48
atweblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:157)
atweblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:125)
atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:391)
atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
atweblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1097)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:490)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:206)
at weblogic.Server.main(Server.java:35)
Any idea?
Thanks in advance,
Eraldo

Error of SSL certificate

"hi, all,
     I got your information from weblogic.developer.interest.security.
     I have a question about the SSL certificate
1. I generate the private key file using Weblogic certificate servlet,
2. get the request, then goto thawte get the response
3. goto weblogic console -> server -> ssl, specify the filename, click "Enable", click "Key Encrypted"
4. change the startWeblogic.cmd, adding -Dpkpassword=adminadmin
But when I restart the weblogic, got the following error msg:
Starting WebLogic Server ....
<Sep 27, 2001 1:34:29 PM CST> <Notice> <Management> <Loading configuration file
.\config\citi1\config.xml ...>
<Sep 27, 2001 1:34:35 PM CST> <Notice> <WebLogicServer> <Starting WebLogic Admin
Server "server1" for domain "citi1">
<Sep 27, 2001 1:34:35 PM CST> <Alert> <WebLogicServer> <Security configuration p
roblem with certificate file adamfeng-key.der, java.lang.NullPointerException>
java.lang.NullPointerException
at weblogic.security.PKCS5.setPassword(PKCS5.java:173)
at weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:1
24)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:390)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr

Hi adam,
I wish to let u know that your ****-key.der file is not generated correctly. I
suppose you must have used Certificate Requeste Generator of WLS to generate the
key file and the request file.
please follow the following to get your system running:
(1) Generate a new certificate request making sure that you enter "yourmachine.domain.com"
in the Full Host name field within the certificate request generator. Fill all
the required values like the state should be filled in full not with abreviations
etc(do not fill the ones which are not required. That means do not fill the password
field and random string field...etc )then u will get a key file and the request
file..press the submit button on the same page to test the key file with Verisign..if
all fields are filled correctly then it says so..if not it will bounce back saying
an ERROR..so see to it that u get the right key file..i.e. ****;key.der file.
(2) Save the certificate request in a text file. (including the ----BEGIN CERTIFICATE
REQUEST-- and END CERTIFICATE REQUEST)
(3) Go to https://www.thawte.com/cgi/server/test.exe and paste the above request.
(4) Do NOT choose any other options as the default options are set correctly
(unless you are using a domestic build of the weblogic server which requires a
different license).
(5) Save the certificate obtained in a text file and save it as a .pem file
(6) Also save the root certificate obtained in the above URL (see the 2nd line
from the top) in .pem format and use this file against the ServerCertChain name.
(7) Make sure you enter the certificate key and server certificate fields with
the correct path to the key and cert (inclusive of the file names).
After having done the above steps restart the server and you should be able to
get SSL to work. Hope the above information
If not then mail me at [email protected].
Sujit.
adamfeng <[email protected]> wrote:
"hi, all,
     I got your information from weblogic.developer.interest.security.
     I have a question about the SSL certificate
1. I generate the private key file using Weblogic certificate servlet,
2. get the request, then goto thawte get the response
3. goto weblogic console -> server -> ssl, specify the filename, click
"Enable", click "Key Encrypted"
4. change the startWeblogic.cmd, adding -Dpkpassword=adminadmin
But when I restart the weblogic, got the following error msg:
Starting WebLogic Server ....
<Sep 27, 2001 1:34:29 PM CST> <Notice> <Management> <Loading configuration
file
..\config\citi1\config.xml ...>
<Sep 27, 2001 1:34:35 PM CST> <Notice> <WebLogicServer> <Starting WebLogic
Admin
Server "server1" for domain "citi1">
<Sep 27, 2001 1:34:35 PM CST> <Alert> <WebLogicServer> <Security configuration
p
roblem with certificate file adamfeng-key.der, java.lang.NullPointerException>
java.lang.NullPointerException
at weblogic.security.PKCS5.setPassword(PKCS5.java:173)
at weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:1
24)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:390)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr

Server Certificate on Weblogic 8.1

Hi. I know it is really dumb to ask these questions but I urgently need to know these as I am on a very tight project schedule. So can someone please enlighten me.
1. If I use SSL protocol and configure to use server certificate, may I know when someone enter my URL, will internet explorer prompt my client for certificate?
2. Do I really need SSL for configuring Certificate? If I do not use, can I still configure and use Server Certificate?
3. Can I reuse the server certificate on my Weblogic 5.1 to Weblogic 8.1 since I am migrating from WL5.1 to WL8.1?
My certificates files in WL 5.1 are in the form of *.pem
Cheers

If you get (for example) a 128-bit SSL certificate from Verisign you need to specify a Certificate Signing Request (CSR). This is unique for each server. If you have upgraded your server and the CSR generated from the weblogic CSR generator servlet is the same as it was in the previous version, then I guess you can use the same certificate. If the CSR has changed then I think you will need to replace the certificate, this costs $100. If it's been less than 30 days since your certificate was issued, it's free.

Accepting runtime-specified SSL certificates in WebLogic 11g

Similar Messages

Maybe you are looking for