CipherException
I am getting "weblogic.security.CipherException: Incorrect encrypted block" error
for SSLServerCertificateChainFile. I tried to follow the instruction in
http://www.bea.com/support/askbea/wls/S-07188.shtml
but I had a problem in the very last step.
1. go to http://www.verisign.com/repository/root.html
You'll find Class I to Class III root certificates and a Server CA.
Take the plain text Server CA and save this to a file.
2. Use a conversion utility, which can be found within OpenSSL, to convert the
plain text to a .der format.
How do I convert the text file to .der format using openssl? I am sorry that
I have never used openssl before... Any help will be appreciated. Thanks.
Sumire
============== complete exception message ================
weblogic.security.CipherException: Incorrect encrypted block
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:208)
at weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:243)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Aug 28, 2001 4:03:40 PM PDT> <Alert> <WebLogicServer> <Inconsistent security
configuration, weblogic.security.AuthenticationException: Incorrect encrypted
block possibly incorrect SSLServerCertificateChainFileName set for this server
certificate>
weblogic.security.AuthenticationException: Incorrect encrypted block possibly
incorrect SSLServerCertificateChainFileName set for this server certificate
at weblogic.security.X509.verifySignature(X509.java:251)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
Hi,
I have the following suggestions:
(a). If your private key for the WLS is password encrypted please check the Key
Encrypted enabled (under SSL) and use thejava command-line option to start
WebLogic Server.
-Dweblogic.management.pkpassword=password
where password is the password for the private key.
(Please see the doc.:
http://e-docs.bea.com/wls/docs61///adminguide/cnfgsec.html#1054513).
(b). Please make sure you have the RootCA file specified correctly in the
ServerCertificateChainFileName attribute of SSL. The RootCA file can be obtained
from the vendor who provided the SSL certificates. Please make sure this is
correct.
Please inform whether the above suggestions have resolved the problem.
Thank you.
Thomas Ziebermayr wrote:
Hello,
I try to install a SSL Certificate, but during server startup the following
exception occurs:
java.io.IOE
xception: weblogic.security.CipherException: Unknown PKCS5 algorithm>
java.io.IOException: weblogic.security.CipherException: Unknown PKCS5
algorithm
at
weblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:14
5)
at
weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:1
25)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:391)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1064)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:492)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)
Does anybody knows what's wrong? I followed the instructions in the bea docs
for
installing ssl certificates.
Thanks for all replies
Thomas--
Developer Relations Engineer
BEA Support
Similar Messages
-
Weblogic.security.CipherException: Invalid padding length
I am having some difficulties configuring SSL for WebLogic 6.0.2J (Japanese).
Here is the history of my problem:
1. A CSR was generated, but on a completely different platform (Windows) and
for a slightly older version of WebLogic (6.0.1J)
2. I was then brought in to install and configure WebLogic 6.0.2J on UNIX.
3. I was then given the encrypted private key (security_net-chef_net-key.der),
the CSR files, and the server cert from VeriSign Japan (cert.pem). I went to VeriSign
Japan to get an intermediate CA cert (Server Chain Cert), which I saved as ca.pem.
4. In the Admin Console, I configured the server in my target domain with: Server
Certificate File Name = cert.pem, Trusted CA File Name = ca.pem, and Trusted CA
File Name = security_net-chef_net-key.der.
5. When I attempt to start my target server, I am seeing the following alert:
===========================================================
<2001/08/07 13:22:25:JST> <Alert> <WebLogicServer> <認証ファイル
config/net-chef
/security_net-chef_net-key.der にセキュリティ
コンフィグレーション上の問題があり
ます。java.io.IOException: weblogic.security.CipherException:
Invalid padding le
ngth 72>
java.io.IOException: weblogic.security.CipherException: Invalid padding length
7
2
at weblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:15
7)
at weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:1
25)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:387)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
===========================================================
Please note that as I am doing this on a Japanese OS, some of the above messages
may be rendered illegible.
If anyone out there has a clue to why I am seeing the above error, I would greatly
appreciate your help.
Thanks and aloha in advance,
BrookeSee Posting 5457.
-
Weblogic.security.CipherException: Incorrect block length 256 (modulus
Hi,
I have a stand alone java client which runs in the weblogic 8.1 server and when I tried to connect to the external site using the weblogic's HttpsURLConnection ,its throws the below exception.
weblogic.security.CipherException: Incorrect block length 256 (modulus length 128)
<Info> <Security> <BEA-090511> <The following exception has occurred:
weblogic.security.CipherException: Incorrect encrypted block
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:205)
at weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:246)
at weblogic.security.X509.verify(X509.java:176)
at weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:133)
at weblogic.security.SSL.SSLCertificate.input(SSLCertificate.java:116)
at weblogic.security.SSL.Handshake.input(Handshake.java:121)
at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1117)
at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:432)
at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:276)
at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:222)
at weblogic.security.SSL.SSLSocketFactory.createSocket(SSLSocketFactory.java:213)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:238)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:389)
at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:209)
at weblogic.net.http.HttpClient.New(HttpClient.java:228)
at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:246)
at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:217)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:319)
at HttpsConnect.main(HttpsConnect.java:13)
<Info> <SSL> <000000> <weblogic.security.AuthenticationException: Incorrect encrypted block possibly incorrect SSLServerCertificateChainFileName set for this server certificate>
java.io.IOException: weblogic.security.AuthenticationException: Incorrect encrypted block possibly incorrect SSLServerCertificateChainFileName set for this server certificate
at weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:172)
at weblogic.security.SSL.SSLCertificate.input(SSLCertificate.java:116)
at weblogic.security.SSL.Handshake.input(Handshake.java:121)
at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1117)
at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:432)
at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:276)
at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:222)
at weblogic.security.SSL.SSLSocketFactory.createSocket(SSLSocketFactory.java:213)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:238)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:389)
at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:209)
at weblogic.net.http.HttpClient.New(HttpClient.java:228)
at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:246)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:359)
at HttpsConnect.main(HttpsConnect.java:13)
I verified the certifiate chain by using the weblogic's ValidateCertChain utility, and the output seems to be confusing for the intermediate site and the entity site.
java utils.ValidateCertChain -pem inter.cerCert[0]: CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/r
pa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
Certificate chain is incomplete, can't confirm the entire chain is valid
Certificate chain appears valid
Any pointers will be appreciated.This might be because Verisign has included anadditional intermediate certificate in its chain
You can find it here
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657&actp=search&viewlocale=en_US
Contact Verisign Support, u can chat with them even...
Let me know if you have any doubt.
Cheers!
Faisal
http://www.weblogic-wonders.com -
Configuring ssl giving CipherException
after getting certificate from verisign i opened myserver and
on SSL tab gave the 1)Server Key File Name 2)Server Certificate File Name and
rest all with their default value.
but when i am restarting the weblogic it gives the following exception.
is it compulsory to specify
3) Server Certificate Chain File Name:....?
exception :---------
weblogic.security.CipherException: Incorrect encrypted block
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:216)
at weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:243)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:443)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1039)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:475)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
at weblogic.Server.main(Server.java:35)
<Dec 23, 2001 4:34:47 PM GST> <Alert> <WebLogicServer> <Inconsistent security
co
nfiguration, weblogic.security.AuthenticationException: Incorrect encrypted bloc
k possibly incorrect SSLServerCertificateChainFileName set for this server certi
ficate>
weblogic.security.AuthenticationException: Incorrect encrypted block possibly
in
correct SSLServerCertificateChainFileName set for this server certificate
at weblogic.security.X509.verifySignature(X509.java:251)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:443)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1039)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:475)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
at weblogic.Server.main(Server.java:35)Nivas,
ServerCeritificateChain file that is in place appears to be the wrong one.
That is CA's root certificate, which you can download from CA site (e.g.,
verisign)
"nivas" <[email protected]> wrote in message
news:3c25d005$[email protected]..
>
after getting certificate from verisign i opened myserver and
on SSL tab gave the 1)Server Key File Name 2)Server Certificate File Nameand
rest all with their default value.
but when i am restarting the weblogic it gives the following exception.
is it compulsory to specify
3) Server Certificate Chain File Name:....?
exception :---------
weblogic.security.CipherException: Incorrect encrypted block
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:216)
at weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:243)
atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:443)
atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
atweblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1039)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:475)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
at weblogic.Server.main(Server.java:35)
<Dec 23, 2001 4:34:47 PM GST> <Alert> <WebLogicServer> <Inconsistentsecurity
co
nfiguration, weblogic.security.AuthenticationException: Incorrectencrypted bloc
k possibly incorrect SSLServerCertificateChainFileName set for this servercerti
ficate>
weblogic.security.AuthenticationException: Incorrect encrypted blockpossibly
in
correct SSLServerCertificateChainFileName set for this server certificate
at weblogic.security.X509.verifySignature(X509.java:251)
atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:443)
atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
atweblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1039)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:475)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
at weblogic.Server.main(Server.java:35) -
CipherException: Invalid padding length
Hello there,
I'm having problem to get our certifikates to work properly. I've been searching
BEA's newsgroups and found some things we've tried without any succes.
We have two certificates for our domain because we are using an load balancer(Local
Directory)infront of our two webservers. Our webservers have version 6.1 of WLS
and are managed from an ServerManager(also WLS 6.1).
We us the same ./config/mydomain directory on the ServerManager for both of our
webserver. The filenames for each server in ./config/mydomain are different ex:
my_domain_server1-key.der and my_domain_server2-key.der. We have also checked
that they are correct defind for both servers under each server SSL tag.
We have an newly fetched a CA-cert from Thawte and recived our certificates for
this domain during this week.
Could there be any problem with that we using the
same ./config/mydomain directory on the ServerManager for both of our webserver?
Or does anybody have any other suggestion of what more to check before we fetches
new certificates?
Regards
LennartIf you are using password encryption, then please make sure KeyEncrypted field is
enabled and please make sure the password which you set for:
-Dweblogic.management.pkpassword is the same as value of the Private Key Password field
of the Certificate Request Generator servlet (please go through the documentation:
http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html#1053930
for details).
Please inform whether the problem has been resolved with the above suggestions. Thank
you.
Lennart wrote:
Hello there,
I'm having problem to get our certifikates to work properly. I've been searching
BEA's newsgroups and found some things we've tried without any succes.
We have two certificates for our domain because we are using an load balancer(Local
Directory)infront of our two webservers. Our webservers have version 6.1 of WLS
and are managed from an ServerManager(also WLS 6.1).
We us the same ./config/mydomain directory on the ServerManager for both of our
webserver. The filenames for each server in ./config/mydomain are different ex:
my_domain_server1-key.der and my_domain_server2-key.der. We have also checked
that they are correct defind for both servers under each server SSL tag.
We have an newly fetched a CA-cert from Thawte and recived our certificates for
this domain during this week.
Could there be any problem with that we using the
same ./config/mydomain directory on the ServerManager for both of our webserver?
Or does anybody have any other suggestion of what more to check before we fetches
new certificates?
Regards
Lennart--
Developer Relations Engineer
BEA Support -
SSL Configuration on 4.5.1 not working with 6.0SP1
In WL 4.5.1, this was all that was needed to enable SSL
weblogic.security.key.server=wcid-srp-mvc.der
weblogic.security.key.certificate=certificate.pem
In 6.0 SP1, I used this
<SSL Enabled="true" ListenPort="443" Name="SrpTest"
ServerCertificateChainFileName=""
ServerCertificateFileName="certificate.pem"
ServerKeyFileName="wcid-srp-mvc.der" TrustedCAFileName=""/>
and I get this error
<Jul 30, 2001 8:18:45 AM EDT> <Info> <WebLogicServer> <License allows
low streng
th (export) SSL.>
<Jul 30, 2001 8:18:45 AM EDT> <Alert> <WebLogicServer> <Security
configuration p
roblem with certificate file wcid-srp-mvc.der, java.lang.Exception:
Required fil
e wcid-srp-mvc.der which is specified by ServerKeyFileName, was not
found>
java.lang.Exception: Required file wcid-srp-mvc.der which is specified
by Server
KeyFileName, was not found
at
weblogic.t3.srvr.SSLListenThread.resolvePropertyFromLocalFile(SSLList
enThread.java:152)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:382)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jul 30, 2001 8:18:45 AM EDT> <Info> <Security> <Not listening for SSL,
java.io.
IOException: Security configuration problem with wcid-srp-mvc.der,
java.lang.Exc
eption: Required file wcid-srp-mvc.der which is specified by
ServerKeyFileName,
was not found.>
Any clues to how to get this up and running would be much appreciated. I
am in a major time crunch here.
Is the fix different when I am using DST instead of Verisign? I need to
get both the DST and Verisign issued certificates configures.
Thanks a bunch
MadhuEarlier, it was a problem with the directory settings in the SSL properties.
Once I got that straightened, I get this error now.
<Jul 30, 2001 9:55:45 AM EDT> <Info> <WebLogicServer> <License allows low
streng
th (export) SSL.>
weblogic.security.CipherException: Incorrect block length 125 (modulus
length 12
8)
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:167)
at weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:243)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jul 30, 2001 9:55:45 AM EDT> <Alert> <WebLogicServer> <Inconsistent
security co
nfiguration, weblogic.security.AuthenticationException: Incorrect block
length 1
25 (modulus length 128) possibly incorrect SSLServerCertificateChainFileName
set
for this server certificate>
weblogic.security.AuthenticationException: Incorrect block length 125
(modulus l
ength 128) possibly incorrect SSLServerCertificateChainFileName set for this
ser
ver certificate
at weblogic.security.X509.verifySignature(X509.java:251)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jul 30, 2001 9:55:45 AM EDT> <Info> <Security> <Not listening for SSL,
java.io.
IOException: Inconsistent security configuration,
weblogic.security.Authenticati
onException: Incorrect block length 125 (modulus length 128) possibly
incorrect
SSLServerCertificateChainFileName set for this server certificate.> -
Integration of BI Publisher with presentation services
Hello,
I have installed and configured OBI Answers and Publisher in a Linux infrastructure and configured thro' Websphere/IHS. Answers/Dashboards is working fine. I am trying to integrate BI publisher with OBI answers/dashboards. This is working fine through OC4J but when I try to integrate through Websphere, I get a crypto error.
I have to deployed a plug-in in web server and tried to integrate BI publisher with presentation services through "cryptotools" and configuring it through instance config. When I hit http://myserver:port/xmlpserver I get "Error 500: com.phaos.crypto.CipherException ". Similarly when I select more products/BI Publisher through OBI Dashboards/Answers, I get the following
Reporting Login: java.lang.NoClassDefFoundError: com.phaos.crypto.CipherException; nested exception is: java.lang.NoClassDefFoundError: com.phaos.crypto.CipherException
I feel this is a common issue across both the end points. Has anyone come across this type of issue or similar issue ?
Help is greatly appreciated.
thx
DineshI'm installing 10.1.3.4 and YES, i have installed BIP war in Websphere.
I think I may have resolved my original problem but faced with a different one now. I am able to logon to BI publisher standalone and integrated with OBI Answers (thro websphere). But when i click the dashboards link from BI Publisher, its going to the default OC4J installation and not my websphere. The similar re-direction works fine from OBI - Publisher but not from Publisher - OBI.
I need to find out, how its finding the server name and port to redirect from BIP -> OBI. Can you guys help please ?
thx
dinesh Veera -
HTTPS 2-way authentication doesn't work.
I succeeded in setting up my server (WL 6.1) to use SSL and enforce client
authentication.
I created a client certificate with OpenSSL, and imported it into my
browser.
When I request the page https://localhost:7002/
I get following message in the log:
CertificateVerify.md5 error____________________________
our computed md5 is
0: 6bd8 4b9a 1bb2 7b46 f815 2bdd a8cf de65 k.K...{F..+....e
the actual is
0: 3fcd 6673 4d46 4d45 654c 6bc5 9f01 a2d6 ?.fsMFMEeLk.....
When I turn on -Dssl.debug, then I get a stack trace:
CertificateVerify.md5 error____________________________
our computed md5 is
0: 6bd8 4b9a 1bb2 7b46 f815 2bdd a8cf de65 k.K...{F..+....e
the actual is
0: 3fcd 6673 4d46 4d45 654c 6bc5 9f01 a2d6 ?.fsMFMEeLk.....
weblogic.security.CipherException: Invalid signature
at
weblogic.security.SSL.CertificateVerify.input(CertificateVerify.java:
127)
at weblogic.security.SSL.Handshake.input(Handshake.java:115)
at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1043)
at weblogic.security.SSL.SSLSocket.serverInit2(SSLSocket.java:778)
at weblogic.security.SSL.SSLSocket.serverInit(SSLSocket.java:622)
at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:267)
at
weblogic.security.SSL.SSLSocket.performAcceptHandshake(SSLSocket.java
:238)
at
weblogic.security.SSL.SSLSocket.getInputStream(SSLSocket.java:1116)
at weblogic.socket.ResettableSocket.<init>(ResettableSocket.java:30)
at weblogic.socket.JVMSocketManager.accept(JVMSocketManager.java:90)
at
weblogic.t3.srvr.ListenThread$RJVMListenRequest.execute(ListenThread.
java:563)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
Any ideas?
Thanks,
LsuiI seem to be having similar problems, was there a solution found for this?
To set up the debug information do I need to add anything more
than -Dssl.debug (i.e. does it take an "=true" or something like that)?
Thanks,
Geoff.
"Luis Muniz" <[email protected]> wrote in message
news:[email protected]...
I succeeded in setting up my server (WL 6.1) to use SSL and enforce client
authentication.
I created a client certificate with OpenSSL, and imported it into my
browser.
When I request the page https://localhost:7002/
I get following message in the log:
CertificateVerify.md5 error____________________________
our computed md5 is
0: 6bd8 4b9a 1bb2 7b46 f815 2bdd a8cf de65 k.K...{F..+....e
the actual is
0: 3fcd 6673 4d46 4d45 654c 6bc5 9f01 a2d6 ?.fsMFMEeLk.....
When I turn on -Dssl.debug, then I get a stack trace:
CertificateVerify.md5 error____________________________
our computed md5 is
0: 6bd8 4b9a 1bb2 7b46 f815 2bdd a8cf de65 k.K...{F..+....e
the actual is
0: 3fcd 6673 4d46 4d45 654c 6bc5 9f01 a2d6 ?.fsMFMEeLk.....
weblogic.security.CipherException: Invalid signature
at
weblogic.security.SSL.CertificateVerify.input(CertificateVerify.java:
127)
at weblogic.security.SSL.Handshake.input(Handshake.java:115)
atweblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1043)
at weblogic.security.SSL.SSLSocket.serverInit2(SSLSocket.java:778)
at weblogic.security.SSL.SSLSocket.serverInit(SSLSocket.java:622)
at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:267)
at
weblogic.security.SSL.SSLSocket.performAcceptHandshake(SSLSocket.java
:238)
at
weblogic.security.SSL.SSLSocket.getInputStream(SSLSocket.java:1116)
atweblogic.socket.ResettableSocket.<init>(ResettableSocket.java:30)
atweblogic.socket.JVMSocketManager.accept(JVMSocketManager.java:90)
at
weblogic.t3.srvr.ListenThread$RJVMListenRequest.execute(ListenThread.
java:563)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
Any ideas?
Thanks,
Lsui -
SSL Certificate Install Problem
To all Sun App Server Gurus,
I face a major challenge trying to install an SSL certificate on our Application Server.
The Manage Database was successful.
I filled out the certificate request form in the Security > Certificate Management > Request section and forwared the information / CSR to the CA.
The certificate is issued and validated by our CA.
I follow the steps according the documentation to import the certificate.
I specify the following to import the certificate
1) Certificate for : o This Server
2) Cryptographic Module: internal
3) Key Pair File Password: **************
4) Message Text (with headers):
-----BEGIN CERTIFICATE-----
U0UgT05MWSAtIE5PIFdBUlJBTlRZIEFUVEFDSE.....
-----END CERTIFICATE-----
5) Click OK
The next screen shows the certificate information which are correct as well.
After pressing "Add Server Certificate" it take about 20 seconds until I receive a pop error message. It says: "Incorrect Useage: No Private Key. The server could not find the private key associated with this certificate."
After I click OK the Admin GUI displays the following error in the browser: "Not Found
The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it. "
Security > General
Log Level: finest
Audit Logging Enabled: unchecked
Default Realm: file
Anonymous Roule: ANYONE
In the admin server log I get the following entry:
WARNING ( 1182): for host x.x.x.x trying to GET /instance-server1/admin/bin/(null), cgi_start_exec reports: HTTP4049: cannot find CGI program /opt/SUNWappserver7/lib/admincgi/(null) (File not found)
I checked the directories and they all exist and the admincgi even has files included. I don't know which one should be missing.
I also reinstalled the App Server twice so far and used the default options.
If anyone could please help me with this that would be extremly helpful.
Thank you.
Regards,
Martintry converting your key from der2pem using
java utils.der2pem {keyfile in der} {keyfile out in pem}
thanks
kiran
"eraldo" <[email protected]> wrote in message
news:[email protected]..
hi,
I tried to install SSL certicate on a Weblogic 6.1 SP3 (running on a
Solaris 8). Following the post 5457 (found in your newsgroup) I made
this steps:
- I generated CSR using web application /certificate
- I sent CSR to Entrust.com obtaining a certicate and a chain
certificate
- I configured the server under "Configuration - SSL" with following
parameters:
- Enabled = true
- Listen port = 8002
- Server Key File Name = <path to private key ".der" file>
- Server Certificate File Name = <path to Entrust CRT ".pem" file>
- Server Certificate Chain File Name = <path to Entrust CA ".pem"
file>
- Key Encrypted = true
- I changed startWebLogic.sh:
- added "-Dweblogic.management.pkpassword=<my_pwd>" to JAVA command
line
Launchin' the script I got the following exception:
<Nov 22, 2002 2:34:44 PM GMT-01:00> <Alert> <WebLogicServer> <Security
configuration problem with ce
rtificate file config/sdfdomain/H3MIS097_H3G_IT-key.der,
java.io.IOException: weblogic.security.Ciph
erException: Invalid padding length 48>
java.io.IOException: weblogic.security.CipherException: Invalid
padding length 48
atweblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:157)
atweblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:125)
atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:391)
atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
atweblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1097)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:490)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:206)
at weblogic.Server.main(Server.java:35)
Any idea?
Thanks in advance,
Eraldo -
Error adding other root certs to Weblogic
I am using the trial 30-day version. I wonder whether it has any restrictions which
prevent from adding new root certificates to the ca.pem file. If this is not the
case, I will expose my problem.
I have added a new self-signed root certificate after the one that was contained
in the ca.pem, so there are now two root certificates:
********************** begin of the ca.pem file
-----BEGIN CERTIFICATE-----
MIICQzCCAe2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xFTAT
BgNVBAoTDEJFQSBXZWJMb2dpYzERMA8GA1UECxMIU2VjdXJpdHkxIzAhBgNVBAMT
GkRlbW8gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9zdXBw
b3J0QGJlYS5jb20wHhcNMDAwNTMwMjEzNzQ0WhcNMDQwNTE0MjEzNzQ0WjCBqTEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
cmFuY2lzY28xFTATBgNVBAoTDEJFQSBXZWJMb2dpYzERMA8GA1UECxMIU2VjdXJp
dHkxIzAhBgNVBAMTGkRlbW8gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYJKoZI
hvcNAQkBFg9zdXBwb3J0QGJlYS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
3VEoD2Q2ln4PyilUNUyPa9yQxS6YqJk7xwWlAHZ5AAhq7dkosZDCNZYYYTZihpOx
GcgLwqY6gYZCN7pwlk+h/QIDAQABMA0GCSqGSIb3DQEBBAUAA0EAAFsKZZ9dc1na
5lHpO8EL85EPDPRyCJ9lTRw3bPMEqItyBuEAXh8woRgGN5j9KinDoWsmFCBO5MFy
qN5p4APL4w==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB6zCCAZWgAwIBAgIBATANBgkqhkiG9w0BAQQFADB+MQswCQYDVQQGEwJlczES
MBAGA1UEBxMJQmFyY2Vsb25hMRIwEAYDVQQKEwlTYWZlbGF5ZXIxEjAQBgNVBAsT
CURldmVsb3BlcjENMAsGA1UEAxMEcm9vdDEkMCIGCSqGSIb3DQEJARYVc3VwcG9y
dEBzYWZlbGF5ZXIuY29tMB4XDTk5MTIzMTIzMDAwMFoXDTE5MTIzMTIzMDAwMFow
fjELMAkGA1UEBhMCZXMxEjAQBgNVBAcTCUJhcmNlbG9uYTESMBAGA1UEChMJU2Fm
ZWxheWVyMRIwEAYDVQQLEwlEZXZlbG9wZXIxDTALBgNVBAMTBHJvb3QxJDAiBgkq
hkiG9w0BCQEWFXN1cHBvcnRAc2FmZWxheWVyLmNvbTBcMA0GCSqGSIb3DQEBAQUA
A0sAMEgCQQCg+E0qVGLgZWSjcae1FHMap/8SBlbhQc3GbaL3NxbBDZGeaKZqzlTv
ZhGeWf3zEB17tbHE18hAxro6TA2i8MhVAgMBAAEwDQYJKoZIhvcNAQEEBQADQQAS
E2U64E9eu0dgJYktTK37YcTpyspwSabyeaziAktu99cCOQbCTYXGojouRekbkKAv
u8J28DSM62Me7W5zsPV2
-----END CERTIFICATE-----
********************** end of the ca.pem file
I did not modify the democert.pem or the demokey.pem files, as I want my weblogic
server to continue using the same SSLserver certificate than it was using before.
Then when I try to start the Weblogic server, I got the following error on the
console:
Starting WebLogic Server ....
<24-abr-01 16:21:33 CEST> <Notice> <Management> <Loading configuration file .\co
nfig\examples\config.xml ...>
log file: C:\bea\wlserver6.0sp1\.\config\examples\logs\weblogic.log
<24-abr-01 16:21:37 CEST> <Info> <Logging> <Only log messages of severity "Error
" or worse will be displayed in this window. This can be changed at Admin Consol
e> examples> Servers> examplesServer> Logging> General> Stdout severity threshol
d>
weblogic.security.CipherException: Incorrect encrypted block
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:208)
at weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:243)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<24-abr-01 16:21:41 CEST> <Alert> <WebLogicServer> <Inconsistent security config
uration, weblogic.security.AuthenticationException: Incorrect encrypted block
po
ssibly incorrect SSLServerCertificateChainFileName set for this server certifica
te>
weblogic.security.AuthenticationException: Incorrect encrypted block possibly
in
correct SSLServerCertificateChainFileName set for this server certificate
at weblogic.security.X509.verifySignature(X509.java:251)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<24-abr-01 16:21:59 CEST> <Notice> <WebLogicServer> <WebLogic Server started>
<24-abr-01 16:21:59 CEST> <Notice> <WebLogicServer> <ListenThread listening on
p
ort 7001>
I would appreciate any help on this issue. I want to add the new root certificate
because I own a SSLclient certificate in my browser which I want the Weblogic
server to authenticate.
Thank you very much, David.OK, I finally was able to understand what the error was. The new root certificate
cannot be added to the ca.pem file. You'd better create a new file called ca2.pem
with the new root certificate. Then you have go to SSL configuration section and
edit the 'Trusted CAFile Name' field to point to the ca2.pem file.
Easy but I had trouble to understand it from the documentation.
"David Ruana" <[email protected]> wrote:
>
I am using the trial 30-day version. I wonder whether it has any restrictions
which
prevent from adding new root certificates to the ca.pem file. If this
is not the
case, I will expose my problem.
I have added a new self-signed root certificate after the one that was
contained
in the ca.pem, so there are now two root certificates:
********************** begin of the ca.pem file
-----BEGIN CERTIFICATE-----
MIICQzCCAe2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xFTAT
BgNVBAoTDEJFQSBXZWJMb2dpYzERMA8GA1UECxMIU2VjdXJpdHkxIzAhBgNVBAMT
GkRlbW8gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9zdXBw
b3J0QGJlYS5jb20wHhcNMDAwNTMwMjEzNzQ0WhcNMDQwNTE0MjEzNzQ0WjCBqTEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
cmFuY2lzY28xFTATBgNVBAoTDEJFQSBXZWJMb2dpYzERMA8GA1UECxMIU2VjdXJp
dHkxIzAhBgNVBAMTGkRlbW8gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYJKoZI
hvcNAQkBFg9zdXBwb3J0QGJlYS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
3VEoD2Q2ln4PyilUNUyPa9yQxS6YqJk7xwWlAHZ5AAhq7dkosZDCNZYYYTZihpOx
GcgLwqY6gYZCN7pwlk+h/QIDAQABMA0GCSqGSIb3DQEBBAUAA0EAAFsKZZ9dc1na
5lHpO8EL85EPDPRyCJ9lTRw3bPMEqItyBuEAXh8woRgGN5j9KinDoWsmFCBO5MFy
qN5p4APL4w==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB6zCCAZWgAwIBAgIBATANBgkqhkiG9w0BAQQFADB+MQswCQYDVQQGEwJlczES
MBAGA1UEBxMJQmFyY2Vsb25hMRIwEAYDVQQKEwlTYWZlbGF5ZXIxEjAQBgNVBAsT
CURldmVsb3BlcjENMAsGA1UEAxMEcm9vdDEkMCIGCSqGSIb3DQEJARYVc3VwcG9y
dEBzYWZlbGF5ZXIuY29tMB4XDTk5MTIzMTIzMDAwMFoXDTE5MTIzMTIzMDAwMFow
fjELMAkGA1UEBhMCZXMxEjAQBgNVBAcTCUJhcmNlbG9uYTESMBAGA1UEChMJU2Fm
ZWxheWVyMRIwEAYDVQQLEwlEZXZlbG9wZXIxDTALBgNVBAMTBHJvb3QxJDAiBgkq
hkiG9w0BCQEWFXN1cHBvcnRAc2FmZWxheWVyLmNvbTBcMA0GCSqGSIb3DQEBAQUA
A0sAMEgCQQCg+E0qVGLgZWSjcae1FHMap/8SBlbhQc3GbaL3NxbBDZGeaKZqzlTv
ZhGeWf3zEB17tbHE18hAxro6TA2i8MhVAgMBAAEwDQYJKoZIhvcNAQEEBQADQQAS
E2U64E9eu0dgJYktTK37YcTpyspwSabyeaziAktu99cCOQbCTYXGojouRekbkKAv
u8J28DSM62Me7W5zsPV2
-----END CERTIFICATE-----
********************** end of the ca.pem file
I did not modify the democert.pem or the demokey.pem files, as I want
my weblogic
server to continue using the same SSLserver certificate than it was using
before.
Then when I try to start the Weblogic server, I got the following error
on the
console:
Starting WebLogic Server ....
<24-abr-01 16:21:33 CEST> <Notice> <Management> <Loading configuration
file .\co
nfig\examples\config.xml ...>
log file: C:\bea\wlserver6.0sp1\.\config\examples\logs\weblogic.log
<24-abr-01 16:21:37 CEST> <Info> <Logging> <Only log messages of severity
"Error
" or worse will be displayed in this window. This can be changed at Admin
Consol
e> examples> Servers> examplesServer> Logging> General> Stdout severity
threshol
d>
weblogic.security.CipherException: Incorrect encrypted block
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:208)
at weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:243)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<24-abr-01 16:21:41 CEST> <Alert> <WebLogicServer> <Inconsistent security
config
uration, weblogic.security.AuthenticationException: Incorrect encrypted
block
po
ssibly incorrect SSLServerCertificateChainFileName set for this server
certifica
te>
weblogic.security.AuthenticationException: Incorrect encrypted block
possibly
in
correct SSLServerCertificateChainFileName set for this server certificate
at weblogic.security.X509.verifySignature(X509.java:251)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<24-abr-01 16:21:59 CEST> <Notice> <WebLogicServer> <WebLogic Server
started>
<24-abr-01 16:21:59 CEST> <Notice> <WebLogicServer> <ListenThread listening
on
p
ort 7001>
I would appreciate any help on this issue. I want to add the new root
certificate
because I own a SSLclient certificate in my browser which I want the
Weblogic
server to authenticate.
Thank you very much, David. -
"xdo" failed to preload on startup in Web application: "xmlpserver".
I have been able to deploy OBIEE onto Weblogic 10.3 however no success in BI publisher 10.1.3.4.0. I'm using JDK 6.14, not JRockIt.
I have tried expanding the xmplserver.ear -> xmlpserver.war -> expanded files
i have used the following link to deploy
http://bipconsulting.blogspot.com/2009/04/installation-for-oracle-weblogic-server.html
the error i get is
[HTTP:101216]Servlet: "xdo" failed to preload on startup in Web application: "xmlpserver.war".
java.lang.NoClassDefFoundError: com/phaos/crypto/CipherException at
oracle.apps.xdo.servlet.security.SecurityHandler.getHandler(SecurityHandler.java:78) at
oracle.apps.xdo.servlet.GlobalContext.initSecurity(GlobalContext.java:129) at
oracle.apps.xdo.servlet.GlobalContext.init(GlobalContext.java:97) at
oracle.apps.xdo.servlet.XDOServlet.init(XDOServlet.java:67) at
weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283) at
weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at
weblogic.security.service.SecurityManager.runAs(Unknown Source) at
weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64) at
weblogic.servlet.internal.StubLifecycleHelper.createOneInstance(StubLifecycleHelper.java:58) at
weblogic.servlet.internal.StubLifecycleHelper.<init>(StubLifecycleHelper.java:48) at
weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:521) at
weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletContext.java:1893) at
weblogic.servlet.internal.WebAppServletContext.loadServletsOnStartup(WebAppServletContext.java:1870) at
weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1790) at
weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3000) at
weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1371) at
weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:471) at
weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:205) at
weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37) at
weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:60) at
weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:201) at
weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:118) at
weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:205) at
weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37) at
weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:60) at
weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:28) at
weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:636) at
weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37) at
weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212) at
weblogic.application.internal.SingleModuleDeployment.activate(SingleModuleDeployment.java:16) at
weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:162) at
weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79) at
weblogic.deploy.internal.targetserver.operations.AbstractOperation.activate(AbstractOperation.java:569) at
weblogic.deploy.internal.targetserver.operations.ActivateOperation.activateDeployment(ActivateOperation.java:140) at
weblogic.deploy.internal.targetserver.operations.ActivateOperation.doCommit(ActivateOperation.java:106) at
weblogic.deploy.internal.targetserver.operations.AbstractOperation.commit(AbstractOperation.java:323) at
weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentCommit(DeploymentManager.java:820) at
weblogic.deploy.internal.targetserver.DeploymentManager.activateDeploymentList(DeploymentManager.java:1227) at
weblogic.deploy.internal.targetserver.DeploymentManager.handleCommit(DeploymentManager.java:436) at
weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.commit(DeploymentServiceDispatcher.java:164) at
weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doCommitCallback(DeploymentReceiverCallbackDeliverer.java:181) at
weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$100(DeploymentReceiverCallbackDeliverer.java:12) at
weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$2.run(DeploymentReceiverCallbackDeliverer.java:68) at
weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516) at
weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at
weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Any hints?
ThanksThe stack trace indicates - some libraries can't be found:
java.lang.NoClassDefFoundError: com/phaos/crypto/CipherExceptionThe missing above library comes from ojpse.jar ( which is located by default installation in $OracleBI_home/oc4j_bi/jlib/ojpse.jar ) - that let me suggest, you took your xmlpserver.war from oc4j distribution. So, in that case, a workaround could be to include this jar into classpath before starting WebLogic server. The proper solution ( i think ) - you should deploy a standalone version of xmlpserver ( if you download bi publisher and unzip this archive from http://www.oracle.com/technology/software/products/publishing/index.html - you will find in the folder Oracle_Business_Intelligence_Publisher_Standalone/manual/generic a little differently packaged xmlpserver.war - which does include the mentioned library - under WEB-INF/lib, among some other additional libraries ). If i remember correctly, i've read it somewhere in documentation as well - about deployment bi publisher under 3rd party application server - the fully packaged version ( also not from the oc4j deployment) should be used.
Best regards
Maxim -
Tomcat ERROR when installing BIPublisher
Hi,
During installation and trying to login to the "Oracle BI Publisher Enterprise", i tried to log in using the user/password: admin/admin but it shows this error:
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException: com/phaos/crypto/CipherException
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:476)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:371)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:315)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
oracle.apps.xdo.servlet.security.SecurityFilter.doFilter(SecurityFilter.java:100)
root cause
javax.servlet.ServletException: com/phaos/crypto/CipherException
org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:846)
org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:779)
org.apache.jsp.login_jsp._jspService(login_jsp.java:499)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:328)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:315)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
oracle.apps.xdo.servlet.security.SecurityFilter.doFilter(SecurityFilter.java:100)
root cause
java.lang.NoClassDefFoundError: com/phaos/crypto/CipherException
oracle.apps.xdo.servlet.security.SecurityHandler.getHandler(SecurityHandler.java:66)
org.apache.jsp.login_jsp._jspService(login_jsp.java:190)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:328)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:315)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
oracle.apps.xdo.servlet.security.SecurityFilter.doFilter(SecurityFilter.java:100)
note The full stack trace of the root cause is available in the Apache Tomcat/5.5.23 logs.
Why can't i log in?OP doesn't have to do anything other than follow the instructions in the installation guide.
Ensure Tomact is correctly installed - you see that on the welcome page (and have an appropriate version of Java)
Add in the manager/admin password/role as needed
Deploy the XMLPwhatever WAR file, either with Tomcat running or not, works either way
Copy the font files, also specified in the installation guide
Etc.
It works just like it says, no need to move other jar files around or go find missing jar files. If you have do that, you messed up the installation in one place/step or another. Start over. -
Hi,
I have installed ESP 5.1 v4 and I am getting following errror after kicking off script:
cd /opt/sybase/ESP-5_1/cluster/nodes/node1
$ESP_HOME/bin/esp_server --cluster-node node1.xml
(Location of log: /opt/sybase/ESP-5.1/cluster/nodes/node1/clusted.log:)
Jun 11 2014 16:52:09.416 INFO - SAP Sybase Event Stream Processor Cluster Node 5.1.04.00/20131113.1/SP04 PL00/linux/x86_64/64-bit/OPT/Wed Nov 13 08:29:30 PST 2013
Jun 11 2014 16:52:10.130 FATAL - CODE_700219 | Exception decrypting Security/Password
com.sybase.esp.cluster.impl.CipherService$CipherServiceException: Caught exception decrypting text
at com.sybase.esp.cluster.impl.CipherService.decrypt(Unknown Source)
at com.sybase.esp.cluster.impl.CipherService.decryptToString(Unknown Source)
at com.sybase.esp.cluster.impl.SecurityConfig.configure(Unknown Source)
at com.sybase.esp.cluster.impl.NodeConfig.configure(Unknown Source)
at com.sybase.esp.cluster.impl.Node.initialize(Unknown Source)
at com.sybase.esp.cluster.impl.Node.initialize(Unknown Source)
at com.sybase.esp.cluster.FactoryNode.factory(Unknown Source)
at com.sybase.esp.cluster.FactoryNode.main(Unknown Source)
Caused by: com.sybase.esp.system.crypto.CipherException: caught exception decrypting data
at com.sybase.esp.system.crypto.Cipher.decrypt(Unknown Source)
... 8 more
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:313)
at javax.crypto.Cipher.doFinal(Cipher.java:2087)
... 9 more
Jun 11 2014 16:52:10.144 FATAL - CODE_700032 | Security configuration failed
Jun 11 2014 16:52:10.144 FATAL - CODE_700012 | Factory of new node with config file [node1.xml] failed
I have changed ESP to use preconfigured username/password (in csi_local.xml) with no luck.
Any suggestions?I tryied this as well (I have PDF documentation with those steps).
I haven;t changed encrypted password used to access the keystore, neither cluster's encrypted password.
This is what I did:
1. Kick off installation: ./setup.bin
So I have it installed on the /opt/sybase
2.
Modify node1.xml file:
/opt/sybase/ESP-5_1/cluster/nodes/node1/node1.xml
changes:
- It was "true" before
<Port ssl="false">19011</Port>
<AdminPort ssl="false">0</AdminPort>
- Comment out:
<!--<File>${ESP_SHARED}/security/csi_native_unix.xml</File>-->
- Add line:
<File>${ESP_SHARED}/security/csi_local.xml</File>
3. sybase-csi file (as per page 52 from
http://infocenter.sybase.com/help/topic/com.sybase.infocenter.dc01611.0510/doc/
pdf/admin_guide.pdf)
4. Follow instructions from link provided by you: http://infocenter.sybase.com/help/topic/com.sybase.infocenter.dc01611.0514/doc/html/tbi1353498879466.html
My node1.csi file looks like following:
<Node xmlns:xi="http://www.w3.org/2001/XInclude">
<!-- The Node Name must be unique throughtout the Cluster. -->
<Name>node1</Name>
<!-- The Macros node is optional. -->
<!-- Values of the form ${macro_name} in nodes identified below will expand to the maco value. -->
<!-- Macros are loaded before all other config -->
<Macros>
<!-- The Macro node has an optional 'type' attribute. -->
<!-- Allowed 'type' values are "value", "envar", "sysproperty" and "prompt". -->
<!-- If type is value, the literal value specified (subject to expansion) will be used. -->
<!-- If type is envar, value for Macro will be pulled from environment valiable defined by Macro value. -->
<!-- If type is sysproperty, value for Macro will be pulled from Java system property defined by Macro value. -->
<!-- If type is prompt, the value will be prompted for at startup. Hide and verify options are supported. -->
<Macro name="ESP_HOME" type="envar">ESP_HOME</Macro>
<Macro name="ESP_HOSTNAME">esplni01.zit.commerzbank.com</Macro>
<Macro name="ESP_SHARED">${ESP_HOME}</Macro>
<Macro name="ESP_STORAGE">${ESP_SHARED}/storage</Macro>
</Macros>
<!-- The SystemProperties node is optional. -->
<SystemProperties>
<!-- If a Property is defined, that Java system property will be set to the value specified. -->
<!-- A Property is macro expanded by default. -->
<!-- To disable expansion, set attribute expand="false". -->
<!-- prompt="true" will cause the value to be prompted for at startup. Hide and verify options are supported. -->
<!--
<Property name="some.system.property.to.set">some value</Property>
<Property name="some.other.system.property.to.set">some other value</Property>
-->
<Property name="esp.home">${ESP_HOME}</Property>
<Property name="esp.shared">${ESP_SHARED}</Property>
<!-- If using Kerberos authentication, the following properties-->
<!-- should be set to their appropriate values. -->
<Property name="java.security.krb5.realm">REALM_PLACEHOLDER</Property>
<Property name="java.security.krb5.kdc">KDC_PLACEHOLDER</Property>
</SystemProperties>
<!-- A Cluster Node can be a Controller and/or a Manager. It must be at least one. -->
<!-- In this instance, the Node is both. -->
<Controller enabled="true">
<!-- The ApplicationTypes define all application types this Controller Node will be able to launch. -->
<ApplicationTypes>
<ApplicationType name="project" enabled="true">
<Class>com.sybase.esp.cluster.plugins.apptypes.Project</Class>
<StandardStreamLog enabled="true" />
<Properties>
<Property name="esp-home">${ESP_HOME}</Property>
<Property name="hostname">${ESP_HOSTNAME}</Property>
<Property name="ld-preload">${ESP_HOME}/lib/jre/lib/amd64/server/libjsig.so</Property>
<Property name="services-file">${ESP_HOME}/bin/service.xml</Property>
<Property name="base-directory">${ESP_SHARED}/cluster/projects/test-name-1</Property>
<Property name="ssl-key-file">${ESP_HOME}/cluster/keys/test-name-1</Property>
<Property name="ssl-key-file-encrypted">true</Property>
</Properties>
</ApplicationType>
<ApplicationType name="ha_project" enabled="true">
<Class>com.sybase.esp.cluster.plugins.apptypes.HaProject</Class>
<StandardStreamLog enabled="true" />
<Properties>
<Property name="esp-home">${ESP_HOME}</Property>
<Property name="hostname">${ESP_HOSTNAME}</Property>
<Property name="ld-preload">${ESP_HOME}/lib/jre/lib/amd64/server/libjsig.so</Property>
<Property name="services-file">${ESP_HOME}/bin/service.xml</Property>
<Property name="base-directory">${ESP_SHARED}/cluster/projects/test-name-1</Property>
<Property name="ssl-key-file">${ESP_HOME}/cluster/keys/test-name-1</Property>
<Property name="ssl-key-file-encrypted">true</Property>
</Properties>
</ApplicationType>
</ApplicationTypes>
</Controller>
<Manager enabled="true">
<!-- The ApplicationHeartbeatTimeout node is optional -->
<!-- The first Manager in the Cluster will determine the value Cluster wide -->
<!-- The value is in milliseconds -->
<!--
<ApplicationHeartbeatTimeout>30000</ApplicationHeartbeatTimeout>
-->
</Manager>
<Rpc>
<!-- The Host node is optional -->
<!--
<Host>${ESP_HOSTNAME}</Host>
-->
<Port ssl="false">19011</Port>
<AdminPort ssl="false">0</AdminPort>
</Rpc>
<Cache>
<!-- The Host node is optional. Only used if Manager node above is enabled. -->
<!--
<Host>${ESP_HOSTNAME}</Host>
-->
<!-- The Port node is only used if Manager node above is enabled. -->
<Port>19001</Port>
<!-- The Name defines the Cluster name.-->
<!-- All Nodes in a Cluster must have the same Name/Password defined.-->
<Name>test-name-1</Name>
<Password encrypted="true" prompt="false" hide="true" verify="true" query="Please enter cluster password">
LH0Jev3YIlMRRXTwfzbqVST1hEMdNAf4YHjphVfTCq/SzNny
</Password>
<!-- If Multicast is not enabled, the Managers node below must be enabled.-->
<Multicast enabled="false">
<Group>224.2.2.7</Group>
<Port>54323</Port>
</Multicast>
<!-- If Multicast is not enabled or the Manager node above is not enabled, -->
<!-- the Managers node below must be enabled. -->
<!-- The Managers node specifies all Manager enabled nodes in the Cluster -->
<Managers enabled="true">
<Manager>localhost:19001</Manager>
</Managers>
<Persistence enabled="false">
<Directory>${ESP_STORAGE}</Directory>
</Persistence>
</Cache>
<Security>
<Csi>
<!-- The File node is macro expanded by default. -->
<!-- To disable expansion, set attribute expand="false". -->
<!-- This node specifies the CSI configuration file to use. -->
<!-- There are currently 6 distributed CSI config examples. -->
<!-- csi_native_nt.xml uses a CSI supplied LoginModule that provides native OS authentication on Windows. -->
<!-- csi_native_unix.xml uses a CSI supplied LoginModule that provides native OS authentication on Unix. -->
<!-- csi_ldap.xml uses a CSI supplied LoginModule that provides LDAP authentication. -->
<!-- csi_kerberos.xml uses an ESP supplied LoginModule that provides Kerberos authentication. -->
<!-- csi_rsa.xml uses an ESP supplied LoginModule that provides RSA authentication. -->
<!-- csi_boe.xml uses an ESP supplied LoginModule that provides SAP BI authentication. -->
<!--<File>${ESP_SHARED}/security/csi_native_unix.xml</File>-->
<File>${ESP_SHARED}/security/csi_local.xml</File>
<!--Policy>${ESP_SHARED}/security/policy.xml</Policy-->
</Csi>
<Keystore>
<Type>JKS</Type>
<File>/opt/sybase/ESP-5_1/security/keystore_rsa.jks</File>
<Password encrypted="true" prompt="false" hide="true" verify="true" query="Please enter keystore password">
ywMJ0f2DIvsRlHRsfwfqSySKhGodhQctYHTpUFeuCtDS/tpj
</Password>
<Algorithm>RSA</Algorithm>
</Keystore>
<Cipher>
<File>${ESP_HOME}/cluster/keys/test-name-1/cluster.key</File>
</Cipher>
</Security>
</Node>
Thanks,
Jack -
Greetings,
I generated a cert request from WLS 6.0 and submitted to VeriSign for a test
cert. When I tried to configure WLS to use the new cert I got the
following:
<Feb 15, 2001 4:06:17 PM GMT-05:00> <Alert> <WebLogicServer> <Security
configuration problem with certificate file config/mydomain/cxreq1-key.der,
java.io.IOException: weblogic.security.CipherException: Invalid padding
length 161>
java.io.IOException: weblogic.security.CipherException: Invalid padding
length 161
at
weblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:157)
at
weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:125)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:386)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:939)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
And of course SSL was not enabled. Can anyone please point me towards a
solution?
Thanks
Todd"Peter B" <@> wrote in message news:[email protected]..
>
"Rob Jago" <[email protected]> wrote in message
news:3bddf8a1$[email protected]..
Hello
I am having problems communicating to a WLS6.0 sp2 server from a java
application using JSSE and SSL. It appears a bulk of the problem lies
in
the SSL handshaking.
It usually fails on the Change Cipher Spec call.
Which SSL implementation are you using ?Hi Peter. thanks for the reply
currently using JSSE 1.0.2 with JDK 1.3.1_01.
I have done some more coding / testing and encountered some interesting /
crazy things
with SSL _ tracing on , I get the connection reset by peer
with SSL tracing off, I get the connection closed.
Rob -
Verisign certificate & Chain File Name
Perhaps a newbie question, but here goes:
I am having trouble installing a Verisign certificate on my Weblogic 6.0
server. I have my private key and certificate file installed properly I
believe, but am unsure what to put in the Certificate Chain File entry
in the console. I only have 1 certificate for this server. I have tried
to
a) leave it empty - in which case it uses a default file name which does
not exist
b) use the certificate I got from Verisign
c) export a class 3 certificate from my browser and use that file
In all the cases that I give it an existing file name, I get the
following stack trace:
weblogic.security.CipherException: Incorrect encrypted block
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:208)
at
weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:243)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Sep 5, 2001 8:18:55 AM PDT> <Alert> <WebLogicServer> <Inconsistent
security configuration, weblogic.security.AuthenticationException:
Incorrect encrypted block possibly incorrect
SSLServerCertificateChainFileName set for this server certificate>
weblogic.security.AuthenticationException: Incorrect encrypted block
possibly incorrect SSLServerCertificateChainFileName set for this server
certificate
at weblogic.security.X509.verifySignature(X509.java:251)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)OK. Found out what it was.
The Server Certificate Chain File name is what Verisign calls the
Intermediate Certificate. So what you need to do is grab that cert off the
Verisign site, paste it into a new file on your server and put that file
name in as the path to the Chain File name.
New question: Why the 2 names for the same thing ? The documentation could
be a bit clearer here, as it's a very simple process that seems more
complicated than it needs to be (IMHO).
Brian Hall wrote:
Perhaps a newbie question, but here goes:
I am having trouble installing a Verisign certificate on my Weblogic 6.0
server. I have my private key and certificate file installed properly I
believe, but am unsure what to put in the Certificate Chain File entry
in the console. I only have 1 certificate for this server. I have tried
to
a) leave it empty - in which case it uses a default file name which does
not exist
b) use the certificate I got from Verisign
c) export a class 3 certificate from my browser and use that file
In all the cases that I give it an existing file name, I get the
following stack trace:
weblogic.security.CipherException: Incorrect encrypted block
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:208)
at
weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:243)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Sep 5, 2001 8:18:55 AM PDT> <Alert> <WebLogicServer> <Inconsistent
security configuration, weblogic.security.AuthenticationException:
Incorrect encrypted block possibly incorrect
SSLServerCertificateChainFileName set for this server certificate>
weblogic.security.AuthenticationException: Incorrect encrypted block
possibly incorrect SSLServerCertificateChainFileName set for this server
certificate
at weblogic.security.X509.verifySignature(X509.java:251)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
Maybe you are looking for
-
Error message when logging into financial reporting studio 11.1.1.3
I receive the following error message when I attempt to login in to financial reporting studio 11.1.1.3: "You are not authorized to use this functionality. Please contact your administrator." I'm attempting to login with the default "admin" user that
-
Report Builder - Add report Processing time
Hi, I was wondering if there was any way to add a value field to a report, with the time it took for the report to Process. It would probably be a text field with an Expression, but don't know how that would go. I know that in Expression there is a v
-
Hi, I am working on Oracle 10.2.0.4 2 node RAC database(Solaris 10, SPARC). I have a table containing around 10 million rows occupying 10G storage. To test the benefits of partitioning I created a partitioned table and then tried inserting all the re
-
Hi all , I need the documents on SAP HR-Benefits. Regards santosh .
-
Modifying default permissions? (Answered)
A little while back, I discovered a way for the system to automatically make the permissions of files I create 0640. I've changed my mind about that now (since a permissions problem gave me hell with sqlite all day), and I've forgotten what I can do