MS-SOAP Toolkit 2, certificates and Weblogic

Hi,
I am trying to work with the Microsoft Toolkit 2 SP 2, client certificates and Weblogic
6.1.
It does not work, I know that the problem is with the Toolkit,
it doesn't agree to work with Weblogic, but maybe someone
in this forum know how to solve it.
So, if someone knows how to solve it, please let me know ASAP.
THANKS,
Tal.

To work with Microsoft MS SOAP Toolkit, you should use either RPC/encoded or document/literal.
Even if RPC/literal is WS-I compliant and is now supported by the .NET 3.0 version of the framework, it's not supported for older releases.
Best,
-Eric

Similar Messages

  • Invoking secure services inside bpel with x509 certificate and weblogic

    Hi, everyone. Here we have a problem with invoking secure webservices (*client authentication*) from a bpel deployed in weblogic that is consuming so much time (more than a week) and don't know what else to try.
    The scenario: we have a bpel process which invokes a series of web services without any security mechanisms. Now, we have to change it to invoke a series of webservices that do exactly the same, but using ssl and client authentication with x509 certificates. The first part of it, the ssl one, is done without any problems. But the second part is not working at all, and we (I) are running out of ideas how to configure it in weblogic.
    The situation: I want to invoke a webservice, say, Service1. It requires client authentication, so I should pass a certificate (*which I already have*). I put that certificate inside a keystore (with keytool -importkeystore, from p12 to jks). With SoapUI I have no problem now to invoke the service now. But, I'm not sure what should I do to make it work in weblogic; after all, the provider keeps answering with a HTTP 403 Forbidden error.
    The actions: inside the weblogic's enterprise manager, in SOA deployments (SOA / soa-infra / default ) I selected my composite, and in the Dashboard (down at Services and references), clicked the particular service (Service1). Then, it took me to another page where I can see statistics about that service, and a tab named Policies. There (in Policies) I have the chance to attach a policy, but I don't know which one is the approppriate; I guest it should be WSS11_x509_token_with_message_protection_service_policy, which in turn asks me to provide a value for keystore.recipient.alias, keystore.sig.csf.key and keystore.enc.csf.key. For this keys, I provide values that I configured in Credentials (Weblogic Domain / Security / Credentials, subtree oracle.wsm.security). My own logic tells me that what I have done is what I should have done, but still no luck :(
    I am sure the keystore is ok (if I rename the keystore file it tells me that the keystore file cannot be found, and if I specify an alias which is not inside the keystore it tells me that the alias is not found and list me valid aliases). I guess I am missing something, somewhere, but after many hours (days, almost 2 weeks) googling, still cannot make it work.
    Any ideas would be apreciated. If anyone knows about a post or article about this, it would be apreciated too, but I can tell is not that I just googled for 25 minutes, but I have spent more than a week googling, trying, analyzing and reading formal documentation, with no results.
    Thanks in advance!

    Try to enable SSL and WS debugging on your WLS. Add the following to your startup script:
    -Dweblogic.webservice.verbose=true
    -Dssl.debug=true
    ..then you might be able to spot if the rejection is based on some handshake problem.

  • Soap binding in wsdl and weblogic workshop

    Dear newsgroup,
    I'm trying to develop a webservice with workshop 8.1. In my case, I already have
    a "WSDL" file for the service I want to develop.
    So I created a "Schema Project", imported the wsdl file in it (workshop automatically
    compiled it !!) and generated a webservice from it. I then created a webservice
    project and moved the generated "jws" file in the webservice project.
    So far with no problem.
    Now I opened the "jws" file and saw there is this error:
    "ERROR: The binding for <Op name> does not declare one part"
    "SUGGESTION: A document literal binding must have at most one part. Make sure
    you have a WSDL that declares just one part for each message with a document literal
    binding."
    Indeed my wsdl has messages with more than one part. It looks like this:
    <wsdl:message name="SubmitSMSIn">
    <wsdl:part name="GNSHeaderHeader" element="fwk:GNSHeader">
    </wsdl:part>
    <wsdl:part name="GNSCredentialsHeader" element="fwk:GNSCredentials">
    </wsdl:part>
    <wsdl:part name="SubmitSMSRequestBody" element="sms:SubmitSMSRequest">
    </wsdl:part>
    </wsdl:message>
    And corresponding binding looks like this:
    <wsdl:binding name="smsBinding" type="smsPortType">
    <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"
    />
    <wsdl:operation name="SubmitSMS">
    <soap:operation style="document" soapAction="http://vodafone.net/ns/gns/sms/SubmitSMS">
    </soap:operation>
    <wsdl:input name="SubmitSMSInput">
    <soap:body use="literal" parts="SubmitSMSRequestBody">
    </soap:body>
    <soap:header use="literal" message="SubmitSMSIn" part="GNSHeaderHeader"
    wsdl:required="true">
    </soap:header>
    <soap:header use="literal" message="SubmitSMSIn" part="GNSCredentialsHeader"
    wsdl:required="true">
    </soap:header>
    </wsdl:input>
    <wsdl:output name="SubmitSMSOutput">
    <soap:body use="literal" parts="SubmitSMSResponseBody">
    </soap:body>
    </wsdl:output>
    </wsdl:operation>
    </wsdl:binding>
    MY QUESTION: Is this a workshop webservice limitation? I thought after reading
    wsdl specification,(URL: http://www.w3.org/TR/wsdl.html#_soap-b, example 3), that
    this should be possible.
    What am I doing wrong.
    Thanks for any help.
    -- Asit Bhattacharya

    Hi Asit,
    Personally, I find dealing with the WSDL/SOAP language a humbling
    experience and welcome the day that their syntax is completely buried
    with the use of tools; to that end, I would recommend that you use the
    WS-I test tools to validate/confirm all of the Rxxx issues.
    Regards,
    Bruce
    Asit Bhattacharya wrote:
    >
    Hi Bruce,
    Yes, you are right. "R2210" indeed does say that. Interestingly, it starts like
    this:
    "If a document-literal binding in a DESCRIPTION does not specify the parts attribute
    on a soapbind:body element, the corresponding abstract wsdl:message MUST define
    zero or one wsdl:parts."
    Please NOTE the "if" part of the recommendation. As I understand, it is saying
    when "parts" attribute is not specified in "soapbind:body" element then corresponding
    "wsdl:message" is required to define zero or one "wsdl:parts".
    In my original wsdl file example, I do have "parts" attribute specified for the
    "soapbind:body" element. To me that that should be valid. What do you say.
    Sincerely,
    Asit Bhattacharya.
    Bruce Stephens <[email protected]> wrote:
    Hi Asit,
    R2210 says: ...wsdl:message MUST define zero or one wsdl:parts.
    I might suggest that you try your WSDL with the WS-I test tools. They
    have a mode to consume and analyze WSDL that will give you a detailed
    response correlated with the basic profile.
    Regards,
    Bruce
    Asit Bhattacharya wrote:
    Hi Bruce,
    Thanks for your reply,
    WS-I Basic Profile "R2201" says the following:
    "A document-literal binding in a DESCRIPTION MUST, in each of its soapbind:body
    element(s), have at most one part listed in the parts attribute, ifthe parts
    attribute is specified."
    It does not restrict a meesage (that is used in doc/lit soap binding)to have
    multiple parts. If you look in my example wsdl (specially the soap:bindingportion),
    you'll see I'm only using one part for soap:body binding.
    Could you please explain why do you think that the SUGGESTION is valid?
    Thanks for your help.
    Regards.
    Asit Bhattacharya.
    Bruce Stephens <[email protected]> wrote:
    Hello,
    The suggestion is valid. You might want to reference the extensive
    work
    on this issue by the WS-I folks [1], see R2201 and following.
    Regards,
    Bruce
    [1]
    http://www.ws-i.org/Profiles/Basic/2003-08/BasicProfile-1.0a.html
    Asit Bhattacharya wrote:
    Dear newsgroup,
    I'm trying to develop a webservice with workshop 8.1. In my case,
    I
    already have
    a "WSDL" file for the service I want to develop.
    So I created a "Schema Project", imported the wsdl file in it (workshopautomatically
    compiled it !!) and generated a webservice from it. I then createda webservice
    project and moved the generated "jws" file in the webservice project.
    So far with no problem.
    Now I opened the "jws" file and saw there is this error:
    "ERROR: The binding for <Op name> does not declare one part"
    "SUGGESTION: A document literal binding must have at most one part.Make sure
    you have a WSDL that declares just one part for each message with
    a
    document literal
    binding."
    Indeed my wsdl has messages with more than one part. It looks likethis:
    <wsdl:message name="SubmitSMSIn">
    <wsdl:part name="GNSHeaderHeader" element="fwk:GNSHeader">
    </wsdl:part>
    <wsdl:part name="GNSCredentialsHeader" element="fwk:GNSCredentials">
    </wsdl:part>
    <wsdl:part name="SubmitSMSRequestBody" element="sms:SubmitSMSRequest">
    </wsdl:part>
    </wsdl:message>
    And corresponding binding looks like this:
    <wsdl:binding name="smsBinding" type="smsPortType">
    <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"
    />
    <wsdl:operation name="SubmitSMS">
    <soap:operation style="document" soapAction="http://vodafone.net/ns/gns/sms/SubmitSMS">
    </soap:operation>
    <wsdl:input name="SubmitSMSInput">
    <soap:body use="literal" parts="SubmitSMSRequestBody">
    </soap:body>
    <soap:header use="literal" message="SubmitSMSIn"part="GNSHeaderHeader"
    wsdl:required="true">
    </soap:header>
    <soap:header use="literal" message="SubmitSMSIn"part="GNSCredentialsHeader"
    wsdl:required="true">
    </soap:header>
    </wsdl:input>
    <wsdl:output name="SubmitSMSOutput">
    <soap:body use="literal" parts="SubmitSMSResponseBody">
    </soap:body>
    </wsdl:output>
    </wsdl:operation>
    </wsdl:binding>
    MY QUESTION: Is this a workshop webservice limitation? I thought
    after
    reading
    wsdl specification,(URL: http://www.w3.org/TR/wsdl.html#_soap-b,
    example
    3), that
    this should be possible.
    What am I doing wrong.
    Thanks for any help.
    -- Asit Bhattacharya

  • Interoperability between apache soap toolkit(client)and ms soap toolkit

    Interoperability between apache soap toolkit(client)and ms soap toolkit.Give me an example where i can send and receive a complex data type from apache tomcat in client side to ms soap toolkit on the server side.It is urgent.Plz try to give me a solution as soon as possible.

    The toolkits don't have to work together at all. And by the way, you aren't sending the data to the MS toolkit, you're sending it to some MS product that can process the data. Any data that follows the standards should work.

  • SOAP toolkit problems?

    I downloaded and installed the SOAP toolkit,
    and everything is working fine, except the Console
    won't start because it complains it's not a registered
    web service.
    Anyone else have the same problem? The Console
    was running fine on port 7002, until I install SOAP
    toolkit. I'm about the reinstall WLS 6.0 again to see
    if I can reconstruct what happened.....
    Eric Chiu ([email protected])
    Office 775-355-8200
    Mobile 650-906-6600
    Certified J2EE Architect and Weblogic trainer

    Hi!!!
    The first url you use when you want to send a message to your SOAP adapter.
    The second one you use with a plain HTTP adapter - you send a message directly to a pipeline.
    Check this link:
    http://help.sap.com/saphelp_nw04s/helpdata/en/fc/5ad93f130f9215e10000000a155106/frameset.htm
    Regards,
    Andrzej

  • Error in SOAP call with certificate

    Hello experts!
    I am developing an interface RFC --> SOAP
    This SOAP call is for an external system and my basis team set up a certificate into visual adm in order to be able to communicate with my external partner.
    I set up this certificate into my communication channel (key store entry).
    When this interface is executed I get the following error:
    com.sap.aii.af.ra.ms.api.DeliveryException: SOAP: response message contains an error XIAdapter/PARSING/ADAPTER.SOAP_EXCEPTION - soap fault: No service was found matching the request
    Does anyone know what is happening?
    Best regards,
    Diego.

    Hi guys,
    We have built another scenario to connect to a public web service (without certificates) and it connects properly. In other words the XI machine has access to the internet. Both scenarios are being authenticated in the company proxy. That's why it may not be a firewall issue.
    I've imported the wsdl file into the SoapUI (software to test web services) and I am getting the same error. But when I am trying to execute this test from outside of my company I getting a different error, as follows:
    <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
       <soap:Body>
          <soap:Fault>
             <faultcode>soap:Client</faultcode>
             <faultstring>Validation Error</faultstring>
             <faultactor>internal-firewall</faultactor>
             <detail xmlns:det="http://reactivity.com/">
                <det:detailmessage>The message was found to be invalid.</det:detailmessage>
             </detail>
          </soap:Fault>
       </soap:Body>
    </soap:Envelope>
    I believe this can be an error of data itself. I am trying to check it with the external partner.
    What do all of you think about it?
    Best Regards,
    Diego.

  • Problem in installation of free SSL certificate on Weblogic using keytool

    We tried to install SSL certificate on weblogic certificate using Keystore ..but it is giving error in console at startup and server shutdowns automatically...
    Steps followed:-
    1) To generate keystore and private key and digital cerficate:-
    keytool -genkey -alias mykey2 -keyalg RSA -keystore webconkeystore.jks -storepass webconkeystorepassword
    2) To generate CSR
    keytool -certreq -alias mykey2 -file webconcsr1.csr -keyalg RSA -storetype jks -keystore webconkeystore.jks -storepass webconkeystorepassword
    3) CSR is uploaded on verisign site to generate free ssl certificate.All certificate text received is paste into file (cacert.pem)
    4) Same certificate is put into same keystore using following command
    keytool -import -alias mykey2 -keystore webconkeystore.jks -trustcacerts -file cacert.pem
    5) Before step 4), we have also installed root /intermediate certificate to include chain using following command.
    (intermediateCa.cer file is downloaded from verisign site)
    keytool -import -alias intermediateca -keystore webconkeystore.jks -trustcacerts -file intermediateCa.cer
    6) After this configuration we used weblogic admin module to configure Keystore and SSL.
    7) For KeyStore tab in weblogic admin module, we have select option “Custom Identity And Custom Trust” provided following details under Identity and Trust columns:-
    Private key alias: mykey2
    PassKeyphrase: webconkeystorepassword
    Location of keystore: location of webconkeystore.jks file on server
    8) For SSL tab in weblogic admin module, we have select option “KeyStores” for “Identity and Trust locations”.
    Error on console:
    <Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore.jks under alias mykey2 on server AdminServer.>
    <Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090087> <Server failed to bind to the configured Admin port. The port may already be used by another process.>
    <Nov 3, 2009 3:00:17 PM IST> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: Server failed to bind to any usable port. See preceeding log message for details.>
    <Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
    <Nov 3, 2009 3:00:17 PM IST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
    <Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
    If anyone knows the solution ,please help us out.Thanx in advance.
    I was really happy to get reply yesterday from "mv".I was not expecting such instant response.

    Thanx all guys for your interest and support.
    I have solved this issue.
    We have weblogic 9 on unix env.
    Following steps which I followed:
    #generate private key
    keytool -genkey -v -alias uinbrdcsap01_apac_nsroot_net -keyalg RSA -keysize 1024 -dname "CN=linuxbox042, OU=ASIA, O=Citigroup, L=CALC, S=MH, C=IN" -validity 1068 -keypass "webconkeystorepassword" -keystore "cwebconkeystore"
    #generate csr
    keytool -certreq -v -alias uinbrdcsap01_apac_nsroot_net -file linuxbox042.csr -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass webconkeystorepassword
    Then we uploaded this csr on verisigns free ssl certificate to generate and receive certificate text.
    We copied that text file in "ert4nov2009.crt" rt file used below.
    Apart from that , mail which we received from verisign also contains links to download root ca certificate and intermediate ca certificate.We downloaded them.
    roo ca in "root4nov2009.cer" file.
    intermediate ca in "intermediateca4nov2009.cer"
    both these files used in
    #import root certificate
    keytool -import -alias rootca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "root4nov2009.cer"
    #import intermediate ca certificate
    keytool -import -alias intermediateca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "intermediateca4nov2009.cer"
    #install free ssl certifiate
    keytool -import -alias uinbrdcsap01_apac_nsroot_net -file "cert4nov2009.crt" -trustcacerts -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass "webconkeystorepassword"
    #after this admin configuration
    In weblogic admin console module, we did following settings:-
    1. under Configuration tab
    a. Under KeyStore tab
    For keystore , we selected "Custom identity and Custom Trust"
    Under Identity,
    Custom Identity Keystore:location of keystore "webconkeystore" on weblogic server
    Custom Identity Keystore Type: JKS
    Custom Identity Keystore Passphrase:password for keystore mentioend above.In our case, webconkeystorepassword
    Same we copied Under "Trust", as we have not created separate keystore for trust.
    Save setting.
    b. Under SSL tab
    Identity and Trust Locations: select "Keystores"
    Private Key Alias: alias used while creating private keyi.e. in our case "uinbrdcsap01_apac_nsroot_net"
    Save setting.
    c. Under General tab
    Check checkbox "SSL Listen Port Enabled"
    and mention ssl port "SSL Listen Port"
    Save setting.
    After this activate changes.You might see error on admin module.
    Using command prompt, stop the server and again restart and then try to access using https and port ...
    you will definately get output...
    in our case issue might be due to key size..we used 1024 key size ..it solve problem.
    for your further reference plz find link below..it is also helpful.
    http://download.oracle.com/docs/cd/E13222_01/wls/docs81/plugins/nsapi.html#112674

  • Problems with Oracle Web Logic 10.3.6, certificates and proxies

    Good morning.
    We are trying to establish a SSL connection using Apache Cxf and WebLogic Server 10.3.6.
    For that, we are passing through a proxy. Using Apache Tomcat, the test is ok, we can connect to the endpoint correctly. But in WebLogic 10.3.6, we have problems with the certificates.
    In our code, we are loading the certificates programatically.
    The web-services-config.xml is the following:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans
         xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd"
         xmlns:http="http://cxf.apache.org/transports/http/configuration"
         xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:jaxws="http://cxf.apache.org/jaxws"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans">
         <jaxws:client address="@SNE.SNE_WS_URL@"
              serviceClass="com.bankia.sne.ws.clientes.buzonAPESNE.APESNEBuzonWSTipoPuerto"
              id="puertoAPESNEBuzonWS" />
         <http:conduit name="@SNE.SNE_WS_URL@">
              <http:client Connection="Keep-Alive" AutoRedirect="true"
                   ProxyServerType="HTTP" ProxyServerPort="@SNE.PROXY_PORT@"
                   ProxyServer="@SNE.PROXY_HOST@" />
              <http:proxyAuthorization>+
                   <sec:UserName>@SNE.PROXY_USER@</sec:UserName>
                   <sec:Password>@SNE.PROXY_PASSWORD@</sec:Password>
              </http:proxyAuthorization>
              <http:tlsClientParameters>
                   <sec:cipherSuitesFilter>
                        <!-- these filters ensure that a ciphersuite with export-suitable or
                             null encryption is used, but exclude anonymous Diffie-Hellman key change
                             as this is vulnerable to man-in-the-middle attacks -->
                        <sec:include>.*EXPORT.*</sec:include>
                        <sec:include>.*EXPORT1024.*</sec:include>
                        <sec:include>.*WITHDES_.*</sec:include>
                        <sec:include>.*WITHNULL_.*</sec:include>
                        <sec:exclude>.*DHanon_.*</sec:exclude>
                   </sec:cipherSuitesFilter>
              </http:tlsClientParameters>
         </http:conduit>
    </beans>
    That's the code used for establish the CXF connection:
    private void configuraConexion(Buzon buzon){
              try {
                   LOGGER.debug("Configurando conexión con el sevicio Web para el buzón con id " + buzon.getId() + " ...");
                   Client client = ClientProxy.getClient(puertoAPESNEBuzonWS);
                   HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
                   TLSClientParameters tlsParams = httpConduit.getTlsClientParameters();
                   Certificado certificado = buzon.getCertificado();
                   byte[] bytes = certificado.bytesCertificado();
                   CertificadoSerializable certSerializado = (CertificadoSerializable)Serializador.desserializar(bytes);
                   //Cargamos el truststore de disco
                   TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                   KeyStore truststore = KeyStore.getInstance(Propiedades.getProperty(KEY_SERVICIO_WEB_ALMACEN_TRUSTSTORE));
                   String contrasenia = Propiedades.getProperty(KEY_SERVICIO_WEB_TRUSTORE_PASSWORD);
                   // -- provide your truststore
                   File ficheroTruststore = null;
                   String rutaTrustore = Propiedades.getProperty(KEY_SERVICIO_WEB_TRUSTORE_RUTA) Propiedades.getProperty(KEY_SERVICIO_WEB_NOMBRE_TRUSTSTORE);
                   LOGGER.debug("rutaTrustore --> " + rutaTrustore);
                   if (rutaTrustore!=null){+
                        ficheroTruststore = new File(rutaTrustore);
              URL url = null;
                   if(ficheroTruststore == null || !ficheroTruststore.exists()){
                        url = Localizador.getResource(Propiedades.getProperty(KEY_SERVICIO_WEB_NOMBRE_TRUSTSTORE));
                        ficheroTruststore = new File(url.getPath());
                        truststore.load(url.openStream(), contrasenia.toCharArray());
                   }else{
                        truststore.load(new FileInputStream(ficheroTruststore), contrasenia.toCharArray());                    
                   LOGGER.info("[ServicioWSBuzonAPESNEImpl.configuraConexion] Fichero truststore.pks recuperado de "+ficheroTruststore.getPath());
                   trustFactory.init(truststore);
                   TrustManager[] tm = trustFactory.getTrustManagers();
                   tlsParams.setTrustManagers(tm);
                   //Cargamos el Keystore de base de datos
                   KeyStore keyStore = KeyStore.getInstance(Propiedades.getProperty(KEY_SERVICIO_WEB_TIPO_ALMACEN_KEYSTORE));
                   keyStore.load(null, certificado.getContrasenia().toCharArray());
                   keyStore.setKeyEntry(certificado.getAlias(), certSerializado.getClavePrivada(), certificado.getContrasenia().toCharArray(), certSerializado.getCadena());
                   // set our key store+
                   // (used to authenticate the local SSLSocket to its peer)
                   KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                   keyFactory.init(keyStore, certificado.getContrasenia().toCharArray());
                   KeyManager[] km = keyFactory.getKeyManagers();
                   tlsParams.setKeyManagers(km);
                   httpConduit.setTlsClientParameters(tlsParams);
                   LOGGER.debug("Conexión configurada satisfactoriamente");
              }catch (Exception e) {
                   LOGGER.error("Error al configurar la conexión del servicio Web", e);
                   throw new WSBuzonException("Error al configurar la conexión del servicio Web: " + e.getMessage());
    We don't know how to solve this issue? Please, could you help us?
    Thanks in advance,
    Jaime.
    Edited by: j2eedevelopment on 10-jul-2012 10:05

    Hi Zack, thanks for the answer.
    I've cleaned the code below.
    Our problem is the following: we wan't to use many keystores, in function the user who is connected in the application. For that reason, we wan't to give the keyStore from Java Client, because we've saw that, in WebLogic, you can select one keystore, but only one. For that reason, we wantto change the keystore in run time execution, dinamically.
    The problem we have found are the following:
    1) If we configure WebLogic with the correct keystore and trustore, we are not able to change keysotre and trustore in runtime execution, so we have to us always the same keystore and we don't want this.
    2) Also, I'm trying now to use JaxWS instead Apache Cxf, and I've tried to put the ssl properties of the system with the following code:
    System.setProperty(JAVAXNETSSLTRUST_STORE, trustore);
    System.setProperty(JAVAXNETSSLTRUST_STORE_PASSWORD, trustStorePassword);
    System.setProperty(JAVAXNETSSLKEY_STORE, keyStore);
    System.setProperty(JAVAXNETSSLKEY_STORE_PASSWORD, keyStorePassword);
    System.setProperty(JAVAXNETSSLKEY_STORE_TYPE, keyStoreType);
    Thanks in advance,
    Jaime.

  • Problems using 4096 bit SSL certificate with WebLogic Apache 2.2 plug-in

    Hi,
    'm using WebLogic 9.2 MP3 and Apache HTTP Server (version 2.2) Plug-In. For security reasons, I have SSL installed on both Apache and WebLogic. So Apache must communicate with WebLogic via https.
    I get the following error when attempting to access WebLogic via Apache:
    Internet Explorer cannot display the webpage
    These are the last lines in wlproxy log:
    Fri Feb 26 14:08:59 2010 <71212672221392> INFO: SSL is configured
    Fri Feb 26 14:08:59 2010 <71212672221392> SSL Main Context not set. Calling InitSSL
    Fri Feb 26 14:08:59 2010 <71212672221331> INFO: Initializing SSL library
    I've found that the problem is caused by using a 4096 bit intermediate cert. When I include this 4096 bit cert in the file referenced by plugin parameter "TrustedCAFile", it is unable to load it. I've tested 4096 bit certs from a few different certificate authorities, and consistently see this problem, so I know the problem is not related to the specific certificate. If I use a 2048 bit intermediate certificate, everything works perfectly fine.
    Do you know if there are limitations to the certificate length that the plug-in can use?

    Yes 4096 bit Certificates are not supported by the plugin.
    You can use up to 2048 bit.
    There is a Bug which clearly mentions it.
    I dont remember the Bug Number, but an Oracle Support person will be able to tell you.
    Hope this helps.
    Faisal Khan
    Edited by: Faisal Khan on Feb 27, 2010 2:08 PM

  • SSL between NSAPI and WLS with custom certificate and RequireSSLHostMatch=true fails

    I am trying to use SSL for communication between NSAPI and WebLogic
    server (server authentication at the NSAPI).
    Therefore, a custom server certificate is installed on WLS, containing this
    server's hostname. The NSAPI is configured (RequireSSLHostMatch=true) to
    check the hostname contained in the certificate against the WebLogicHost
    parameter in the "obj.conf" file. The corresponding TrustedCAFile is installed
    for NSAPI.
    The SSL setup seems to work ok, but when matching the hostname, it seems like
    NSAPI is trying to do a string-match against the numeric IP of the WebLogicHost,
    not on the hostname as configured in the WebLogicHost parameter.
    The relevant entry in the "obj.conf" file:
    <Object name="weblogic" ppath="*">
    Service fn=wl-proxy WebLogicHost=btsun2a.muc \
    WebLogicPort=7162 \
    Debug=ALL \
    SecureProxy=ON \
    TrustedCAFile=/home/qx13604/wls61/config/testdomain/TC_RootServer_PEM_Class0.pem
    RequireSSLHostMatch=true
    </Object>
    I am using WLS6.1 with NSAPI (both Solaris). The content of "wlproxy.log" is as
    follows.
    Any ideas?
    Content of "wlproxy.log":
    Thu Oct 11 12:30:22 2001 INFO: SSL is configured
    Thu Oct 11 12:30:22 2001 INFO: Initializing SSL library
    Thu Oct 11 12:30:22 2001 Loaded 1 trusted CA's
    Thu Oct 11 12:30:22 2001 INFO: Successfully initialized SSL
    Thu Oct 11 12:30:22 2001 INFO: SSL configured successfully
    Thu Oct 11 12:30:22 2001 ....relFile.../index.jsp...
    Thu Oct 11 12:30:22 2001 URI=[index.jsp]
    Thu Oct 11 12:30:22 2001 Initializing lastIndex=0 for a list of length=1
    Thu Oct 11 12:30:22 2001 attempt #0 out of a max of 5
    Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
    at line 1156 for '/index.jsp'
    Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
    Thu Oct 11 12:30:22 2001 Going to check the general server list
    Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
    image/jpeg, image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
    image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
    Thu Oct 11 12:30:22 2001 INFO: sysSend 52
    Thu Oct 11 12:30:22 2001 Partial read socket
    Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
    Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
    validation failed
    Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
    Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
    Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
    of URL.cpp
    Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
    line 550 of URL.cpp]: at line 944
    Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
    Thu Oct 11 12:30:22 2001 INFO: sysSend 14
    Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
    Thu Oct 11 12:30:22 2001 attempt #1 out of a max of 5
    Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
    at line 1156 for '/index.jsp'
    Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
    Thu Oct 11 12:30:22 2001 Going to check the general server list
    Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
    image/jpeg, image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
    image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
    Thu Oct 11 12:30:22 2001 INFO: sysSend 52
    Thu Oct 11 12:30:22 2001 Partial read socket
    Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
    Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
    validation failed
    Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
    Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
    Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
    of URL.cpp
    Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
    line 550 of URL.cpp]: at line 944
    Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
    Thu Oct 11 12:30:22 2001 INFO: sysSend 14
    Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
    Thu Oct 11 12:30:22 2001 attempt #2 out of a max of 5
    Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
    at line 1156 for '/index.jsp'
    Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
    Thu Oct 11 12:30:22 2001 Going to check the general server list
    Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
    image/jpeg, image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
    image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
    Thu Oct 11 12:30:22 2001 INFO: sysSend 52
    Thu Oct 11 12:30:22 2001 Partial read socket
    Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
    Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
    validation failed
    Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
    Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
    Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
    of URL.cpp
    Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
    line 550 of URL.cpp]: at line 944
    Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
    Thu Oct 11 12:30:22 2001 INFO: sysSend 14
    Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
    Thu Oct 11 12:30:22 2001 attempt #3 out of a max of 5
    Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
    at line 1156 for '/index.jsp'
    Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
    Thu Oct 11 12:30:22 2001 Going to check the general server list
    Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
    image/jpeg, image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
    image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
    Thu Oct 11 12:30:22 2001 INFO: sysSend 52
    Thu Oct 11 12:30:22 2001 Partial read socket
    Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
    Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
    validation failed
    Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
    Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
    Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
    of URL.cpp
    Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
    line 550 of URL.cpp]: at line 944
    Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
    Thu Oct 11 12:30:22 2001 INFO: sysSend 14
    Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
    Thu Oct 11 12:30:22 2001 attempt #4 out of a max of 5
    Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
    at line 1156 for '/index.jsp'
    Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
    Thu Oct 11 12:30:22 2001 Going to check the general server list
    Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
    image/jpeg, image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
    image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
    Thu Oct 11 12:30:22 2001 INFO: sysSend 52
    Thu Oct 11 12:30:22 2001 Partial read socket
    Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
    Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
    validation failed
    Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
    Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
    Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
    of URL.cpp
    Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
    line 550 of URL.cpp]: at line 944
    Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
    Thu Oct 11 12:30:22 2001 INFO: sysSend 14
    Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
    Thu Oct 11 12:30:22 2001 attempt #5 out of a max of 5
    Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
    at line 1156 for '/index.jsp'
    Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
    Thu Oct 11 12:30:22 2001 Going to check the general server list
    Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
    image/jpeg, image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
    image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
    Thu Oct 11 12:30:22 2001 INFO: sysSend 52
    Thu Oct 11 12:30:22 2001 Partial read socket
    Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
    Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
    validation failed
    Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
    Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
    Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
    of URL.cpp
    Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
    line 550 of URL.cpp]: at line 944
    Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
    Thu Oct 11 12:30:22 2001 INFO: sysSend 14
    Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
    Thu Oct 11 12:30:22 2001 request [index.jsp] processed ..................

    I tried some other case and configured a certificate containing
    the numeric IP as hostname. The authentication works fine then,
    but it wouldn't be nice to hard-code the IP in the certificate
    (btw. the WebLogicHost parameter is still given as DNS name, not
    as IP address).
    Has anyone got a solution for this?
    "Wolfgang Jodl" <[email protected]> wrote:
    >
    I am trying to use SSL for communication between NSAPI and WebLogic
    server (server authentication at the NSAPI).
    Therefore, a custom server certificate is installed on WLS, containing
    this
    server's hostname. The NSAPI is configured (RequireSSLHostMatch=true)
    to
    check the hostname contained in the certificate against the WebLogicHost
    parameter in the "obj.conf" file. The corresponding TrustedCAFile is
    installed
    for NSAPI.
    The SSL setup seems to work ok, but when matching the hostname, it seems
    like
    NSAPI is trying to do a string-match against the numeric IP of the WebLogicHost,
    not on the hostname as configured in the WebLogicHost parameter.
    The relevant entry in the "obj.conf" file:
    <Object name="weblogic" ppath="*">
    Service fn=wl-proxy WebLogicHost=btsun2a.muc \
    WebLogicPort=7162 \
    Debug=ALL \
    SecureProxy=ON \
    TrustedCAFile=/home/qx13604/wls61/config/testdomain/TC_RootServer_PEM_Class0.pem
    RequireSSLHostMatch=true
    </Object>
    I am using WLS6.1 with NSAPI (both Solaris). The content of "wlproxy.log"
    is as
    follows.
    Any ideas?

  • Certificates in weblogic

    Hi!
    Is it possible to use self-signed certificates in Weblogic 6.0 ?
    How can my company become a CA, and what's the cost ?
    Thanks in advance.
    Johnny Kee

    Configuring Commercial certificates on weblogic server
    http://weblogictips.wordpress.com/2008/07/27/configuring-commercial-certificates-on-weblogic-server/
    How to debug SSL issues with weblogic server
    http://weblogictips.wordpress.com/2010/05/11/how-to-debug-ssl-issues-with-weblogic-server/
    Steps to create self sign certificates for weblogic server
    http://weblogictips.wordpress.com/2008/07/27/steps-to-create-self-sign-certificates-for-weblogic-server/
    thanks,
    sandeep

  • Certificate to weblogic-user mapping using CertAuthenticator

    In SSL scenario I have a two way aithentication setup and working.
    Now I wanted to use an auto Certificate to weblogic user mapping.
    I tried using the SimpleCertAuthenticator (part of examples), and
    setup the required properties in weblogic.properties.
    SimpleCertAuthenticator is not getting called by the server.
    (I put debug statements in SimpleCertAuthenticator.java which are
    not being reached).
    can somebody who had it successfully running help.
    thank you,
    escher.

    escher,
    When connecting from a browser a similar problem arises which can be solved by a patch to sp6. Soon sp7 will fix it, but at the moment sp7 solves that problem but causes another.
    I'm confident that the same fix will fix calls from a java client, and thus the example, but I haven't checked yet. If it doesn't I'll let you know.
    "escher" <[email protected]> wrote:
    >
    In SSL scenario I have a two way aithentication setup and working.
    Now I wanted to use an auto Certificate to weblogic user mapping.
    I tried using the SimpleCertAuthenticator (part of examples), and
    setup the required properties in weblogic.properties.
    SimpleCertAuthenticator is not getting called by the server.
    (I put debug statements in SimpleCertAuthenticator.java which are
    not being reached).
    can somebody who had it successfully running help.
    thank you,
    escher.

  • Problems with certificate and signed jad

    Hello
    I have a third party jar and jad which is signed as far as I can tell.
    When I run the jad under the phone emulator.exe I get the text below
    Is there something I need to do.
    Perhaps to do with keystores etc.
    I can install the jar and the application runs but keeps asking for permission to open etc.
    Thanks
    Jim
    C:\Java_ME_platform_SDK_3.0_EA\bin>
    C:\Java_ME_platform_SDK_3.0_EA\bin>emulator -Xdescriptor:trekbuddy.jad
    Device name is not set. Using -Xdevice:DefaultCldcPhone1 option.
    Hint: Use -Xquery argument to see all supported devices.
    HTTP server started!
    *** Error ***
    A problem occured during deploying application from http://127.0.0.1:49813/trekb
    uddy.jad
    * Reason:
    The content provider certificate issuer C=ZA;ST=Western Cape;L=Cape Town;O=Thawt
    e Consulting cc;OU=Certification Services Division;CN=Thawte Premium Server CA;E
    mailAddress=[email protected] is unknown.
    C:\Java_ME_platform_SDK_3.0_EA\bin>

    I got the Thawte certificates and after loading just about every one it stopped complaining about the issuer.
    How ever it then started on about not autorized for API.
    So I gave up in disgust and went back to the the 2.xx toolkit.
    This worked out the box.
    Jim

  • The problem about Secure Reliable Messaging between WCF and Weblogic

    I'm doing a project for testing the interoperability between WCF and Weblogic with secure reliable messaging.
    When WCF client talk to Weblogic service with Secure Reliable feature enabled.We got error when CreateSequence, the error message is below:
    The incoming message was signed with a token which was different from what used to encrypt the body. This was not expected.
    The remote endpoint requested an address for acknowledgements that is not the same as the address for application messages. The channel could not be opened because this is not supported. Ensure the endpoint address used to create the channel is identical to the one the remote endpoint was set up with.
    My understanding is that the client accepted the RSTR from weblogic (so both sides now share the secure conversation token) and moved on to CreateSequence (and failed due to config mismatches). But I don't how the error happen and how to get it fixed.
    -- below is the wsdl you are using --
    Any ideas about it?
    Thanks in advance!!!!!!
    <?xml version='1.0' encoding='utf-8'?>
    <WL5G3N4:definitions name="EchoStringSignOnly" targetNamespace="http://tempuri.org/" xmlns="" xmlns:WL5G3N0="http://www.w3.org/ns/ws-policy" xmlns:WL5G3N1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:WL5G3N2="http://schemas.xmlsoap.org/ws/2005/02/rm/policy" xmlns:WL5G3N3="http://docs.oasis-open.org/ws-rx/wsrmp/200702" xmlns:WL5G3N4="http://schemas.xmlsoap.org/wsdl/" xmlns:WL5G3N5="http://tempuri.org/" xmlns:WL5G3N6="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:WL5G3N7="http://schemas.xmlsoap.org/wsdl/soap12/">
    <WL5G3N0:Policy WL5G3N1:Id="CustomBinding_IEchoStringSignOnly1_EchoString_Input_policy">
    <WL5G3N0:ExactlyOne>
    <WL5G3N0:All>
    <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <sp:Body/>
    <sp:Header Name="Sequence" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
    <sp:Header Name="SequenceAcknowledgement" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
    <sp:Header Name="AckRequested" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
    <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
    </sp:SignedParts>
    </WL5G3N0:All>
    </WL5G3N0:ExactlyOne>
    </WL5G3N0:Policy>
    <WL5G3N0:Policy WL5G3N1:Id="CustomBinding_IEchoStringSignOnly1_policy">
    <WL5G3N0:ExactlyOne>
    <WL5G3N0:All>
    <WL5G3N2:RMAssertion>
    <WL5G3N2:InactivityTimeout Milliseconds="600000"/>
    <WL5G3N2:AcknowledgementInterval Milliseconds="200"/>
    </WL5G3N2:RMAssertion>
    <sp:SymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp15:Policy xmlns:wsp15="http://www.w3.org/ns/ws-policy">
    <sp:ProtectionToken>
    <wsp15:Policy>
    <sp:SecureConversationToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
    <wsp15:Policy>
    <sp:RequireDerivedKeys/>
    <sp:BootstrapPolicy>
    <wsp15:Policy>
    <sp:SignedParts>
    <sp:Body/>
    <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
    </sp:SignedParts>
    <sp:EncryptedParts>
    <sp:Body/>
    </sp:EncryptedParts>
    <sp:AsymmetricBinding>
    <wsp15:Policy>
    <sp:InitiatorToken>
    <wsp15:Policy>
    <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
    <wsp15:Policy>
    <!--<sp:RequireThumbprintReference/>-->
    <sp:WssX509V3Token10/>
    </wsp15:Policy>
    </sp:X509Token>
    </wsp15:Policy>
    </sp:InitiatorToken>
    <sp:RecipientToken>
    <wsp15:Policy>
    <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
    <wsp15:Policy>
    <!--<sp:RequireThumbprintReference/>-->
    <sp:WssX509V3Token10/>
    </wsp15:Policy>
    </sp:X509Token>
    </wsp15:Policy>
    </sp:RecipientToken>
    <sp:AlgorithmSuite>
    <wsp15:Policy>
    <sp:Basic128Rsa15/>
    </wsp15:Policy>
    </sp:AlgorithmSuite>
    <sp:Layout>
    <wsp15:Policy>
    <sp:Strict/>
    </wsp15:Policy>
    </sp:Layout>
    <sp:IncludeTimestamp/>
    <sp:OnlySignEntireHeadersAndBody/>
    </wsp15:Policy>
    </sp:AsymmetricBinding>
    <sp:Wss11>
    <wsp15:Policy>
    <sp:MustSupportRefKeyIdentifier/>
    <sp:MustSupportRefIssuerSerial/>
    <sp:MustSupportRefThumbprint/>
    <sp:MustSupportRefEncryptedKey/>
    </wsp15:Policy>
    </sp:Wss11>
    <sp:Trust13>
    <wsp15:Policy>
    <sp:MustSupportIssuedTokens/>
    <sp:RequireClientEntropy/>
    <sp:RequireServerEntropy/>
    </wsp15:Policy>
    </sp:Trust13>
    </wsp15:Policy>
    </sp:BootstrapPolicy>
    </wsp15:Policy>
    </sp:SecureConversationToken>
    </wsp15:Policy>
    </sp:ProtectionToken>
    <sp:AlgorithmSuite>
    <wsp15:Policy>
    <sp:Basic128Rsa15/>
    </wsp15:Policy>
    </sp:AlgorithmSuite>
    <sp:Layout>
    <wsp15:Policy>
    <sp:Strict/>
    </wsp15:Policy>
    </sp:Layout>
    <sp:IncludeTimestamp/>
    <sp:OnlySignEntireHeadersAndBody/>
    </wsp15:Policy>
    </sp:SymmetricBinding>
    <sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp15:Policy xmlns:wsp15="http://www.w3.org/ns/ws-policy">
    <sp:MustSupportRefKeyIdentifier/>
    <sp:MustSupportRefIssuerSerial/>
    <sp:MustSupportRefThumbprint/>
    <sp:MustSupportRefEncryptedKey/>
    </wsp15:Policy>
    </sp:Wss11>
    <sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp15:Policy xmlns:wsp15="http://www.w3.org/ns/ws-policy">
    <sp:MustSupportIssuedTokens/>
    <sp:RequireClientEntropy/>
    <sp:RequireServerEntropy/>
    </wsp15:Policy>
    </sp:Trust13>
    <wsam:Addressing xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
    <wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy">
    <wsam:NonAnonymousResponses/>
    </wsp:Policy>
    </wsam:Addressing>
    </WL5G3N0:All>
    </WL5G3N0:ExactlyOne>
    </WL5G3N0:Policy>
    <WL5G3N0:Policy WL5G3N1:Id="CustomBinding_IEchoStringSignOnly_EchoString_output_policy">
    <WL5G3N0:ExactlyOne>
    <WL5G3N0:All>
    <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <sp:Body/>
    <sp:Header Name="Sequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
    <sp:Header Name="SequenceAcknowledgement" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
    <sp:Header Name="AckRequested" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
    <sp:Header Name="UsesSequenceSTR" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
    <sp:Header Name="ChannelInstance" Namespace="http://schemas.microsoft.com/ws/2005/02/duplex"/>
    <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
    </sp:SignedParts>
    </WL5G3N0:All>
    </WL5G3N0:ExactlyOne>
    </WL5G3N0:Policy>
    <WL5G3N0:Policy WL5G3N1:Id="CustomBinding_IEchoStringSignOnly1_EchoString_output_policy">
    <WL5G3N0:ExactlyOne>
    <WL5G3N0:All>
    <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <sp:Body/>
    <sp:Header Name="Sequence" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
    <sp:Header Name="SequenceAcknowledgement" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
    <sp:Header Name="AckRequested" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
    <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
    </sp:SignedParts>
    </WL5G3N0:All>
    </WL5G3N0:ExactlyOne>
    </WL5G3N0:Policy>
    <WL5G3N0:Policy WL5G3N1:Id="CustomBinding_IEchoStringSignOnly_EchoString_Input_policy">
    <WL5G3N0:ExactlyOne>
    <WL5G3N0:All>
    <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <sp:Body/>
    <sp:Header Name="Sequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
    <sp:Header Name="SequenceAcknowledgement" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
    <sp:Header Name="AckRequested" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
    <sp:Header Name="UsesSequenceSTR" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
    <sp:Header Name="ChannelInstance" Namespace="http://schemas.microsoft.com/ws/2005/02/duplex"/>
    <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
    </sp:SignedParts>
    </WL5G3N0:All>
    </WL5G3N0:ExactlyOne>
    </WL5G3N0:Policy>
    <WL5G3N0:Policy WL5G3N1:Id="CustomBinding_IEchoStringSignOnly_policy">
    <WL5G3N0:ExactlyOne>
    <WL5G3N0:All>
    <WL5G3N3:RMAssertion/>
    <sp:SymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp15:Policy xmlns:wsp15="http://www.w3.org/ns/ws-policy">
    <sp:ProtectionToken>
    <wsp15:Policy>
    <sp:SecureConversationToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
    <wsp15:Policy>
    <sp:RequireDerivedKeys/>
    <sp:BootstrapPolicy>
    <wsp15:Policy>
    <sp:SignedParts>
    <sp:Body/>
    <sp:Header Name="ChannelInstance" Namespace="http://schemas.microsoft.com/ws/2005/02/duplex"/>
    <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
    </sp:SignedParts>
    <sp:EncryptedParts>
    <sp:Body/>
    </sp:EncryptedParts>
    <sp:AsymmetricBinding>
    <wsp15:Policy>
    <sp:InitiatorToken>
    <wsp15:Policy>
    <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
    <wsp15:Policy>
    <!--<sp:RequireThumbprintReference/>-->
    <sp:WssX509V3Token10/>
    </wsp15:Policy>
    </sp:X509Token>
    </wsp15:Policy>
    </sp:InitiatorToken>
    <sp:RecipientToken>
    <wsp15:Policy>
    <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
    <wsp15:Policy>
    <!--<sp:RequireThumbprintReference/>-->
    <sp:WssX509V3Token10/>
    </wsp15:Policy>
    </sp:X509Token>
    </wsp15:Policy>
    </sp:RecipientToken>
    <sp:AlgorithmSuite>
    <wsp15:Policy>
    <sp:Basic128Rsa15/>
    </wsp15:Policy>
    </sp:AlgorithmSuite>
    <sp:Layout>
    <wsp15:Policy>
    <sp:Strict/>
    </wsp15:Policy>
    </sp:Layout>
    <sp:IncludeTimestamp/>
    <sp:OnlySignEntireHeadersAndBody/>
    </wsp15:Policy>
    </sp:AsymmetricBinding>
    <sp:Wss11>
    <wsp15:Policy>
    <sp:MustSupportRefKeyIdentifier/>
    <sp:MustSupportRefIssuerSerial/>
    <sp:MustSupportRefThumbprint/>
    <sp:MustSupportRefEncryptedKey/>
    </wsp15:Policy>
    </sp:Wss11>
    <sp:Trust13>
    <wsp15:Policy>
    <sp:MustSupportIssuedTokens/>
    <sp:RequireClientEntropy/>
    <sp:RequireServerEntropy/>
    </wsp15:Policy>
    </sp:Trust13>
    </wsp15:Policy>
    </sp:BootstrapPolicy>
    </wsp15:Policy>
    </sp:SecureConversationToken>
    </wsp15:Policy>
    </sp:ProtectionToken>
    <sp:AlgorithmSuite>
    <wsp15:Policy>
    <sp:Basic128Rsa15/>
    </wsp15:Policy>
    </sp:AlgorithmSuite>
    <sp:Layout>
    <wsp15:Policy>
    <sp:Strict/>
    </wsp15:Policy>
    </sp:Layout>
    <sp:IncludeTimestamp/>
    <sp:OnlySignEntireHeadersAndBody/>
    </wsp15:Policy>
    </sp:SymmetricBinding>
    <sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp15:Policy xmlns:wsp15="http://www.w3.org/ns/ws-policy">
    <sp:MustSupportRefKeyIdentifier/>
    <sp:MustSupportRefIssuerSerial/>
    <sp:MustSupportRefThumbprint/>
    <sp:MustSupportRefEncryptedKey/>
    </wsp15:Policy>
    </sp:Wss11>
    <sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp15:Policy xmlns:wsp15="http://www.w3.org/ns/ws-policy">
    <sp:MustSupportIssuedTokens/>
    <sp:RequireClientEntropy/>
    <sp:RequireServerEntropy/>
    </wsp15:Policy>
    </sp:Trust13>
    <cdp:CompositeDuplex xmlns:cdp="http://schemas.microsoft.com/net/2006/06/duplex"/>
    <ow:OneWay xmlns:ow="http://schemas.microsoft.com/ws/2005/05/routing/policy"/>
    <wsam:Addressing xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
    <wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy">
    <wsam:NonAnonymousResponses/>
    </wsp:Policy>
    </wsam:Addressing>
    </WL5G3N0:All>
    </WL5G3N0:ExactlyOne>
    </WL5G3N0:Policy>
    <WL5G3N4:types>
    <xsd:schema targetNamespace="http://tempuri.org/Imports" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <xsd:import namespace="http://tempuri.org/" schemaLocation="RequestReplySignOnly.svc.xsd0.xml"/>
    <xsd:import namespace="http://schemas.microsoft.com/2003/10/Serialization/" schemaLocation="RequestReplySignOnly.svc.xsd1.xml"/>
    </xsd:schema>
    </WL5G3N4:types>
    <WL5G3N4:message name="PingRequest">
    <WL5G3N4:part element="WL5G3N5:PingRequest" name="parameters"/>
    </WL5G3N4:message>
    <WL5G3N4:message name="PingResponse">
    <WL5G3N4:part element="WL5G3N5:PingResponse" name="parameters"/>
    </WL5G3N4:message>
    <WL5G3N4:portType name="IEchoStringSignOnly">
    <WL5G3N4:operation name="EchoString">
    <WL5G3N4:input message="WL5G3N5:PingRequest" name="PingRequest"/>
    <WL5G3N4:output message="WL5G3N5:PingResponse" name="PingResponse"/>
    </WL5G3N4:operation>
    </WL5G3N4:portType>
    <WL5G3N4:binding name="CustomBinding_IEchoStringSignOnly" type="WL5G3N5:IEchoStringSignOnly">
    <WL5G3N0:Policy>
    <WL5G3N0:PolicyReference URI="#CustomBinding_IEchoStringSignOnly_policy"/>
    </WL5G3N0:Policy>
    <WL5G3N6:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
    <WL5G3N4:operation name="EchoString">
    <WL5G3N6:operation soapAction="urn:wsrm:EchoString" style="document"/>
    <WL5G3N4:input name="PingRequest">
    <WL5G3N0:Policy>
    <WL5G3N0:PolicyReference URI="#CustomBinding_IEchoStringSignOnly_EchoString_Input_policy"/>
    </WL5G3N0:Policy>
    <WL5G3N6:body use="literal"/>
    </WL5G3N4:input>
    <WL5G3N4:output name="PingResponse">
    <WL5G3N0:Policy>
    <WL5G3N0:PolicyReference URI="#CustomBinding_IEchoStringSignOnly_EchoString_output_policy"/>
    </WL5G3N0:Policy>
    <WL5G3N6:body use="literal"/>
    </WL5G3N4:output>
    </WL5G3N4:operation>
    </WL5G3N4:binding>
    <WL5G3N4:binding name="CustomBinding_IEchoStringSignOnly1" type="WL5G3N5:IEchoStringSignOnly">
    <WL5G3N0:Policy>
    <WL5G3N0:PolicyReference URI="#CustomBinding_IEchoStringSignOnly1_policy"/>
    </WL5G3N0:Policy>
    <WL5G3N7:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
    <WL5G3N4:operation name="EchoString">
    <WL5G3N7:operation soapAction="urn:wsrm:EchoString" style="document"/>
    <WL5G3N4:input name="PingRequest">
    <WL5G3N7:body use="literal"/>
    <WL5G3N0:Policy>
    <WL5G3N0:PolicyReference URI="#CustomBinding_IEchoStringSignOnly1_EchoString_Input_policy"/>
    </WL5G3N0:Policy>
    </WL5G3N4:input>
    <WL5G3N4:output name="PingResponse">
    <WL5G3N7:body use="literal"/>
    <WL5G3N0:Policy>
    <WL5G3N0:PolicyReference URI="#CustomBinding_IEchoStringSignOnly1_EchoString_output_policy"/>
    </WL5G3N0:Policy>
    </WL5G3N4:output>
    </WL5G3N4:operation>
    </WL5G3N4:binding>
    <WL5G3N4:service name="EchoStringSignOnly">
    <WL5G3N4:port binding="WL5G3N5:CustomBinding_IEchoStringSignOnly" name="CustomBinding_IEchoStringSignOnly">
    <WL5G3N6:address location="http://mss-rrsp-01/ReliableMessaging_Service_WSAddressing10_Indigo/RequestReplySignOnly.svc/SecureReliable_Addressable_Soap11_WSAddressing10_RM11"/>
    <wsa10:EndpointReference xmlns:wsa10="http://www.w3.org/2005/08/addressing">
    <wsa10:Address>http://mss-rrsp-01/ReliableMessaging_Service_WSAddressing10_Indigo/RequestReplySignOnly.svc/SecureReliable_Addressable_Soap11_WSAddressing10_RM11</wsa10:Address>
    <Identity xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
    <X509Data>
    <X509Certificate>MIIDCjCCAfKgAwIBAgIQYDju2/6sm77InYfTq65x+DANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQKDAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoXDTE4MDMxOTIzNTk1OVowQDEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3AgVGVzdCBDZXJ0MQwwCgYDVQQDDANCb2IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMCquMva4lFDrv3fXQnKK8CkSU7HvVZ0USyJtlL/yhmHH/FQXHyYY+fTcSyWYItWJYiTZ99PAbD+6EKBGbdfuJNUJCGaTWc5ZDUISqM/SGtacYe/PD/4+g3swNPzTUQAIBLRY1pkr2cm3s5Ch/f+mYVNBR41HnBeIxybw25kkoM7AgMBAAGjgZMwgZAwCQYDVR0TBAIwADAzBgNVHR8ELDAqMCiiJoYkaHR0cDovL2ludGVyb3AuYmJ0ZXN0Lm5ldC9jcmwvY2EuY3JsMA4GA1UdDwEB/wQEAwIEsDAdBgNVHQ4EFgQUXeg55vRyK3ZhAEhEf+YT0z986L0wHwYDVR0jBBgwFoAUwJ0o/MHrNaEd1qqqoBwaTcJJDw8wDQYJKoZIhvcNAQEFBQADggEBAIiVGv2lGLhRvmMAHSlY7rKLVkv+zEUtSyg08FBT8z/RepUbtUQShcIqwWsemDU8JVtsucQLc+g6GCQXgkCkMiC8qhcLAt3BXzFmLxuCEAQeeFe8IATr4wACmEQE37TEqAuWEIanPYIplbxYgwP0OBWBSjcRpKRAxjEzuwObYjbll6vKdFHYIweWhhWPrefquFp7TefTkF4D3rcctTfWJ76I5NrEVld+7PBnnJNpdDEuGsoaiJrwTW3Ixm40RXvG3fYS4hIAPeTCUk3RkYfUkqlaaLQnUrF2hZSgiBNLPe8gGkYORccRIlZCGQDEpcWl1Uf9OHw6fC+3hkqolFd5CVI=</X509Certificate>
    </X509Data>
    </KeyInfo>
    </Identity>
    </wsa10:EndpointReference>
    </WL5G3N4:port>
    <WL5G3N4:port binding="WL5G3N5:CustomBinding_IEchoStringSignOnly1" name="CustomBinding_IEchoStringSignOnly1">
    <WL5G3N7:address location="http://mss-rrsp-01/ReliableMessaging_Service_WSAddressing10_Indigo/RequestReplySignOnly.svc/SecureReliable_Anonymous_Soap12_WSAddressing10_RM10"/>
    <wsa10:EndpointReference xmlns:wsa10="http://www.w3.org/2005/08/addressing">
    <wsa10:Address>http://mss-rrsp-01/ReliableMessaging_Service_WSAddressing10_Indigo/RequestReplySignOnly.svc/SecureReliable_Anonymous_Soap12_WSAddressing10_RM10</wsa10:Address>
    <Identity xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
    <X509Data>
    <X509Certificate>MIIDCjCCAfKgAwIBAgIQYDju2/6sm77InYfTq65x+DANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQKDAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoXDTE4MDMxOTIzNTk1OVowQDEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3AgVGVzdCBDZXJ0MQwwCgYDVQQDDANCb2IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMCquMva4lFDrv3fXQnKK8CkSU7HvVZ0USyJtlL/yhmHH/FQXHyYY+fTcSyWYItWJYiTZ99PAbD+6EKBGbdfuJNUJCGaTWc5ZDUISqM/SGtacYe/PD/4+g3swNPzTUQAIBLRY1pkr2cm3s5Ch/f+mYVNBR41HnBeIxybw25kkoM7AgMBAAGjgZMwgZAwCQYDVR0TBAIwADAzBgNVHR8ELDAqMCiiJoYkaHR0cDovL2ludGVyb3AuYmJ0ZXN0Lm5ldC9jcmwvY2EuY3JsMA4GA1UdDwEB/wQEAwIEsDAdBgNVHQ4EFgQUXeg55vRyK3ZhAEhEf+YT0z986L0wHwYDVR0jBBgwFoAUwJ0o/MHrNaEd1qqqoBwaTcJJDw8wDQYJKoZIhvcNAQEFBQADggEBAIiVGv2lGLhRvmMAHSlY7rKLVkv+zEUtSyg08FBT8z/RepUbtUQShcIqwWsemDU8JVtsucQLc+g6GCQXgkCkMiC8qhcLAt3BXzFmLxuCEAQeeFe8IATr4wACmEQE37TEqAuWEIanPYIplbxYgwP0OBWBSjcRpKRAxjEzuwObYjbll6vKdFHYIweWhhWPrefquFp7TefTkF4D3rcctTfWJ76I5NrEVld+7PBnnJNpdDEuGsoaiJrwTW3Ixm40RXvG3fYS4hIAPeTCUk3RkYfUkqlaaLQnUrF2hZSgiBNLPe8gGkYORccRIlZCGQDEpcWl1Uf9OHw6fC+3hkqolFd5CVI=</X509Certificate>
    </X509Data>
    </KeyInfo>
    </Identity>
    </wsa10:EndpointReference>
    </WL5G3N4:port>
    </WL5G3N4:service>
    </WL5G3N4:definitions>

    Bruce Stephens <[email protected]> wrote:
    Hi Michael,
    The short answer, at this time, OOTB, WS-RM interop with an unknown
    vendor would be doubtful. For a longer answer, David Orchard has a good
    review of the emerging web services specs [0]. You might consider ebXML
    messaging [1] as a more mature solution.
    Thank you Bruce. I will look at these docs.
    Mike S.
    Hope this helps,
    Bruce
    [0]
    http://dev2dev.bea.com/technologies/webservices/articles/ws_orchard.jsp
    [1]
    http://e-docs.bea.com/wli/docs70/ebxml/getstart.htm
    Michael Shea wrote:
    Hello,
    We have developed an application that is running on the WebLogic AppServer v8.1
    sp1.
    Recently we have received a request/query on providing reliable SOAPmessaging
    from our application to 3rd party.
    I have read the documentation on Reliable messaging support and havenoted that
    it is only supported between two WebLogic Application servers.
    My questions are, since we do not have control of the 3rd party's application,
    and it may not be based on a WebLogic App Server:
    1. Will this work?
    2. Does anyone have any idea of the type of issues that may be experienced?
    3. How close is the implementation to the WS Reliable Messaging specification?
    So, if the other party was based on an IBM or Microsoft implementationis this
    likely to work?
    It goes without saying that any work done would need to be very throughlytested
    and qualified.
    I have looked through the WebLogic Documentation on WebServices aswell as searching
    this newgroup for other posts on this topic, hopefully I have not missedanything
    (If so, my apologies.)
    Thanks,
    Mike Shea.

  • Godaddy SSL certificate on weblogic

    Hello,
    Recentally I purchased ssl certificate from godaddy, they send me 2 files (mydomain.crt) and (gd_bundle.crt).
    now I don't know how to create .pem file just to complete the installation. below the instruction I did.
    - keytool -genkey -alias client -keyalg RSA -keysize 2048 -keystore identity.jks -storepass password -keypass password
    - keytool -certreq -keyalg RSA -keysize 2048 -alias client -file certreq.csr -keystore identity.jks -storepass password
    here when I enter this I get an error ( keytool error: java.io.FileNotFoundException: CertChain.pem (No such file or directory not found). so how to create the CertChain.pem from the files I got from godaddy.
    - keytool -import -file CertChain.pem -alias client -keystore identity.jks -storepass password
    - keytool -import -file rootCA.cer -alias RootCA -keystore trust.jks -storepass password
    Keytool –list –v –keystore <keystore-name> -storepass <keystore-password>

    I found out how to install godaddy ssl certificate on weblogic follow the link below.
    http://coreygilmore.com/blog/2009/06/02/install-a-go-daddy-ssl-certificate-for-use-with-jboss-or-the-bes-5-bas/
    but I still get This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.

Maybe you are looking for

  • Cannot view body of page in Design View with PHP

    Hello, I hope some one can help me. I have a website that I am working that I am unable to view the body of the page in Design mode. This is a php file. I can preview the page fine by pressing F12, so it appears PHP is installed and my test server is

  • Rate in Consignment PO

    Dear Experts, My client (senior) want at the time of release consignment Po rate should be display in Release screen (menas PO). How it is possible.. Neeru dimri

  • Loop thru Status table and start job

    I have a STATUS Tbl, that has a field called CompleteDate.Only if the CompleteDate field has TODAYS Today, then I want to proceed with my ssis task, to insert data in some tables. If the CompleteDate Is not yet todays date, then I want to check the s

  • Message "switch to mobile site".  Not sure what this means

    When I am surfing the web I keep getting a pop up that says "switch to mobile site".  I'm not sure what this means since I don't have a mobile site.  I am new to the Ipad so I am looking for help.

  • Accounted cells coloring in 2 page doc?

    Hi friends, I have a bank statement on a Numbers page and Im doing a little list on anotehr page with itemized expenses. I want to have the cells I have accounted for in a color, so when i go back to the bank statement, I know and see which ones have