Keystore communication?
Hi,
I am not an expert in cryprography, but have experience in working with encryption using BouncyCastle and keytool.
I have a basic question on the standard practices used with a keystore. Can someone please explain me how two parties communicate regarding Java encryption. Assume both the parties are using AES 128 encryption and decryption and both have their own keystores. How does one party communicate the secret key used for ecryption to the other party so that the other party can decrypt it using the same key? Please note that I am only talking about Symmetric Key encryption here (not shared key).
Thanks,
vijay.
If both parties have (securely) exchanged their secret keys ahead of time they'd each simply store it in their respective key store or wherever is convenient. The trick, of course, is exchanging the secret key securely. That's where a public/private key pair can be quite handy but there are issues with that, too, mainly trust: When two parties exchange their respective public keys how do they guard against a man-in-the-middle attack, for example? Enter certificates, which involve a third party who is trusted by both sides to have verified their identity so that the cryptographic certificate on the public keys assure each side that they're really talking to the right party. Once that channel is established you can exchange secret keys digitally.
Note: self-signed certificates on public keys really certify nothing but they're good enough to satisfy the mere mechanics of the process, generally for testing, but certainly not the trust aspect. Also, public/private keys are computationally expensive compared to secret keys, which is why public/private keys tend to be used only for the exchange of a secret key (which can be generated on the fly by one of the parties and discarded after the session).
Disclaimer: I'm no expert on cryptography, either.
Similar Messages
-
There is no key entry with such alias in keystore seeburger AS2
Hi,
Error message in RWB shows the following
Message entered module processor exit bean and will be transferred to JCA adapter
2011-04-06 06:19:29 Success SEEBURGER/AS2: Received order from system.
2011-04-06 06:19:29 Error Unable to forward message to JCA adapter. Reason: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: There is no key entry with such alias in keystore, SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiExc
2011-04-06 06:19:29 Error Delivery of the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: There is no key entry with such alias in keystore, SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.
2011-04-06 06:19:29 Error The message status set to NDLV.
2011-04-06 06:19:29 Error MP: Exception caught with cause javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: There is no key entry with such alias in keystore, SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.ks
unable to send / receiver messages through AS2. Please let us know what could be the error. How/ where to resolve it.Please check the SDN thread below
AS2 Adapter Configuration to Customer / no signature certificate
Also, check the help page below
http://help.sap.com/saphelp_sm40/helpdata/DE/84/be18d66b2a47f6b4adc704a7c0e23e/content.htm
for instructions on how to get the "SEEBURGER EDIINT AS2 Adapter for SAP Exchange Infrastructure Configuration Guide" from the Service Marketplace. Then, on this guide, please check the configuration according to your sender or receiver communication channel regarding the Security (certificates) parameters.
Are the key Store entries imported correctly? Please check if the certificates were imported in the right order and none of the certificates on the chain are expired. -
After applying custom keystore in weblogic admin_server, server is not get started
Hi All, (Thanks in advance)
I have a big problem now. I applied the SSL configuration to weblogic and OBIEE. It was working fine with Demo Keystore. After creating selfsigned keystore and applying to weblogic admin_server, the server get shutdown and now it is not starting. here is the log, I have checked the username/password many times. also I removed boot.properties file and it get generated again during startup.
I used the following commands to generate custome keystores.
$JAVA_HOME/jre/bin/keytool -genkey -keyalg RSA -alias selfsigned -keystore identity.jks \
-dname "CN=`hostname`, OU=My Department, O=My Company, L=Birmingham, ST=West Midlands, C=GB" \
-storepass password1 -validity 3600 -keysize 2048 -keypass password1
$JAVA_HOME/jre/bin/keytool -selfcert -v -alias selfsigned -keypass password1 -keystore identity.jks \
-storepass password1 -storetype jks -validity 3600
$JAVA_HOME/jre/bin/keytool -export -v -alias selfsigned -file "`hostname`-rootCA.der" -keystore identity.jks \
-storepass password1
# Trust? yes
$JAVA_HOME/jre/bin/keytool -import -v -trustcacerts -alias selfsigned -file "`hostname`-rootCA.der" \
-keystore trust.jks -storepass password1
####<Apr 28, 2014 6:46:00 PM GST> <Info> <WebLogicServer> <MYHOSTSERVER> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1398696360069> <BEA-000000> <WebLogic Server "AdminServer" version:
WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 Copyright (c) 1995, 2009, Oracle and/or its affiliates. All rights reserved.>
####<Apr 28, 2014 6:46:00 PM GST> <Notice> <Log Management> <MYHOSTSERVER> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1398696360215> <BEA-170019> <The server log file /u01/app/obiee/user_projects/domains/bifoundation_domain/servers/AdminServer/logs/AdminServer.log is opened. All server side log events will be written to this file.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Log Management> <MYHOSTSERVER> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1398696360232> <BEA-170023> <The Server Logging is initialized with Java Logging API implementation.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Diagnostics> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360426> <BEA-320001> <The ServerDebug service initialized successfully.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Server> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360522> <BEA-002622> <The protocol "t3" is now configured.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Server> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360522> <BEA-002622> <The protocol "t3s" is now configured.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Server> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360522> <BEA-002622> <The protocol "http" is now configured.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Server> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360523> <BEA-002622> <The protocol "https" is now configured.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Server> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360524> <BEA-002622> <The protocol "iiop" is now configured.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Server> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360524> <BEA-002622> <The protocol "iiops" is now configured.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Server> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360525> <BEA-002622> <The protocol "ldap" is now configured.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Server> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360526> <BEA-002622> <The protocol "ldaps" is now configured.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Server> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360530> <BEA-002622> <The protocol "cluster" is now configured.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Server> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360531> <BEA-002622> <The protocol "clusters" is now configured.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Server> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360536> <BEA-002622> <The protocol "snmp" is now configured.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Server> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360536> <BEA-002622> <The protocol "admin" is now configured.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Server> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360536> <BEA-002624> <The administration protocol is "t3s" and is now configured.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <RJVM> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360571> <BEA-000570> <Network Configuration for Channel "AdminServer"
Listen Address :7002 (SSL)
Public Address N/A
Http Enabled true
Tunneling Enabled false
Outbound Enabled false
Admin Traffic Enabled true>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Server> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360611> <BEA-002609> <Channel Service initialized.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Socket> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360633> <BEA-000415> <System has file descriptor limits of - soft: 4,096, hard: 4,096>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Socket> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360633> <BEA-000416> <Using effective file descriptor limit of: 4,096 open sockets/files.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Socket> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360634> <BEA-000406> <PosixSocketMuxer was built on Apr 24 2007 16:05:00>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Socket> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360658> <BEA-000436> <Allocating 4 reader threads.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <Socket> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360659> <BEA-000446> <Native IO Enabled.>
####<Apr 28, 2014 6:46:00 PM GST> <Info> <IIOP> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696360842> <BEA-002014> <IIOP subsystem enabled.>
####<Apr 28, 2014 6:46:09 PM GST> <Info> <Security> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696369085> <BEA-090894> <Successfully loaded the OPSS Policy Provider using oracle.security.jps.internal.policystore.JavaPolicyProvider.>
####<Apr 28, 2014 6:46:09 PM GST> <Info> <Security> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696369777> <BEA-000000> <Starting OpenJPA 1.1.1-SNAPSHOT>
####<Apr 28, 2014 6:46:10 PM GST> <Info> <Security> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696370127> <BEA-000000> <StoreServiceImpl.initJDO - StoreService is initialized with Id = ldap_POF2C8zjWtAwo24sMoFyQ+Komsg=>
####<Apr 28, 2014 6:46:10 PM GST> <Info> <Security> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696370185> <BEA-090074> <Initializing Authenticator provider using LDIF template file /u01/app/obiee/user_projects/domains/bifoundation_domain/security/DefaultAuthenticatorInit.ldift.>
####<Apr 28, 2014 6:46:10 PM GST> <Info> <Security> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696370328> <BEA-090075> <The Authenticator provider has had its LDIF information loaded from: /u01/app/obiee/user_projects/domains/bifoundation_domain/security/DefaultAuthenticatorInit.ldift>
####<Apr 28, 2014 6:46:10 PM GST> <Info> <Security> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696370690> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /u01/app/obiee/user_projects/domains/bifoundation_domain/servers/AdminServer/data/ldap/XACMLAuthorizermyrealmInit.initialized, will load full LDIFT.>
####<Apr 28, 2014 6:46:10 PM GST> <Info> <Security> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696370716> <BEA-090074> <Initializing Authorizer provider using LDIF template file /u01/app/obiee/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift.>
####<Apr 28, 2014 6:46:11 PM GST> <Info> <Security> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696371107> <BEA-090075> <The Authorizer provider has had its LDIF information loaded from: /u01/app/obiee/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift>
####<Apr 28, 2014 6:46:11 PM GST> <Info> <Security> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696371736> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /u01/app/obiee/user_projects/domains/bifoundation_domain/servers/AdminServer/data/ldap/DefaultCredentialMappermyrealmInit.initialized, will load full LDIFT.>
####<Apr 28, 2014 6:46:11 PM GST> <Info> <Security> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696371737> <BEA-090827> <LDIF template file /u01/app/obiee/wlserver_10.3/server/lib/DefaultCredentialMapperInit.ldift was empty. The WebLogic provider CredentialMapper has been bootstrapped but has not been initialized with any LDIF data.>
####<Apr 28, 2014 6:46:11 PM GST> <Info> <Security> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696371753> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /u01/app/obiee/user_projects/domains/bifoundation_domain/servers/AdminServer/data/ldap/XACMLRoleMappermyrealmInit.initialized, will load full LDIFT.>
####<Apr 28, 2014 6:46:11 PM GST> <Info> <Security> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696371753> <BEA-090074> <Initializing RoleMapper provider using LDIF template file /u01/app/obiee/user_projects/domains/bifoundation_domain/security/XACMLRoleMapperInit.ldift.>
####<Apr 28, 2014 6:46:11 PM GST> <Info> <Security> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696371787> <BEA-090075> <The RoleMapper provider has had its LDIF information loaded from: /u01/app/obiee/user_projects/domains/bifoundation_domain/security/XACMLRoleMapperInit.ldift>
####<Apr 28, 2014 6:46:12 PM GST> <Info> <Security> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696372038> <BEA-090093> <No pre-WLS 8.1 Keystore providers are configured for server AdminServer for security realm myrealm.>
####<Apr 28, 2014 6:46:12 PM GST> <Notice> <Security> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696372038> <BEA-090082> <Security initializing using security realm myrealm.>
####<Apr 28, 2014 6:46:12 PM GST> <Critical> <Security> <MYHOSTSERVER> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398696372064> <BEA-090402> <Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
####<Apr 28, 2014 6:46:12 PM GST> <Critical> <WebLogicServer> <MYHOSTSERVER> <AdminServer> <main> <<WLS Kernel>> <> <> <1398696372067> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:959)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User weblogic javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User weblogic denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy36.login(Unknown Source)
at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy54.authenticate(Unknown Source)
at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:929)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
####<Apr 28, 2014 6:46:12 PM GST> <Notice> <WebLogicServer> <MYHOSTSERVER> <AdminServer> <main> <<WLS Kernel>> <> <> <1398696372142> <BEA-000365> <Server state changed to FAILED>
####<Apr 28, 2014 6:46:12 PM GST> <Error> <WebLogicServer> <MYHOSTSERVER> <AdminServer> <main> <<WLS Kernel>> <> <> <1398696372143> <BEA-000383> <A critical service failed. The server will shut itself down>
####<Apr 28, 2014 6:46:12 PM GST> <Notice> <WebLogicServer> <MYHOSTSERVER> <AdminServer> <main> <<WLS Kernel>> <> <> <1398696372147> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
####<Apr 28, 2014 6:46:12 PM GST> <Info> <WebLogicServer> <MYHOSTSERVER> <AdminServer> <main> <<WLS Kernel>> <> <> <1398696372164> <BEA-000236> <Stopping execute threads.>hi Puneeth, Thanks for the solution to run the weblogic. Now i have change SSL certificate to Demo. But also i have checked the default password for certificates is blank. i ran the following commad with blank password , and it runs without any error. After checking all these, I am getting the following error log, for bi_server1.
####<Apr 29, 2014 6:20:42 PM GST> <Info> <WebLogicServer> <AUHSPDC03OBIAP2> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1398781242221> <BEA-000000> <WebLogic Server "bi_server1" version:
WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 Copyright (c) 1995, 2009, Oracle and/or its affiliates. All rights reserved.>
####<Apr 29, 2014 6:20:42 PM GST> <Notice> <Log Management> <AUHSPDC03OBIAP2> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1398781242366> <BEA-170019> <The server log file /u01/app/obiee/user_projects/domains/bifoundation_domain/servers/bi_server1/logs/bi_server1.log is opened. All server side log events will be written to this file.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Log Management> <AUHSPDC03OBIAP2> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1398781242383> <BEA-170023> <The Server Logging is initialized with Java Logging API implementation.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Diagnostics> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242643> <BEA-320001> <The ServerDebug service initialized successfully.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Server> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242773> <BEA-002622> <The protocol "t3" is now configured.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Server> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242774> <BEA-002622> <The protocol "t3s" is now configured.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Server> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242774> <BEA-002622> <The protocol "http" is now configured.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Server> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242775> <BEA-002622> <The protocol "https" is now configured.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Server> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242776> <BEA-002622> <The protocol "iiop" is now configured.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Server> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242776> <BEA-002622> <The protocol "iiops" is now configured.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Server> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242777> <BEA-002622> <The protocol "ldap" is now configured.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Server> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242778> <BEA-002622> <The protocol "ldaps" is now configured.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Server> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242782> <BEA-002622> <The protocol "cluster" is now configured.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Server> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242783> <BEA-002622> <The protocol "clusters" is now configured.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Server> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242787> <BEA-002622> <The protocol "snmp" is now configured.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Server> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242788> <BEA-002622> <The protocol "admin" is now configured.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Server> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242788> <BEA-002624> <The administration protocol is "t3s" and is now configured.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <RJVM> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242802> <BEA-000570> <Network Configuration for Channel "bi_server1"
Listen Address AUHSPDC03OBIAP2:9804 (SSL)
Public Address N/A
Http Enabled true
Tunneling Enabled true
Outbound Enabled false
Admin Traffic Enabled true>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Server> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242831> <BEA-002609> <Channel Service initialized.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Socket> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242853> <BEA-000415> <System has file descriptor limits of - soft: 4,096, hard: 4,096>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Socket> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242853> <BEA-000416> <Using effective file descriptor limit of: 4,096 open sockets/files.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Socket> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242853> <BEA-000406> <PosixSocketMuxer was built on Apr 24 2007 16:05:00>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Socket> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242878> <BEA-000436> <Allocating 4 reader threads.>
####<Apr 29, 2014 6:20:42 PM GST> <Info> <Socket> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781242879> <BEA-000446> <Native IO Enabled.>
####<Apr 29, 2014 6:20:43 PM GST> <Info> <IIOP> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781243056> <BEA-002014> <IIOP subsystem enabled.>
####<Apr 29, 2014 6:21:13 PM GST> <Info> <Security> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781273079> <BEA-090894> <Successfully loaded the OPSS Policy Provider using oracle.security.jps.internal.policystore.JavaPolicyProvider.>
####<Apr 29, 2014 6:21:13 PM GST> <Info> <Security> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781273641> <BEA-000000> <Starting OpenJPA 1.1.1-SNAPSHOT>
####<Apr 29, 2014 6:21:14 PM GST> <Info> <Security> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781274003> <BEA-000000> <StoreServiceImpl.initJDO - StoreService is initialized with Id = ldap_k2qDRpL7zl4bwzJMUfuX1cN+738=>
####<Apr 29, 2014 6:21:14 PM GST> <Info> <Security> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781274363> <BEA-090516> <The Authorizer provider has preexisting LDAP data.>
####<Apr 29, 2014 6:21:14 PM GST> <Info> <Security> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781274872> <BEA-090516> <The CredentialMapper provider has preexisting LDAP data.>
####<Apr 29, 2014 6:21:14 PM GST> <Info> <Security> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781274888> <BEA-090516> <The RoleMapper provider has preexisting LDAP data.>
####<Apr 29, 2014 6:21:15 PM GST> <Info> <Security> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781275099> <BEA-090093> <No pre-WLS 8.1 Keystore providers are configured for server bi_server1 for security realm myrealm.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781275100> <BEA-090082> <Security initializing using security realm myrealm.>
####<Apr 29, 2014 6:21:15 PM GST> <Critical> <Security> <AUHSPDC03OBIAP2> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1398781275125> <BEA-090402> <Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
####<Apr 29, 2014 6:21:15 PM GST> <Critical> <WebLogicServer> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275126> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:959)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:251)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy36.login(Unknown Source)
at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy54.authenticate(Unknown Source)
at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:929)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275253> <BEA-090171> <Loading the identity certificate and private key stored under the alias DemoIdentity from the jks keystore file /u01/app/obiee/wlserver_10.3/server/lib/DemoIdentity.jks.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275282> <BEA-090169> <Loading trusted certificates from the jks keystore file /u01/app/obiee/wlserver_10.3/server/lib/DemoTrust.jks.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275289> <BEA-090169> <Loading trusted certificates from the jks keystore file /u01/app/obiee/Oracle_BI1/jdk/jre/lib/security/cacerts.>
####<Apr 29, 2014 6:21:15 PM GST> <Alert> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275470> <BEA-090152> <Demo trusted CA certificate is being used in production mode: [
Version: V3
Subject: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 512 bits
modulus: 9550192877869244258838480703390456015046425375252278279190673063544122510925482179963329236052146047356415957587628011282484772458983977898996276815440753
public exponent: 65537
Validity: [From: Fri Mar 22 00:12:27 GST 2002,
To: Wed Mar 23 00:12:27 GST 2022]
Issuer: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
SerialNumber: [ 33f10648 fcde0deb 4199921f d64537f4]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Algorithm: [MD5withRSA]
Signature:
0000: 9D 26 4C 29 C8 91 C3 A7 06 C3 24 6F AE B4 F8 82 .&L)......$o....
0010: 80 4D AA CB 7C 79 46 84 81 C4 66 95 F4 1E D8 C4 .M...yF...f.....
0020: E9 B7 D9 7C E2 23 33 A4 B7 21 E0 AA 54 2B 4A FF .....#3..!..T+J.
0030: CB 21 20 88 81 21 DB AC 90 54 D8 7D 79 63 23 3C .! ..!...T..yc#<
] The system is vulnerable to security attacks, since it trusts certificates signed by the demo trusted CA.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275506> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275516> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275527> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275529> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275536> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275539> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275544> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275561> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275568> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Info> <WebLogicServer> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275581> <BEA-000307> <Exportable key maximum lifespan set to 500 uses.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275602> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275611> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275619> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275621> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275627> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275628> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275632> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275646> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <Security> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275651> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <WebLogicServer> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275833> <BEA-000365> <Server state changed to FAILED>
####<Apr 29, 2014 6:21:15 PM GST> <Error> <WebLogicServer> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275834> <BEA-000383> <A critical service failed. The server will shut itself down>
####<Apr 29, 2014 6:21:15 PM GST> <Notice> <WebLogicServer> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275839> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
####<Apr 29, 2014 6:21:15 PM GST> <Info> <WebLogicServer> <AUHSPDC03OBIAP2> <bi_server1> <main> <<WLS Kernel>> <> <> <1398781275857> <BEA-000236> <Stopping execute threads.> -
Is it possible to change encryption keystore more than once??
It seems that once my environment has been informed of a keystore to use for ssl communication, it can't be changed. Is this so?
I need to be able to do the following:
1) Set a keystore for ssl communicaton
2) Establish an ssl connection, (send and receive stuff), and end the connection.
3) CHANGE THE KEYSTORE TO SOME OTHER THAN THAT USED IN STEP ONE.
4) Repeat. step 2.
However, step 3 seems to fail. The properties are set, but in step 4 the server STILL reports that the client is using the PREVIOUS key for encryption.
Is there a way to FORCE it to change?
Thank you in advance for your consideration.
Here's some of the code:
======================================================
Methods for beginning and ending session:
public String start_session(File client_hashcode_file)
throws Exception
try {
sslsocketfactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
m_ssl_socket = (SSLSocket)sslsocketfactory.createSocket(m_server_host, m_server_port);
m_ssl_socket.startHandshake(); //Added this to see if it would force the change
m_socket_writer = new BufferedWriter(new OutputStreamWriter(m_ssl_socket.getOutputStream()));
m_socket_reader = new BufferedReader(new InputStreamReader(m_ssl_socket.getInputStream()));
catch (Exception e) {
throw new Exception("Server connection failed: [" + e.getMessage() + "]");
// Process, process, process......
public void
end_session()
throws java.io.IOException
m_ssl_socket.getSession().getSessionContext().setSessionTimeout(1);
m_ssl_socket.getSession().invalidate();
m_ssl_socket.close();
=========================================================
Method to set/REset keystore:
public void newCert(String keystorePath, char[] passwd)
throws KeyStoreAccessException
// Set some stuff...
// Set the system properties required to use this certificate for
// client authentication.
the_properties.setProperty("javax.net.ssl.keyStore", keystorePath);
the_properties.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
the_properties.setProperty("javax.net.ssl.keyStorePassword", password);
// Set some other stuff...
}Not via system properties. You could code something up using your own TrustStoreManager.
-
Communication channel reports error after system restart.
Hello,
We have third party adapter Aria installed in our PI 7.1 system and whenever systems is restarted interface is reporting errors
in default trace and communication dies. but after we manually activate each time it works properly.
Is anyone had similiar issue ?
Our env. PI 7.1 Sp6 on AIX 5.3 with Oracle 10g
1.5^H#DAD940003002003700000019000C1090472DA00666EED4D9#1245188236500#
com.sap.engine.core.thread.execution.ExecutorImpl##com.sap.eng
ine.core.thread.execution.ExecutorImpl####n.a.##416c9f105abd11deb4e9dad940003002#
System [43]##0#0#Warning##Plain###Too big value[100
0] specified for maxConcurrency argument on Executor [Thread
forcom.sap.ip.bi.sdk.dac.connector.sapq.rarresource adapter] creation.
Allowed max concurrency rate for every Executor is not more than 30% of
the total thread pool capacity [60]. Thread Management will
lower the max concurrency rate of this executor to [18]. Config tool
can be used to increase the value of ApplicationThreadManager p
roperty [ExecutorPoolMaxSize] to reach higher quota for Executor
concurrency. Switch the severity of this location to DEBUG to see t
he stack trace of the executor creation.#
#1.5^H#DAD940003002003500000017000C1090472DA00666EED4D9#1245188480930#System.err##
System.err#J2EE_GUEST#101##n.a.##6a74c5905abd11de9
dacdad940003002#Application [45]##0#0#Error##Plain###Jun 16, 2009
4:41:20 PM org.apache.commons.httpclient.HttpMethodDirector execut
eWithRetry
INFO: I/O exception (java.io.IOException) caught when processing
request: Invalid keystore format
#1.5^H#DAD940003002003500000018000C1090472DA00666EED4D9#1245188480933#System.err##
System.err#J2EE_GUEST#101##n.a.##6a74c5905abd11de9
dacdad940003002#Application [45]##0#0#Error##Plain###Jun 16, 2009
4:41:20 PM org.apache.commons.httpclient.HttpMethodDirector execut
eWithRetry
INFO: Retrying request
#1.5^H#DAD940003002003500000019000C1090472DA00666EED4D9#1245188480938#System.err##
System.err#J2EE_GUEST#101##n.a.##6a74c5905abd11de9
dacdad940003002#Application [45]##0#0#Error##Plain###Jun 16, 2009
4:41:20 PM org.apache.commons.httpclient.HttpMethodDirector execut
eWithRetry
INFO: Retrying request
#1.5^H#DAD94000300200350000001B000C1090472DA00666EED4D9#1245188480943#System.err##System.err#
J2EE_GUEST#101##n.a.##6a74c5905abd11de9
dacdad940003002#Application [45]##0#0#Error##Plain###Jun 16, 2009
4:41:20 PM org.apache.commons.httpclient.HttpMethodDirector execut
eWithRetry
INFO: I/O exception (java.io.IOException) caught when processing
request: Invalid keystore format
#1.5^H#DAD94000300200350000001C000C1090472DA00666EED4D9#1245188480944#System.err##System.err#
J2EE_GUEST#101##n.a.##6a74c5905abd11de9
dacdad940003002#Application [45]##0#0#Error##Plain###Jun 16, 2009
4:41:20 PM org.apache.commons.httpclient.HttpMethodDirector execut
eWithRetry
INFO: Retrying request
#1.5^H#DAD94000300200350000001D000C1090472DA00666EED4D9#1245188480948#
com.ariba.asc.connector.exception.util.ExceptionMgr##com.ariba
.asc.connector.exception.util.ExceptionMgr.handleError(Exception e,
ChannelProfile cp)#J2EE_GUEST#101##n.a.##6a74c5905abd11de9dacdad
940003002#Application [45]##0#0#Error##Plain###
[CC_AdvanceShipNotice_cXML_Sender_2] [Error Level] 2[Error Code] ECC103[Error Desc]
Ariba SN Not Available[Error Message] Cannot connect to Ariba
SNcom.ariba.asc.connector.exception.AribaSNException: Cannot connect t
o Ariba SN
at com.ariba.asc.connector.cxml.util.CXMLSender.sendRequest
(CXMLSender.java:207)
at com.ariba.asc.connector.cxml.util.CXMLSender.sendCXMLRequest
(CXMLSender.java:122)
at
com.ariba.asc.connector.controller.action.ProfileUpdateAction.sendProfileRequest(ProfileUpdateAction.java:167)
at
com.ariba.asc.connector.controller.action.ProfileUpdateAction.updateProfile(ProfileUpdateAction.java:142)
at
com.ariba.asc.connector.controller.action.ProfileUpdateAction.updateChannelProfile(ProfileUpdateAction.java:110)
at
com.ariba.asc.connector.controller.action.ProfileUpdateAction.perform
(ProfileUpdateAction.java:72)
at com.ariba.asc.connector.controller.ScheduleTaskMgr.run
(ScheduleTaskMgr.java:88)
at com.sap.engine.core.thread.impl3.ActionObject.run
(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute
(SingleThread.java:152)
at com.sap.engine.core.thread.impl3.SingleThread.run
(SingleThread.java:247)
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad
(JavaKeyStore.java:632)
at java.security.KeyStore.load(KeyStore.java:1150)
at
com.ariba.asc.connector.cxml.util.AuthSSLProtocolSocketFactory.createKeyStore(AuthSSLProtocolSocketFactory.java:218)
at
com.ariba.asc.connector.cxml.util.AuthSSLProtocolSocketFactory.createSSLContext(AuthSSLProtocolSocketFactory.java:275)
at
com.ariba.asc.connector.cxml.util.AuthSSLProtocolSocketFactory.getSSLContext(AuthSSLProtocolSocketFactory.java:300)
at
com.ariba.asc.connector.cxml.util.AuthSSLProtocolSocketFactory.createSocket(AuthSSLProtocolSocketFactory.java:315)
at
com.ariba.asc.connector.cxml.util.AuthSSLProtocolSocketFactory.createSocket(AuthSSLProtocolSocketFactory.java:384)
at org.apache.commons.httpclient.HttpConnection.open
(HttpConnection.java:704)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry
(HttpMethodDirector.java:384)
at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod
(HttpMethodDirector.java:170)
at org.apache.commons.httpclient.HttpClient.executeMethod
(HttpClient.java:396)
at org.apache.commons.httpclient.HttpClient.executeMethod
(HttpClient.java:324)
at com.ariba.asc.connector.cxml.util.CXMLSender.sendRequest
(CXMLSender.java:169)
... 10 moreHi
In visual Admin check for that particular Adapter Service there would be a parameter which has to be set as boolean (true) , am not sure , actually it is present in rest of adapter , kindly check
lemme know if any parameters present
rgds
srini -
ERROR: user is not configured for keystore 'service_ssl'
hi experts:
System environment:
pi7.0 j2ee sp09
ECC6.0 patch level11
Here is my scenarios..
ECC6.0-->(IDOC)XI(CIDX)--
>External system.
External system-->(CIDX)XI(IDOC)--
>ECC6.0
1.we have got there certificates from external system (rootCA.DER,intermedia.DER,Server.DER), imported the 3 certs files to TrustedCAs view using VA tool after we configured the SSL enable.
2.We generated the CSR file and got the response from CA. we import the CSR response to SERVICE_SSL service
3.I have assigned the role(keystoreadministrator) to user(PIAFUSER,PIAPPLUSER) in security provide service.
4.I configured the IR and ID for the first sceniro. I Selected the "service_ssl" view and "TrustedCAs" view in received agreement in ID, and selected the "service_ssl" view in comunication channeland. actived all of them.
issue :
as soon I trigger the message to external. It is OK in monitor for processed XML Message.
BUT I got the error message in runtime workbench/adapter engine/communication channel mornitoring.
Channel Name: Buyer_Send_OrderChange
Receiver Agreement: |com_sap_abap_r3_200|Sell_elemic|CIDX_E45_20_seller|OrderChange
Security Settings > Current certificate configured for signing:
ERROR: user is not configured for keystore 'service_ssl'
Security Settings > Partner certificate configured for signing:
ERROR: user is not configured for keystore 'TrustedCAs'
Thanks!!.The question have been solved ..
thanks!
xixi -
Failed to connect to VMware web service: Invalid keystore
Hi,
We have a CPO 2.3.1 that refuses to connect to vCenter (see log extract at the end of the post).
We recently changed our vCenter server (part of an update to 5.1).
We tried following workarounds:
remove and add all platform elements from the portal using SE services
re import automation packs (the 4 from the Starter Edition v2.3.1.38)
re set the keystore password
No change at all...
Would you have a clue on how to correct that?
Thank you.
Regards,
Pierre
||235|2012/10/02 15:46:21.667|6072||||WCF: <TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Error"><TraceIdentifier>http://msdn.microsoft.com/en-US/library/System.ServiceModel.Diagnostics.TraceHandledException.aspx</TraceIdentifier><Description>Handling an exception.</Description><AppDomain>Tidal.Automation.Server.exe</AppDomain><Exception><ExceptionType>Tidal.Scheduler.Common.Communications.CommunicationException, Tidal.Scheduler.Common, Version=2.3.0.0, Culture=neutral, PublicKeyToken=fba593b23cf207cd</ExceptionType><Message>The attempt to connect to (VMware vCenter Server (603)@VMware vCenter Server (603)) has failed due to following error: Failed to connect to VMware web service: Invalid keystore.</Message><StackTrace> at Tidal.Automation.Server.JavaAdapterBase.PerformServerAssistedOperation(ServerAssistedOperation operation, TargetConfiguration target, RuntimeUserConfiguration runtimeUser)
at Tidal.Automation.Server.JavaAdapterBase.PerformServerAssistedOperation(ServerAssistedOperation operation)
at Tidal.Automation.Engine.Core.Adapter.SuspendableAdapter.&lt;&gt;c__DisplayClass1c.&lt;PerformServerAssistedOperation&gt;b__1b(IAdapter adapter)
at Tidal.Automation.Engine.Core.AdapterLifecycleManager.PerformAdapterAction(Guid adapterId, AdapterAction action, Boolean haltingAction, Int32 remainingRetries)
at Tidal.Automation.Engine.Core.AdapterLifecycleManager.PerformAdapterAction(Guid adapterId, AdapterAction action, Boolean haltingAction)
at Tidal.Automation.Engine.Core.AdapterLifecycleManager.PerformAdapterAction(Guid adapterId, AdapterAction action)
at Tidal.Automation.Engine.Core.Adapter.SuspendableAdapter.PerformServerAssistedOperation(ServerAssistedOperation operation)
at Tidal.Automation.Engine.Core.AdapterSystem.PerformServerAssistedOperation(ServerAssistedOperation operation)
at Tidal.Automation.Server.WebService.AdapterService.PerformServerAssistedOperation(ServerAssistedOperation operation)
at SyncInvokePerformServerAssistedOperation(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp; outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)</StackTrace><ExceptionString>Tidal.Scheduler.Common.Communications.CommunicationException: The attempt to connect to (VMware vCenter Server (603)@VMware vCenter Server (603)) has failed due to following error: Failed to connect to VMware web service: Invalid keystore.
at Tidal.Automation.Server.JavaAdapterBase.PerformServerAssistedOperation(ServerAssistedOperation operation, TargetConfiguration target, RuntimeUserConfiguration runtimeUser)
at Tidal.Automation.Server.JavaAdapterBase.PerformServerAssistedOperation(ServerAssistedOperation operation)
at Tidal.Automation.Engine.Core.Adapter.SuspendableAdapter.&lt;&gt;c__DisplayClass1c.&lt;PerformServerAssistedOperation&gt;b__1b(IAdapter adapter)
at Tidal.Automation.Engine.Core.AdapterLifecycleManager.PerformAdapterAction(Guid adapterId, AdapterAction action, Boolean haltingAction, Int32 remainingRetries)
at Tidal.Automation.Engine.Core.AdapterLifecycleManager.PerformAdapterAction(Guid adapterId, AdapterAction action, Boolean haltingAction)
at Tidal.Automation.Engine.Core.AdapterLifecycleManager.PerformAdapterAction(Guid adapterId, AdapterAction action)
at Tidal.Automation.Engine.Core.Adapter.SuspendableAdapter.PerformServerAssistedOperation(ServerAssistedOperation operation)
at Tidal.Automation.Engine.Core.AdapterSystem.PerformServerAssistedOperation(ServerAssistedOperation operation)
at Tidal.Automation.Server.WebService.AdapterService.PerformServerAssistedOperation(ServerAssistedOperation operation)
at SyncInvokePerformServerAssistedOperation(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp; outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)</ExceptionString></Exception></TraceRecord>
||236|2012/10/02 15:46:21.667|6072||||An exception that was not of type RhapsodyException was caught while a webmethod call was being made. This exception has been caught and genericized.
||237|2012/10/02 15:46:21.667|6072||||EXCEPTION (Tidal.Scheduler.Common.Communications.CommunicationException): The attempt to connect to (VMware vCenter Server (603)@VMware vCenter Server (603)) has failed due to following error: Failed to connect to VMware web service: Invalid keystore.
Stack Trace: at Tidal.Automation.Server.JavaAdapterBase.PerformServerAssistedOperation(ServerAssistedOperation operation, TargetConfiguration target, RuntimeUserConfiguration runtimeUser)
at Tidal.Automation.Server.JavaAdapterBase.PerformServerAssistedOperation(ServerAssistedOperation operation)
at Tidal.Automation.Engine.Core.Adapter.SuspendableAdapter.<>c__DisplayClass1c.<PerformServerAssistedOperation>b__1b(IAdapter adapter)
at Tidal.Automation.Engine.Core.AdapterLifecycleManager.PerformAdapterAction(Guid adapterId, AdapterAction action, Boolean haltingAction, Int32 remainingRetries)
at Tidal.Automation.Engine.Core.AdapterLifecycleManager.PerformAdapterAction(Guid adapterId, AdapterAction action, Boolean haltingAction)
at Tidal.Automation.Engine.Core.AdapterLifecycleManager.PerformAdapterAction(Guid adapterId, AdapterAction action)
at Tidal.Automation.Engine.Core.Adapter.SuspendableAdapter.PerformServerAssistedOperation(ServerAssistedOperation operation)
at Tidal.Automation.Engine.Core.AdapterSystem.PerformServerAssistedOperation(ServerAssistedOperation operation)
at Tidal.Automation.Server.WebService.AdapterService.PerformServerAssistedOperation(ServerAssistedOperation operation)
at SyncInvokePerformServerAssistedOperation(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)You have an invalid keystore file because the HTTPS certification has changed. You need to delete the old keystore file and restart the CPO server and then reconnect/run something against vCenter.
There is also a possibility for Adatper Host Framework/java issues that I have seen commonly.
If you need more help, you'll need to open a TAC case with your services contract please. We normally try to not troubleshoot logs on the forums.
-Shaun Roberts
CIAC/CPO Support Team Lead
[email protected] -
Air 2.0 NativeProcess Communication Problem
Hello,
I'm working on an AIR 2 application (a packager for air applications into *.exe). One of the options in the application is to check the validity of certificate's password. I'm using standardOutput method:
private function checkCertPass():void{
file = new File();
file.nativePath = "C:/WINDOWS/system32/"
file = file.resolvePath("cmd.exe");
nativeProcessStartupInfo = new NativeProcessStartupInfo();
var processArgs:Vector.<String> = new
Vector.<String>;
processArgs.push(javaPath.text);
processArgs.push("-jar");
processArgs.push(adtPath.text);
processArgs.push("-checkstore");
processArgs.push("-storetype");
processArgs.push("pkcs12");
processArgs.push("-keystore");
processArgs.push(certPath.text);
processArgs.push("-storepass");
processArgs.push(passField.text);
nativeProcessStartupInfo.arguments = processArgs;
nativeProcessStartupInfo.executable = file;
nativeProcess = new NativeProcess();
nativeProcess.addEventListener(ProgressEvent.STANDARD_OUTPUT_DATA,
onCertOutputData);
nativeProcess.start(nativeProcessStartupInfo);
private function onCertOutputData(event:ProgressEvent):void{
var certResponse:String = new String();
certResponse =
nativeProcess.standardOutput.readUTFBytes(nativeProcess.standardOutput.bytesAvailable);
trace(certResponse);
outputField.enabled = true;
outputField.text += certResponse;
if(certResponse.substr(0,5) == "valid"){
trace("Correct password!");
exeField.enabled = true;
nativeProcess.removeEventListener(ProgressEvent.STANDARD_OUTPUT_DATA,
onCertOutputData);
nativeProcess.exit();
}else{
trace("Incorrect password! Error...");
exeField.enabled = false;
nativeProcess.removeEventListener(ProgressEvent.STANDARD_OUTPUT_DATA,
onCertOutputData);
nativeProcess.exit();
but I cannot establish communication i.e. all I receive after performing the code above is:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Program Files\Adobe\Flex Builder 3>
What is wrong with this code? Why I can't receive the response?
Thanks in advance,
NikolaOkay Take 2:
<?xml version="1.0" encoding="utf-8"?>
<mx:WindowedApplication xmlns:mx="http://www.adobe.com/2006/mxml" layout="vertical">
<mx:Script>
<![CDATA[
private var nativeProcess:NativeProcess;
private function onGo() : void {
outputField.text = "";
var file:File = new File("C:\\Program Files\\Java\\jdk1.6.0_20\\bin\\java.exe");
var processArgs:Vector.<String> = new Vector.<String>;
processArgs.push("-jar");
processArgs.push("C:\\Documents and Settings\\cthilgen\\Desktop\\sdk_0512\\lib\\adt.jar");
processArgs.push("-checkstore");
processArgs.push("-storetype");
processArgs.push("pkcs12");
processArgs.push("-keystore");
processArgs.push("C:\\Documents and Settings\\cthilgen\\Desktop\\cert-test\\test.p12"); // password is 'testpass'
processArgs.push("-storepass");
processArgs.push(passField.text);
var nativeProcessStartupInfo:NativeProcessStartupInfo = new NativeProcessStartupInfo();
nativeProcessStartupInfo.arguments = processArgs;
nativeProcessStartupInfo.executable = file;
nativeProcess = new NativeProcess();
nativeProcess.addEventListener(ProgressEvent.STANDARD_ERROR_DATA,onCertOutputData);
nativeProcess.start(nativeProcessStartupInfo);
private function onCertOutputData(event:ProgressEvent) : void {
var certResponse:String = new String();
certResponse = nativeProcess.standardError.readUTFBytes(nativeProcess.standardError.bytesAvailable);
trace(certResponse);
outputField.text += certResponse;
if ( certResponse.substr(0,5) == "valid") {
trace("Correct password!");
nativeProcess.removeEventListener(ProgressEvent.STANDARD_ERROR_DATA,onCertOutputData);
nativeProcess.exit();
} else {
trace("Incorrect password! Error...");
nativeProcess.removeEventListener(ProgressEvent.STANDARD_ERROR_DATA,onCertOutputData);
nativeProcess.exit();
]]>
</mx:Script>
<mx:Button label="go" click="onGo()" />
<mx:TextInput id="passField"/>
<mx:TextArea id="outputField" width="100%" height="100%"/>
</mx:WindowedApplication>
Please let me know if this gets you sorted.
Thanks,
Chris Thilgen
AIR Engineering -
Use a different KeyStore type for the SSL keystore
i use SUN Application Server PE 8 (with the included JDK 1.4.2) on Windows XP.
i want to configure a HTTP listener in a way that it uses the private key and certificate for SSL from a different keystore. the keystore is a PKCS11 keystore from an IAIK PKCS#11 Provider.
i know how to configure a HTTP listener using SSL (HTTPS) in principle. i get it working using a JKS keystore, i.e. the format of the SUN file keystore.
i added a new JCE provider (i.e. the IAIK PKCS#11 Provider) to the underlying JDK in the java.security file (i am quite familiar with JCA/JCE stuff). i added it in a way which works with JSSE and Java 1.4 in other stand-alone applications.
then i modified the SSL settings of that listener to use the name of my private key in my keystore. the entry in the domain.xml looks like this.
<http-listener acceptor-threads="100" address="0.0.0.0" default-virtual-server="server" enabled="true" id="http-listener-2" port="1053" security-enabled="true" server-name="" xpowered-by="true">
<ssl cert-nickname="CN=testcomputer1,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT" client-auth-enabled="false" ssl2-enabled="false" ssl3-enabled="true" ssl3-tls-ciphers="+rsa_rc4_128_md5,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_des_56_sha,-rsa_rc4_56_sha" tls-enabled="true" tls-rollback-enabled="true"/>
</http-listener>
in addition i changed a JVM option and added two new ones to configure JSSE to use the correct key store
<jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/pkcs11keystore.p11</jvm-options>
<jvm-options>-Djavax.net.ssl.keyStorePassword=1234</jvm-options>
<jvm-options>-Djavax.net.ssl.keyStoreType=PKCS11</jvm-options>
when i tried to start the server, i got an error from the ORB. it looked like this:
[#|2005-08-12T10:39:53.615+0200|WARNUNG|sun-appserver-pe8.0.0_01|javax.enterprise.system.stream.err|_ThreadID=10;|java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.commons.launcher.ChildMain.run(ChildMain.java:269)
Caused by: java.lang.ExceptionInInitializerError
at com.sun.enterprise.iiop.IIOPSSLSocketFactory.init(IIOPSSLSocketFactory.java:216)
at com.sun.enterprise.iiop.IIOPSSLSocketFactory.<init>(IIOPSSLSocketFactory.java:129)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at java.lang.Class.newInstance0(Class.java:308)
at java.lang.Class.newInstance(Class.java:261)
at com.sun.corba.ee.impl.orb.ParserTable$3.operate(ParserTable.java:460)
at com.sun.corba.ee.impl.orb.NormalParserAction.apply(NormalParserAction.java:22)
at com.sun.corba.ee.spi.orb.PropertyParser.parse(PropertyParser.java:52)
at com.sun.corba.ee.spi.orb.ParserImplBase.init(ParserImplBase.java:56)
at com.sun.corba.ee.impl.orb.ORBDataParserImpl.<init>(ORBDataParserImpl.java:339)
at com.sun.corba.ee.impl.orb.ORBImpl.postInit(ORBImpl.java:421)
at com.sun.corba.ee.impl.orb.ORBImpl.set_parameters(ORBImpl.java:498)
at org.omg.CORBA.ORB.init(ORB.java:337)
at com.sun.enterprise.util.ORBManager.createORB(ORBManager.java:343)
at com.sun.enterprise.util.ORBManager.init(ORBManager.java:230)
at com.sun.enterprise.server.J2EEServer.createORB(J2EEServer.java:336)
at com.sun.enterprise.server.J2EEServer.run(J2EEServer.java:180)
at com.sun.enterprise.server.J2EEServer.main(J2EEServer.java:600)
at com.sun.enterprise.server.ApplicationServer.onInitialization(ApplicationServer.java:232)
at com.sun.enterprise.server.PEMain.run(PEMain.java:210)
at com.sun.enterprise.server.PEMain.main(PEMain.java:172)
... 5 more
Caused by: java.lang.IllegalStateException: Invalid keystore format
at com.sun.enterprise.security.SSLUtils.<clinit>(SSLUtils.java:68)
... 29 more
|#]
i thought it uses the same keystore. thus, i changed the NickName in the SSL configuration of the ORB listeners to use the same key. this did not solve the problem. then i tried to remove all SSL-enabled listeners for the ORB. the ORB should not use SSL at all. however, this did not help either. i get the same error. it seems that there is some code involved here which prevents using a different key store type.
can anyone help solving this problem, or at least finding the actual reason? one does not need a hardawre keystore to reproduce this problem. using a PKCS#12 keystore produces the same error; i.e. change the keystore type to "PKCS12" (implemented in the SUN JSSE provider) and the keystore file and password accordingly. i tried this with the standard configuration of the JDK, i.e. without any additional JCE providers.
please tell me how i can use a different key store type for SSL (HTTPS).
KarlApplication Server PE only supports "JKS" format. If you are interested in support for other formats, please submit a request for enhancement on project glassfish (Open Source application server) http://glassfish.dev.java.net.
If you have time, you might want to checkout and look at the source in glassfish/appserv-core/src/java/com/sun/enterprise/security/SecuritySupportImpl.java.
You should be able to fix it on your own.
Hope this helps, -
Working with JSSE using multi-purpose keystore
Hello,
I am currently working on an application which employs the JCA for providing signatures, authenticating users etc., but also working with JSSE.
More specifically: The application must be able to verify signatures on code packages created by known users and loaded at runtime; but for communication with other parts of the application, it shall use SSL connections.
Now I worked through the JSSE manuals and I was able to set up a simple SSL application with client and server, using all the getDefaults() I could get a hold on.
In the final application that I am working on, I will have a keystore with quite a lot of keys from users, public and possibly private ones, and also a key for the SSL communication. I have the strong feeling that I will not see many getDefault()s anymore.
My problem is that by looking at the API, I don't have any clue how to tell the JSSE which key to use for the SSL connection from the keystore holding possibly many keys of users.
Moreover, how do I pass the passphrase for unlocking the private key to the JSSE if it is not equal to the keystore password? (Which, by the way, seems to me to require passing via the command line - argh!)
Help would be greatly appreciated.
MichaelI've got it.
The secret is to create an own X509KeyManager. This key manager gets its keys from the keystore, so I have the chance to provide an alias which is intended to be used for SSL and to provide the key password.
public class SpecialX509KeyManager implements X509KeyManager {
public SpecialX509KeyManager(KeyStore keys, String sSSLAlias, String sPassword) {
// browse the keystore,
// get the key which has the given alias - and only this one -
// and use the password to decrypt it
// keep the key and its certificate chain
The keystore must be loaded before, using the keystore password:
KeyStore keys = KeyStore.getInstance("JKS");
keys.load(new FileInputStream("server.ks"), "keystorepw".toCharArray());
KeyManager[] akm = new KeyManager[1];
akm[0] = new SpecialX509KeyManager(keys, "ssl", "ssl012");
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(akm, null, null);
SSLServerSocketFactory sslSrvFact = sc.getServerSocketFactory();
That is, I have a keystore, using the password "keystorepw", containing keys with one using the alias "ssl" and the password "ssl012".
Michael -
Enabling SSL using Demo keystores
Hi All,
I am trying to enable SSL for SOA server managed by a weblogic server. I have followed the steps in documentation correctly still I am not able to start the SSL. I run the debug mode for the SSL and here is my log file. Any pointers regarding this will be useful
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124544> <BEA-000000> <SSLContextManager: initializing SSL context for channel DefaultSecure>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124544> <BEA-000000> <SSL enableUnencryptedNullCipher= false>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124544> <BEA-000000> <SSLContextManager: loading server SSL identity>
####<May 5, 2010 2:15:24 PM IST> <Notice> <Security> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1273049124544> <BEA-090171> <Loading the identity certificate and private key stored under the alias DemoIdentity from the jks keystore file C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\DemoIdentity.jks.>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Loaded public identity certificate chain:>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=CALTP8BB14, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US; Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
####<May 5, 2010 2:15:24 PM IST> <Notice> <Security> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1273049124560> <BEA-090169> <Loading trusted certificates from the jks keystore file C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\DemoTrust.jks.>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <SSLContextManager: loaded 4 trusted CAs from C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\DemoTrust.jks>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US; Issuer: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: [email protected], CN=Demo Certificate Authority Constraints, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US; Issuer: [email protected], CN=Demo Certificate Authority Constraints, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: [email protected], CN=Demo Certificate Authority Constraints, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US; Issuer: [email protected], CN=Demo Certificate Authority Constraints, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US; Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US>
####<May 5, 2010 2:15:24 PM IST> <Notice> <Security> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1273049124560> <BEA-090169> <Loading trusted certificates from the jks keystore file C:\Oracle\MIDDLE~1\JDK160~1\jre\lib\security\cacerts.>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <SSLContextManager: loaded 63 trusted CAs from C:\Oracle\MIDDLE~1\JDK160~1\jre\lib\security\cacerts>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE; Issuer: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US; Issuer: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP; Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US; Issuer: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US; Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US; Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA; Issuer: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE; Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network; Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU; Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US; Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE; Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US; Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA; Issuer: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE; Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US; Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE; Issuer: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE; Issuer: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network; Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US; Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US; Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US; Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA; Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US; Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE; Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net; Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US; Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US; Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US; Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US; Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH; Issuer: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP; Issuer: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP>The other half of log file is as follows:
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA; Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US; Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net; Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2; Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US; Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US; Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU; Issuer: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US; Issuer: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB; Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH; Issuer: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE; Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US; Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU; Issuer: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US; Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net; Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US; Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US; Issuer: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE; Issuer: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=Sonera Class2 CA, O=Sonera, C=FI; Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US; Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US; Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US; Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA; Issuer: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE; Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=Sonera Class1 CA, O=Sonera, C=FI; Issuer: CN=Sonera Class1 CA, O=Sonera, C=FI>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA; Issuer: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH; Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US; Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US; Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US; Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273049124560> <BEA-000000> <Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US; Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US>
####<May 5, 2010 2:15:24 PM IST> <Info> <WebLogicServer> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1273049124607> <BEA-000307> <Exportable key maximum lifespan set to 500 uses.>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <DynamicSSLListenThread[DefaultSecure] 21 cipher suites enabled:>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_RSA_WITH_RC4_128_MD5>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_RSA_WITH_RC4_128_SHA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_RSA_WITH_AES_128_CBC_SHA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_RSA_WITH_AES_256_CBC_SHA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_RSA_WITH_3DES_EDE_CBC_SHA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_RSA_WITH_DES_CBC_SHA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_DHE_RSA_WITH_DES_CBC_SHA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_RSA_EXPORT1024_WITH_RC4_56_SHA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_RSA_EXPORT_WITH_RC4_40_MD5>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_RSA_EXPORT_WITH_DES40_CBC_SHA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_DH_anon_WITH_3DES_EDE_CBC_SHA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_DH_anon_WITH_RC4_128_MD5>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_DH_anon_WITH_DES_CBC_SHA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_DH_anon_EXPORT_WITH_RC4_40_MD5>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_DHE_RSA_EXPORT_WITH_DES_40_CBC_SHA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_RSA_EXPORT_WITH_DES_40_CBC_SHA>
####<May 5, 2010 2:15:24 PM IST> <Debug> <SecuritySSL> <CALTP8BB14> <soa_server1> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1273049124622> <BEA-000000> <TLS_DH_anon_EXPORT_WITH_DES_40_CBC_SHA>
####<May 5, 2010 2:15:24 PM IST> <Notice> <Server> <CALTP8BB14> <soa_server1> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1273049124731> <BEA-002613> <Channel "DefaultSecure" is now listening on 10.227.32.125:8002 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.> -
Applet - keystore - certificate
We are migrating to Oracle IAS 9i, and Forms 10g. We use Jinitiator 1.3.1.18
for applet display and communication services.
The forms reference classes that are in a signed .jar file.
All is working correctly, but there are two issue that we have to overcome:
1. When jinitiator is installed on the client, the certificate is not installed
in the keystore on the client
2. We need a way to automatically update the client's java.policy file to restrict
read/write privileges to one directory on the client
We support customers all over the country and it is not feasible to install
these files on each client machine.
a. so we need a way to customize the jinitiator install to update on the
client our customized keystore and java.policy files.
Any help would be appreciated.
- Dale LeeWell, it has at least nothing to do with Tomcat (we have the same issues with BEA and Apache)
The thing is that the applet (or more specifically the jvm) does not have access to the browser keystore (unfortunately) I think this is one of the major issues Sun has to solve for applets to become a viable option in some B2B environments. What we did, is put the applet on a https url without certifcate based authentication and use the codebase param to tell the jvm where to load the applet.
Ronald -
OSB11g: Issue with nodemanager nmConnect after using custom keystore
Environment: OSB 11g ( 4 manages servers in cluster, 1 admin server)
Issue:
For interacting with Paycorp payment gateway, we have used custom identity and trust keystore. For that we have made changes in admin server and all managed servers in Keystore tab (in admin console) and added PaycorpPKI credential mapper in security realms -> myRealm -> Providers -> Credential Mapping.
Things are working fine for OSB code as we are able to connect to secured paycorp gateway by doing these steps.
BUT by doing these changes, the nodemanager command nmConnect('weblogic','welcome1','x.x.x.x',5556,'MyOSBDomain') is not able to connect to node manager.
The exception is:
wls:/offline> nmConnect('weblogic','welcome1','x.x.x.x',5556,'MyOSBDomain')
Connecting to Node Manager ...
<18/04/2011 4:46:26 PM EST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<18/04/2011 4:46:26 PM EST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<18/04/2011 4:46:26 PM EST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<18/04/2011 4:46:26 PM EST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<18/04/2011 4:46:26 PM EST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<18/04/2011 4:46:26 PM EST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<18/04/2011 4:46:26 PM EST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<18/04/2011 4:46:26 PM EST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<18/04/2011 4:46:26 PM EST> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer hostname-osb - x.x.x.x during SSL handshake.>
Traceback (innermost last):
File "<console>", line 1, in ?
File "<iostream>", line 123, in nmConnect
File "<iostream>", line 646, in raiseWLSTException
WLSTException: Error occured while performing nmConnect : Cannot connect to Node Manager. : [Security:090476]Invalid/unknown SSL header was received from peer hostname-osb - x.x.x.x during SSL handshake.
nodemanager.properties file
DomainsFile=/hta/vha/opt/app/osb11R1/wlserver_10.3/common/nodemanager/nodemanager.domains
LogLimit=0
PropertiesVersion=10.3
javaHome=/usr/jdk/instances/jdk1.6.0_21
AuthenticationEnabled=true
NodeManagerHome=/hta/vha/opt/app/osb11R1/wlserver_10.3/common/nodemanager
JavaHome=/usr/jdk/instances/jdk1.6.0_21/jre
LogLevel=INFO
DomainsFileEnabled=true
StartScriptName=startWebLogic.sh
ListenAddress=
NativeVersionEnabled=true
ListenPort=5556
LogToStderr=true
SecureListener=false
LogCount=1
StopScriptEnabled=false
QuitEnabled=false
LogAppend=true
StateCheckInterval=500
CrashRecoveryEnabled=false
StartScriptEnabled=true
LogFile=/hta/vha/opt/app/osb11R1/wlserver_10.3/common/nodemanager/nodemanager.log
LogFormatter=weblogic.nodemanager.server.LogFormatter
ListenBacklog=50
We did following steps to resolve this issue but in vain
S1. Changed Type to 'Plain' from 'SSL' in Machines -> osbMac01 -> Node Manager
S2. Changed SecureListener=true to SecureListener=false in nodemanager.properties
S3. kill the nodemanager and then start.
I guess there is some configuration in nodemanager.properties file that is creating this issue. Can anyone help with the same?
Thanks,
Sameer
Edited by: sameer h on Apr 18, 2011 7:09 PMSecureListener=falseYou have turned off secure listener for node manager, hence it will accepting 'plain' requests only and cant handle ssl handshakes
nmConnect('weblogic','welcome1','x.x.x.x',5556,'MyOSBDomain')Here you have left the 6th parameter to nmConnect as blank. The default in this case will be ssl and nmConnect is excepting ssl handshake response back from nodemanager, but nm cant reply ssl because it is not enabled.
Solution
1) Turn on Secure Listener = true. Then you can use this exact syntax for nmConnect.
2) Keep secure listener to false. use nmConnect() with all 6 parameters
nmConnect([username, password], [host], [port], [domainName], [domainDir] [nmType])
Pass 'plain' for the nmType attribute
Refer: http://download.oracle.com/docs/cd/E13222_01/wls/docs91/config_scripting/reference.html#1030962 -
KeyStore.deleteEntry deletes CA certs that are used in other entries
I think there is a problem with KeyStore deleteEntry wher it deletes more certs than it should do. I have a keystore (in this case a PKCS11 although I expect it will apply to file based keystores as well) with 2 entries:
IFMPROD_SIGN_008
IFMPROD_SIGN_007
all key entries are under the same CA hierarchy (issuing and root CA). I can use keytool to list with verbose and in each case see a nice 2 cert chain for each entry. I then use the deleteAlias to remove IFMPROD_SIGN_007 (either within a Java app or by running keytool -delete -alias). Then when I list my keystore again, IFMPROD_SIGN_008 is still there but the cert chain is missing i.e. each cert is shown on its own without the issuing and root CA certs. Using low leve tools I can see tha tthese CA certs have been removed.
Now this causes issues when trying to use these entries with e.g. SunJSSE client auth because the server hello mesage specifies the trusted root but the client hasn't got the full chain in the HSM anymore and bombs the ssl neg.
So I thought well I guesss I just need to import each ca cert on its own - except you cant do that with PKCS11 because root CA certs cannot be imported on their own into the HSM using keytool (although you can import them as a cert chain but thats a different story......
Here I have recreated it using keytool alone.
keytool -keystore NONE -storepass 123456 -storetype PKCS11 -list -v
Keystore type: PKCS11
Keystore provider: SunPKCS11-BTHSM
Your keystore contains 2 entries
Alias name: IFMPROD_SIGN_007
Entry type: keyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=CUS-GW-2002.intra.ifm.bt.com, OU=MSM, O=SMITHSBANK
Issuer: CN=TESTISSCA, OU=MSM, O=BT
Serial number: 1bc9d9a30000000002e6
Valid from: Fri Apr 30 08:37:17 GMT 2010 until: Sat Apr 30 08:37:17 GMT 2011
Certificate fingerprints:
MD5: 7A:77:2F:64:BB:CA:31:E7:55:5B:4E:8D:04:93:6B:21
SHA1: B5:0D:F5:A7:6F:11:31:12:00:CA:A1:B8:F5:DC:7B:6B:13:CD:68:36
Certificate[2]:
Owner: CN=TESTISSCA, OU=MSM, O=BT......
Issuer: CN=DEVROOTCA, OU=IFM, O=BT Syntegra, L=Fleet, ST=Hants, C=GB, EMAILADDRE
[email protected]
Serial number: 51e90a42000100000012
Valid from: Mon Nov 17 13:48:12 GMT 2008 until: Sun Mar 17 12:18:55 GMT 2024
Certificate fingerprints:
MD5: 66:E1:25:FA:CC:02:74:95:E9:A7:E6:A7:E9:32:DF:F1
SHA1: 07:47:3B:06:FB:11:E9:F5:94:99:1E:6E:7F:67:81:E1:63:A3:46:21
Certificate[3]:
Owner: CN=DEVROOTCA, OU=IFM, O=BT Syntegra, L=Fleet, ST=Hants, C=GB, EMAILADDRES
[email protected]
Issuer: CN=DEVROOTCA, OU=IFM, O=BT Syntegra, L=Fleet, ST=Hants, C=GB, EMAILADDRE
[email protected]
Serial number: 5c3ad550252cd1804d9b9d256ed9cbbd
Valid from: Wed Mar 17 12:03:38 GMT 2004 until: Sun Mar 17 12:18:55 GMT 2024
Certificate fingerprints:
MD5: 19:98:5A:49:6F:E6:94:73:B1:06:3F:07:E0:08:F0:D9
SHA1: 28:14:A1:F7:8B:89:2D:1A:A1:AB:AE:C7:17:01:BF:60:06:32:D6:1F
Alias name: IFMPROD_SIGN_008
Entry type: keyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=CUS-GW-2002.intra.ifm.bt.com, OU=MSM, O=SMITHSBANK
Issuer: CN=TESTISSCA, OU=MSM, O=BT
Serial number: 1be98fcd0000000002e8
Valid from: Fri Apr 30 09:11:55 GMT 2010 until: Sat Apr 30 09:11:55 GMT 2011
Certificate fingerprints:
MD5: 30:7B:7A:8A:4F:A0:5E:42:87:C6:ED:B3:A9:08:6A:74
SHA1: 82:C9:DB:66:DF:12:DB:5A:ED:46:B9:79:3B:20:68:83:97:8A:57:EC
Certificate[2]:
Owner: CN=TESTISSCA, OU=MSM, O=BT
Issuer: CN=DEVROOTCA, OU=IFM, O=BT Syntegra, L=Fleet, ST=Hants, C=GB, EMAILADDRE
[email protected]
Serial number: 51e90a42000100000012
Valid from: Mon Nov 17 13:48:12 GMT 2008 until: Sun Mar 17 12:18:55 GMT 2024
Certificate fingerprints:
MD5: 66:E1:25:FA:CC:02:74:95:E9:A7:E6:A7:E9:32:DF:F1
SHA1: 07:47:3B:06:FB:11:E9:F5:94:99:1E:6E:7F:67:81:E1:63:A3:46:21
Certificate[3]:
Owner: CN=DEVROOTCA, OU=IFM, O=BT Syntegra, L=Fleet, ST=Hants, C=GB, EMAILADDRES
[email protected]
Issuer: CN=DEVROOTCA, OU=IFM, O=BT Syntegra, L=Fleet, ST=Hants, C=GB, EMAILADDRE
[email protected]
Serial number: 5c3ad550252cd1804d9b9d256ed9cbbd
Valid from: Wed Mar 17 12:03:38 GMT 2004 until: Sun Mar 17 12:18:55 GMT 2024
Certificate fingerprints:
MD5: 19:98:5A:49:6F:E6:94:73:B1:06:3F:07:E0:08:F0:D9
SHA1: 28:14:A1:F7:8B:89:2D:1A:A1:AB:AE:C7:17:01:BF:60:06:32:D6:1F
keytool -debug -keystore NONE -storepass 123456 -storetype PKCS11 -delete -alias IFMPROD_SIGN_007
keytool -keystore NONE -storepass 123456 -storetype PKCS11 -list -v
Keystore type: PKCS11
Keystore provider: SunPKCS11-BTHSM
Your keystore contains 1 entry
Alias name: IFMPROD_SIGN_008
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=CUS-GW-2002.intra.ifm.bt.com, OU=MSM, O=SMITHSBANK
Issuer: CN=TESTISSCA, OU=MSM, O=BT
Serial number: 1be98fcd0000000002e8
Valid from: Fri Apr 30 09:11:55 GMT 2010 until: Sat Apr 30 09:11:55 GMT 2011
Certificate fingerprints:
MD5: 30:7B:7A:8A:4F:A0:5E:42:87:C6:ED:B3:A9:08:6A:74
SHA1: 82:C9:DB:66:DF:12:DB:5A:ED:46:B9:79:3B:20:68:83:97:8A:57:EC
JRE is 1.5.0_22 but 1.6.0_13 also does the same thing.
I think that it should check the usage of each cert in the chain and if it is used elsewhere then leave it in place. What my app does is annually generate new RSA keys and gt them recertified and while thats happeneing the system can continue to use the old key+cert until the new one has been issued by the CA and can be loaded. I then import the new entry (as a cert chain) then if that looks good I then remove the old entry. The problem is that by removing the old entry it blows the cet chain away for the new netry and you end up with bustd keystore that hasn't got the cert chain in there.Hi,
Firstly, I’d like to explain, the issuer name is the local CA name not must be your Exchange server name. only one certificate can deploy to the IIS services in one environment. In Exchange 2013, there is an empty certificate which deploy none:
http://exchangeserverpro.com/exchange-server-2013-ssl-certificates/
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
sure that you completely understand the risk before retrieving any suggestions from the above link.
For ease of administration, as well as for lower costs, it is recommended to provision as few certificates as possible. As long as all needed names are added in the certificate, we can install one certificate in one organization.
And here is the minimized namespace which we need to add in our certificate:
Autodiscover.domain.com
The host name in all URLs of IIS services and Outlook Anywhere
Legacy.domain.com
If you have any question, please feel free to let me know.
Thanks,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Angela Shi
TechNet Community Support -
Create SSLContext with usage of Web AS Keystore
Dear Java Community,
I would like to create a javax.net.ssl.SSLContext, where one has to provide a javax.net.ssl.KeyManger and a javax.net.ssl.Trustmanager with the init() method. How can this be done with the WebAs Keystore?
Thanks & Kind Regards
KristianHi Norbert,
According to the developer you can mix them. He said it's better to use FM WDY_EXECUTE_IN_PLACE because is easier and allows to start WDA in the container
on the same screen with SAPGUI elements.
http://help.sap.com/saphelp_nw04s/helpdata/de/43/2f1a63cb883575e10000000a11466f/frameset.htm
Regards,
Snezhi
Message was edited by: Snezhina Gileva
Maybe you are looking for
-
What can I do about an iPhone 4S where the on/off button has quit working?
I've heard this is a common problem. Will Apple pay for fixing it as a product defect?
-
How to encrypt column of some table with the single method on oracle7/814?
How to encrypt column of some table with the single method on oracle7/814?
-
Please help with following query on Extracting the non-sap Data into BW.Please advice the full documentation on Loading,Transforming,Reporting for NON-SAP data into BW . Essentially, the Third party tool provides a matrix for maximizing either profit
-
Card reader on the new 21.5 iMac
Hello All, I'm going to be getting a new 21.5 iMac soon and I had a question about the SD card reader. Can it read SDHC cards? Also is it just a reader or can it write also? Thanks, Mike
-
Mid 2008 17" Mac book pro PLEASE HELP
I have a mid 2008 17" Mac book pro and the display won't turn on it appears to have a problem with the video card since this is out of my hand and I had nothing to do with it what should I do the computer is out of warranty already