Server Certificate on Weblogic 8.1

Hi. I know it is really dumb to ask these questions but I urgently need to know these as I am on a very tight project schedule. So can someone please enlighten me.
1. If I use SSL protocol and configure to use server certificate, may I know when someone enter my URL, will internet explorer prompt my client for certificate?
2. Do I really need SSL for configuring Certificate? If I do not use, can I still configure and use Server Certificate?
3. Can I reuse the server certificate on my Weblogic 5.1 to Weblogic 8.1 since I am migrating from WL5.1 to WL8.1?
My certificates files in WL 5.1 are in the form of *.pem
Cheers

If you get (for example) a 128-bit SSL certificate from Verisign you need to specify a Certificate Signing Request (CSR). This is unique for each server. If you have upgraded your server and the CSR generated from the weblogic CSR generator servlet is the same as it was in the previous version, then I guess you can use the same certificate. If the CSR has changed then I think you will need to replace the certificate, this costs $100. If it's been less than 30 days since your certificate was issued, it's free.

Similar Messages

  • Weblogic server 9.2 and SSL server certificate for the wrong site

    I turned on SSL service for a weblogic 9.2 server and later on changed the hostname of the machine that weblogic was running on. So the hostname that my SSL server certificate was issued to has now became an invalid hostname. But my weblogic server continues to run SSL service without any exception. I can still access my web applications thru the SSL port (except of course I get a warning for the server certificate every time that it is for the "wrong site"). My question is this: should weblogic 9.2 verify the hostname in the server certificate and stop SSL service if the certificate is for the wrong site? Or is verifying the certificate strictly the job of the browser? Just want to make sure there is nothing wrong with my SSL configuration. Thanks.

    So you are saying that something is wrong with my weblogic 9.2 ssl configuration? And that given a server certificate issued to a different hostname, my weblogic server should NOT be servicing ssl request and/or it should throw some sort of exception during startup? Thanks for clarifying.

  • SSL for Weblogic 6.0: Server Certificate Chain File & Verisign

    http://www.bea.com/support/askbea/wls/S-07188.shtml
    This issue attempts to explain what a "certificate chain file" is for. I still don't understand why this is so difficult. Where do I get this from?
    At the end of the article it points me here:
    http://www.verisign.com/repository/root.html
    And vaguely tells me to convert the unspecified format on that page using a utility from OpenSSL. The format on that page is NOT .pem, what is it? Which utility do I use, and HOW do I convert the root server CA on that page to .der format?
    Thanks for tips!

    Unfortunately this is a missleading exception you are getting.
    Here is a suggested workaround (at-least to get SSL working )
    https://www.verisign.com/server/prg/browser/root.html
    I have been meet same question as you.
    The Server Certificate Chain File obtained from your Browser (such as IE5.5 )
    Jason Pettiss <[email protected]> wrote:
    http://www.bea.com/support/askbea/wls/S-07188.shtml
    This issue attempts to explain what a "certificate chain file" is for.
    I still don't understand why this is so difficult. Where do I get
    this from?
    At the end of the article it points me here:
    http://www.verisign.com/repository/root.html
    And vaguely tells me to convert the unspecified format on that page using
    a utility from OpenSSL. The format on that page is NOT .pem, what is
    it? Which utility do I use, and HOW do I convert the root server
    CA on that page to .der format?
    Thanks for tips!

  • Configuring Apache HTTP Server with Oracle Weblogic Server plugin

    Hello friends,
    I have a scenario of OIM 9.1.0.2 on Oracle Application Server 11g and Weblogic Server Apache HTTP Server.
    Oracle WebLogic Server is configured in cluster (node1 and node2), also use the Oracle Weblogic Server plugin for integration with Apache.
    One of the tests is to lose one of the nodes for the apache plugin redirects the node that has less overhead.
    When the mode is node1 and node2 stop start mode and try to access the management console of Oracle Identity Manager, the plugin sometimes redirects to the other active node, and on another occasion shows the oracle management console identity manager without the colors of the basic look and feel.
    Deputy of the Apache HTTP Server log, do you expect your comments to solve this case?
    *************************************************log****************************************************
    Server Details are:
    OrigHostInfo [192.168.1.200]
    isOrigHostInfoDNS [0]
    Host [192.168.1.200]
    Port [7002]
    SecurePort [7004]
    Mon Jan 30 22:10:43 2012 <2600713279794431> Initializing lastIndex=0 for a list of length=1
    Mon Jan 30 22:10:43 2012 <2600713279794431> initJVMID: Trying to locate Primary or Secondary using SrvrInfo with JVMID [-872106207]
    Mon Jan 30 22:10:43 2012 <2600713279794431> initJVMID: Found Primary 192.168.1.200:7002:7004
    Mon Jan 30 22:10:43 2012 <2600713279794431> INFO: Closing SSL context
    Mon Jan 30 22:10:43 2012 <2600713279794431> .....internal request /bea_wls_internal/WLDummyInitJVMIDs.....processed
    Mon Jan 30 22:10:43 2012 <2600713279794431> getPreferredFromCookie: Found 1 servers
    Mon Jan 30 22:10:43 2012 <2600713279794431> attempt #0 out of a max of 5
    Mon Jan 30 22:10:43 2012 <2600713279794431> trying connect to PRIMARY '192.168.1.200'/7002/7004
    Mon Jan 30 22:10:43 2012 <2600713279794431> getPooledConn: No more connections in the pool for Host[192.168.1.200] Port[7002] SecurePort[7004]
    Mon Jan 30 22:10:43 2012 <2600713279794431> New SSL URL: match = 0 oid = 22
    Mon Jan 30 22:10:43 2012 <2600713279794431> Connect returns -1, and error no set to 150, msg 'Operation now in progress'
    Mon Jan 30 22:10:43 2012 <2600713279794431> EINPROGRESS in connect() - selecting
    Mon Jan 30 22:10:43 2012 <2600713279794431> Setting peerID for new SSL connection
    Mon Jan 30 22:10:43 2012 <2600713279794431> 0ae2 0436 0000 1b5c ...6...\
    Mon Jan 30 22:10:43 2012 <2600713279794431> Local Port of the socket is 39186
    Mon Jan 30 22:10:43 2012 <2600713279794431> Remote Host 192.168.1.200 Remote Port 7004
    Mon Jan 30 22:10:43 2012 <2600713279794431> created a new connection to preferred server '192.168.1.200/7004' for '/xlWebApp/images/spacer.gif', Local port:39186
    Mon Jan 30 22:10:43 2012 <2600713279794431> INFO: CA certificate missing basicConstraints, validation failed
    Mon Jan 30 22:10:43 2012 <2600713279794431> ERROR: SSLWrite failed
    Mon Jan 30 22:10:43 2012 <2600713279794431> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
    Mon Jan 30 22:10:43 2012 <2600713279794431> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
    Mon Jan 30 22:10:43 2012 <2600713279794431> Marking 192.168.1.200:7004 as bad
    Mon Jan 30 22:10:43 2012 <2600713279794431> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 794 of ../nsapi/URL.cpp]: at line 3160
    Mon Jan 30 22:10:43 2012 <2600713279794431> INFO: Closing SSL context
    Mon Jan 30 22:10:43 2012 <2598413279794431>
    ================New Request: [GET /images/cab.gif HTTP/1.1] =================
    Mon Jan 30 22:10:43 2012 <2598413279794431> INFO: SSL is configured
    Mon Jan 30 22:10:43 2012 <2598413279794431> SSL Main Context not set. Calling InitSSL
    Mon Jan 30 22:10:43 2012 <2598413279794431> INFO: SSL configured successfully
    Mon Jan 30 22:10:43 2012 <2598413279794431> Using Uri /images/cab.gif
    Mon Jan 30 22:10:43 2012 <2598413279794431> After trimming path: '/images/cab.gif'
    Mon Jan 30 22:10:43 2012 <2598413279794431> adding prepend path: /xlWebApp/
    Mon Jan 30 22:10:43 2012 <2598413279794431> The final request string is '/xlWebApp/images/cab.gif'
    Mon Jan 30 22:10:43 2012 <2598413279794431> Host extracted from serverlist is [192.168.1.100]
    Mon Jan 30 22:10:43 2012 <2598413279794431> Host extracted from serverlist is [192.168.1.200]
    Mon Jan 30 22:10:43 2012 <2598413279794431> Initializing lastIndex=0 for a list of length=2
    Mon Jan 30 22:10:43 2012 <2598413279794431> getListNode: created a new server node: id='192.168.1.100:7004,192.168.1.200:7004' server_name='OIMSERVER', port='443'
    Mon Jan 30 22:10:43 2012 <2598413279794431> getPreferred: availcookie=[JSESSIONID=6RGCPnbTFRG7LBrTRpFnv1QLnQHkxkqr4pjGhhGJyrJWJ1rv86NK!-872106207!NONE]
    Mon Jan 30 22:10:43 2012 <2598413279794431> Found cookie from cookie header: JSESSIONID=6RGCPnbTFRG7LBrTRpFnv1QLnQHkxkqr4pjGhhGJyrJWJ1rv86NK!-872106207!NONE
    Mon Jan 30 22:10:43 2012 <2598413279794431> Parsing cookie JSESSIONID=6RGCPnbTFRG7LBrTRpFnv1QLnQHkxkqr4pjGhhGJyrJWJ1rv86NK!-872106207!NONE
    Mon Jan 30 22:10:43 2012 <2598413279794431> getpreferredServersFromCookie: [-872106207!NONE]
    Mon Jan 30 22:10:43 2012 <2598413279794431> primaryJVMID: [-872106207]
    secondaryJVMID: [NONE]
    Mon Jan 30 22:10:43 2012 <2598413279794431> No of JVMIDs found in cookie: 1
    Mon Jan 30 22:10:43 2012 <2598413279794431> getPreferredFromCookie: Start Position is 0, listLen is 2
    Mon Jan 30 22:10:43 2012 <2598413279794431> getPreferredFromCookie: Either JVMIDs not set or they are stale. Will try to get JVMIDs from WLS
    Mon Jan 30 22:10:43 2012 <2598413279794431> initJVMID: Iterating SrvrList from position 0
    Mon Jan 30 22:10:43 2012 <2598413279794431> ======internal request /bea_wls_internal/WLDummyInitJVMIDs======
    initJVMID: Trying Host[192.168.1.100] Port[7004] SecurePort[7004] useSSL [1] ioTimeout [30] socketTimeout [2]
    Mon Jan 30 22:10:43 2012 <2598413279794431> New SSL URL: match = 0 oid = 0
    Mon Jan 30 22:10:43 2012 <2598413279794431> Connect returns -1, and error no set to 146, msg 'Connection refused'
    Mon Jan 30 22:10:43 2012 <2598413279794431> Error connecting to host 192.168.1.100:7004
    Mon Jan 30 22:10:43 2012 <2598413279794431> *******Exception type [CONNECTION_REFUSED] (Error connecting to host 192.168.1.100:7004 errno = 146) raised at line 1723 of ../nsapi/URL.cpp
    Mon Jan 30 22:10:43 2012 <2598413279794431> initJVMID: Failed to retrieved JVMID for 192.168.1.100:7004:7004
    Mon Jan 30 22:10:43 2012 <2598413279794431> initJVMID: Marked server as BAD
    Mon Jan 30 22:10:43 2012 <2598413279794431> INFO: Closing SSL context
    Mon Jan 30 22:10:43 2012 <2598413279794431> .....internal request /bea_wls_internal/WLDummyInitJVMIDs.....processed
    Mon Jan 30 22:10:43 2012 <2598413279794431> ======internal request /bea_wls_internal/WLDummyInitJVMIDs======
    initJVMID: Trying Host[192.168.1.200] Port[7004] SecurePort[7004] useSSL [1] ioTimeout [30] socketTimeout [2]
    Mon Jan 30 22:10:43 2012 <2598413279794431> New SSL URL: match = 0 oid = 0
    Mon Jan 30 22:10:43 2012 <2598413279794431> Connect returns -1, and error no set to 150, msg 'Operation now in progress'
    Mon Jan 30 22:10:43 2012 <2598413279794431> EINPROGRESS in connect() - selecting
    Mon Jan 30 22:10:43 2012 <2598413279794431> Setting peerID for new SSL connection
    Mon Jan 30 22:10:43 2012 <2598413279794431> 0ae2 0436 0000 1b5c ...6...\
    Mon Jan 30 22:10:43 2012 <2598413279794431> Local Port of the socket is 39188
    Mon Jan 30 22:10:43 2012 <2598413279794431> Remote Host 192.168.1.200 Remote Port 7004
    Mon Jan 30 22:10:43 2012 <2598413279794431> INFO: Certificate validation succeeded
    Mon Jan 30 22:10:43 2012 <2598413279794431> INFO: Negotiated to cipher: 3
    Mon Jan 30 22:10:43 2012 <2598413279794431> SSLWrite sent 171
    Mon Jan 30 22:10:43 2012 <2598413279794431> SSLWrite completed, sent 171
    Mon Jan 30 22:10:43 2012 <2598413279794431> Reader::fill() SSLRead returned: 0 290
    Mon Jan 30 22:10:43 2012 <2598413279794431> URL::parseHeaders: CompleteStatusLine set to [HTTP/1.1 404 Not Found]
    Mon Jan 30 22:10:43 2012 <2598413279794431> URL::parseHeaders: StatusLine set to [404 Not Found]
    Mon Jan 30 22:10:43 2012 <2598413279794431> parsed all headers OK
    Mon Jan 30 22:10:43 2012 <2598413279794431> Parsing cluster list: -872106207!182584374!7002!7004
    Mon Jan 30 22:10:43 2012 <2598413279794431> parseJVMID: Parsing JVMID '-872106207!182584374!7002!7004'
    Mon Jan 30 22:10:43 2012 <2598413279794431> parseJVMID: Actually parsing '-872106207!182584374!7002!7004'
    Mon Jan 30 22:10:43 2012 <2598413279794431> ServerInfo struct for JVMID '-872106207' populated
    Server Details are:
    OrigHostInfo [192.168.1.200]
    isOrigHostInfoDNS [0]
    Host [192.168.1.200]
    Port [7002]
    SecurePort [7004]
    Mon Jan 30 22:10:43 2012 <2598413279794431> Initializing lastIndex=0 for a list of length=1
    Mon Jan 30 22:10:43 2012 <2598413279794431> initJVMID: Trying to locate Primary or Secondary using SrvrInfo with JVMID [-872106207]
    Mon Jan 30 22:10:43 2012 <2598413279794431> initJVMID: Found Primary 192.168.1.200:7002:7004
    Mon Jan 30 22:10:43 2012 <2598413279794431> INFO: Closing SSL context
    Mon Jan 30 22:10:43 2012 <2598413279794431> .....internal request /bea_wls_internal/WLDummyInitJVMIDs.....processed
    Mon Jan 30 22:10:43 2012 <2598413279794431> getPreferredFromCookie: Found 1 servers
    Mon Jan 30 22:10:43 2012 <2598413279794431> attempt #0 out of a max of 5
    Mon Jan 30 22:10:43 2012 <2598413279794431> trying connect to PRIMARY '192.168.1.200'/7002/7004
    Mon Jan 30 22:10:43 2012 <2598413279794431> getPooledConn: No more connections in the pool for Host[192.168.1.200] Port[7002] SecurePort[7004]
    Mon Jan 30 22:10:43 2012 <2598413279794431> New SSL URL: match = 0 oid = 22
    Mon Jan 30 22:10:43 2012 <2598413279794431> Connect returns -1, and error no set to 150, msg 'Operation now in progress'
    Mon Jan 30 22:10:43 2012 <2598413279794431> EINPROGRESS in connect() - selecting
    Mon Jan 30 22:10:43 2012 <2598413279794431> Setting peerID for new SSL connection
    Mon Jan 30 22:10:43 2012 <2598413279794431> 0ae2 0436 0000 1b5c ...6...\
    Mon Jan 30 22:10:43 2012 <2598413279794431> Local Port of the socket is 39189
    Mon Jan 30 22:10:43 2012 <2598413279794431> Remote Host 192.168.1.200 Remote Port 7004
    Mon Jan 30 22:10:43 2012 <2598413279794431> created a new connection to preferred server '192.168.1.200/7004' for '/xlWebApp/images/cab.gif', Local port:39189
    Mon Jan 30 22:10:43 2012 <2598413279794431> INFO: CA certificate missing basicConstraints, validation failed
    Mon Jan 30 22:10:43 2012 <2598413279794431> ERROR: SSLWrite failed
    Mon Jan 30 22:10:43 2012 <2598413279794431> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
    Mon Jan 30 22:10:43 2012 <2598413279794431> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
    Mon Jan 30 22:10:43 2012 <2598413279794431> Marking 192.168.1.200:7004 as bad
    Mon Jan 30 22:10:43 2012 <2598413279794431> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 794 of ../nsapi/URL.cpp]: at line 3160
    Mon Jan 30 22:10:43 2012 <2598413279794431> INFO: Closing SSL context
    Thanks

    "One of the tests is to lose one of the nodes for the apache plugin redirects the node that has less overhead."
    Note that the plug-in does a round robin load balancing, for example, in the case of three server (1,2,3) it does 1-2-3-1-2-3-1...
    with server 3 going down it does 1-2-1-2-1...
    An example configuration (with SSL off) looks as follows:
    LoadModule weblogic_module   "/home/oracle/weblogic12.1.1/apache/modules/mod_wl.so"
    <IfModule weblogic_module>
         ConnectTimeoutSecs 10
         ConnectRetrySecs 2
         DebugConfigInfo ON
         WLSocketTimeoutSecs 2
         WLIOTimeoutSecs 300
         Idempotent ON
         FileCaching ON
         KeepAliveSecs 20
         KeepAliveEnabled ON
         DynamicServerList ON
         WLProxySSL OFF
    </IfModule>
    <Location /LoadTest6>
         SetHandler weblogic-handler
         WebLogicCluster 172.31.0.175:7002,172.31.0.113:7003
    </Location>Also see the complete example here: http://middlewaremagic.com/weblogic/?p=7795
    "the plugin sometimes redirects to the other active node"
    This is somewhat strange, do you have session binding turned off?
    "and on another occasion shows the oracle management console identity manager without the colors of the basic look and feel."
    This could happen due to mime types (not really sure just a hunch). Here is a general story on this concept: https://developer.mozilla.org/en/Properly_Configuring_Server_MIME_Types
    and the apache module: http://httpd.apache.org/docs/2.2/mod/mod_mime.html

  • How to get the Server Certificate Chain File?

    Hi all,
    I config the SSL for weblogic 6.0 on a Win2k Machine .I followed WebLogic
    documentation:
    Generate a private key file, then submit to Verisign, get the certificate
    file.
    Because I have only one WebLogic server. I clear the "Server Certificate
    Chain File" field.
    But I get error message after reboot WebLogic. Following is the error
    message:
    <2001-1-21 04:57:56 pm> <Alert> <WebLogicServer> <Inconsistent security con
    figuration, java.lang.Exception: Required file server-certchain.pem which is
    spe
    cified by ServerCertificateChainFileName, was not found>
    java.lang.Exception: Required file server-certchain.pem which is specified
    by Se
    rverCertificateChainFileName, was not found
    at
    weblogic.t3.srvr.SSLListenThread.resolvePropertyFromLocalFile(SSLList
    enThread.java:152)
    at
    weblogic.t3.srvr.SSLListenThread.resolvePropertyFromAdminServer(SSLLi
    stenThread.java:180)
    at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:425)
    at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
    at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:939)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
    at weblogic.Server.main(Server.java:35)
    My question is: Should I input the rootCA certificate into the Server
    Certificate Chain File field? If yes, where can I get the rootCA certificate
    file?
    Thanks

    [sorry, deleted irrelevant wrong answer]

  • Problem in installation of free SSL certificate on Weblogic using keytool

    We tried to install SSL certificate on weblogic certificate using Keystore ..but it is giving error in console at startup and server shutdowns automatically...
    Steps followed:-
    1) To generate keystore and private key and digital cerficate:-
    keytool -genkey -alias mykey2 -keyalg RSA -keystore webconkeystore.jks -storepass webconkeystorepassword
    2) To generate CSR
    keytool -certreq -alias mykey2 -file webconcsr1.csr -keyalg RSA -storetype jks -keystore webconkeystore.jks -storepass webconkeystorepassword
    3) CSR is uploaded on verisign site to generate free ssl certificate.All certificate text received is paste into file (cacert.pem)
    4) Same certificate is put into same keystore using following command
    keytool -import -alias mykey2 -keystore webconkeystore.jks -trustcacerts -file cacert.pem
    5) Before step 4), we have also installed root /intermediate certificate to include chain using following command.
    (intermediateCa.cer file is downloaded from verisign site)
    keytool -import -alias intermediateca -keystore webconkeystore.jks -trustcacerts -file intermediateCa.cer
    6) After this configuration we used weblogic admin module to configure Keystore and SSL.
    7) For KeyStore tab in weblogic admin module, we have select option “Custom Identity And Custom Trust” provided following details under Identity and Trust columns:-
    Private key alias: mykey2
    PassKeyphrase: webconkeystorepassword
    Location of keystore: location of webconkeystore.jks file on server
    8) For SSL tab in weblogic admin module, we have select option “KeyStores” for “Identity and Trust locations”.
    Error on console:
    <Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore.jks under alias mykey2 on server AdminServer.>
    <Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090087> <Server failed to bind to the configured Admin port. The port may already be used by another process.>
    <Nov 3, 2009 3:00:17 PM IST> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: Server failed to bind to any usable port. See preceeding log message for details.>
    <Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
    <Nov 3, 2009 3:00:17 PM IST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
    <Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
    If anyone knows the solution ,please help us out.Thanx in advance.
    I was really happy to get reply yesterday from "mv".I was not expecting such instant response.

    Thanx all guys for your interest and support.
    I have solved this issue.
    We have weblogic 9 on unix env.
    Following steps which I followed:
    #generate private key
    keytool -genkey -v -alias uinbrdcsap01_apac_nsroot_net -keyalg RSA -keysize 1024 -dname "CN=linuxbox042, OU=ASIA, O=Citigroup, L=CALC, S=MH, C=IN" -validity 1068 -keypass "webconkeystorepassword" -keystore "cwebconkeystore"
    #generate csr
    keytool -certreq -v -alias uinbrdcsap01_apac_nsroot_net -file linuxbox042.csr -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass webconkeystorepassword
    Then we uploaded this csr on verisigns free ssl certificate to generate and receive certificate text.
    We copied that text file in "ert4nov2009.crt" rt file used below.
    Apart from that , mail which we received from verisign also contains links to download root ca certificate and intermediate ca certificate.We downloaded them.
    roo ca in "root4nov2009.cer" file.
    intermediate ca in "intermediateca4nov2009.cer"
    both these files used in
    #import root certificate
    keytool -import -alias rootca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "root4nov2009.cer"
    #import intermediate ca certificate
    keytool -import -alias intermediateca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "intermediateca4nov2009.cer"
    #install free ssl certifiate
    keytool -import -alias uinbrdcsap01_apac_nsroot_net -file "cert4nov2009.crt" -trustcacerts -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass "webconkeystorepassword"
    #after this admin configuration
    In weblogic admin console module, we did following settings:-
    1. under Configuration tab
    a. Under KeyStore tab
    For keystore , we selected "Custom identity and Custom Trust"
    Under Identity,
    Custom Identity Keystore:location of keystore "webconkeystore" on weblogic server
    Custom Identity Keystore Type: JKS
    Custom Identity Keystore Passphrase:password for keystore mentioend above.In our case, webconkeystorepassword
    Same we copied Under "Trust", as we have not created separate keystore for trust.
    Save setting.
    b. Under SSL tab
    Identity and Trust Locations: select "Keystores"
    Private Key Alias: alias used while creating private keyi.e. in our case "uinbrdcsap01_apac_nsroot_net"
    Save setting.
    c. Under General tab
    Check checkbox "SSL Listen Port Enabled"
    and mention ssl port "SSL Listen Port"
    Save setting.
    After this activate changes.You might see error on admin module.
    Using command prompt, stop the server and again restart and then try to access using https and port ...
    you will definately get output...
    in our case issue might be due to key size..we used 1024 key size ..it solve problem.
    for your further reference plz find link below..it is also helpful.
    http://download.oracle.com/docs/cd/E13222_01/wls/docs81/plugins/nsapi.html#112674

  • Certificates in weblogic

    Hi!
    Is it possible to use self-signed certificates in Weblogic 6.0 ?
    How can my company become a CA, and what's the cost ?
    Thanks in advance.
    Johnny Kee

    Configuring Commercial certificates on weblogic server
    http://weblogictips.wordpress.com/2008/07/27/configuring-commercial-certificates-on-weblogic-server/
    How to debug SSL issues with weblogic server
    http://weblogictips.wordpress.com/2010/05/11/how-to-debug-ssl-issues-with-weblogic-server/
    Steps to create self sign certificates for weblogic server
    http://weblogictips.wordpress.com/2008/07/27/steps-to-create-self-sign-certificates-for-weblogic-server/
    thanks,
    sandeep

  • Certificate to weblogic-user mapping using CertAuthenticator

    In SSL scenario I have a two way aithentication setup and working.
    Now I wanted to use an auto Certificate to weblogic user mapping.
    I tried using the SimpleCertAuthenticator (part of examples), and
    setup the required properties in weblogic.properties.
    SimpleCertAuthenticator is not getting called by the server.
    (I put debug statements in SimpleCertAuthenticator.java which are
    not being reached).
    can somebody who had it successfully running help.
    thank you,
    escher.

    escher,
    When connecting from a browser a similar problem arises which can be solved by a patch to sp6. Soon sp7 will fix it, but at the moment sp7 solves that problem but causes another.
    I'm confident that the same fix will fix calls from a java client, and thus the example, but I haven't checked yet. If it doesn't I'll let you know.
    "escher" <[email protected]> wrote:
    >
    In SSL scenario I have a two way aithentication setup and working.
    Now I wanted to use an auto Certificate to weblogic user mapping.
    I tried using the SimpleCertAuthenticator (part of examples), and
    setup the required properties in weblogic.properties.
    SimpleCertAuthenticator is not getting called by the server.
    (I put debug statements in SimpleCertAuthenticator.java which are
    not being reached).
    can somebody who had it successfully running help.
    thank you,
    escher.

  • What does IO Exception "Server Certificate subjectDN CommonName received does not match Server hostname" mean?

    While trying to establish a SSL Link to a URL Connection, I got an IO
    Exception "Server Certificate subjectDN CommonName received does not match
    Server hostname" on the destConn.getOutputStream().
    What does this mean? And how do I fix it?
    System.setProperty("https.proxyHost", "xxxx");
    System.setProperty("https.proxyPort", "0000");
    System.setProperty("java.protocol.handler.pkgs",
    "com.sun.net.ssl.internal.www.protocol");
    URL destURL = new URL("URLaddress");
    URLConnection destConn = destURL.openConnection();
    ((java.net.HttpURLConnection)destConn).setRequestMethod("POST");
    destConn.setDoInput(true);
    destConn.setDoOutput(true);
    URLin = new PrintWriter( new BufferedWriter(
    new
    OutputStreamWriter(destConn.getOutputStream())));

    Hi,
    I was wondering if there was a solution for this. I am using the certficates and
    keys that came with the installation of 6.1. Do I have to regenerate them in order
    to use them in weblogic. I am getting this same error when I try to run the SSLClient
    class in the examples.security.sslclient.
    Jerry <[email protected]> wrote:
    Hi Terry,
    The server-side certificate has a DN (distinguished name) embedded in it.
    This usually looks like a full hostname -- something like www.mycomputer.com
    When you make the reaquest
    URL destURL = new URL("URLaddress");
    The string for "URLaddress" should match the DN of the certificate on the
    server that you are requesting a connection to. It needs to match because
    there is a compare of the DN in the cert, to the requested host.
    In other words, if you are connecting to www.mycomputer.com, then the server
    running on www.mycomputer.com should have a certificate with the DN
    www.mycomputer.com
    Then, when the match of the certificate DN to the requested host is done,
    it
    will succeed.
    Right now, this match appears to be failing for you.
    Cheers
    Joe Jerry
    Terry Treadwell wrote:
    While trying to establish a SSL Link to a URL Connection, I got an IO
    Exception "Server Certificate subjectDN CommonName received does not match
    Server hostname" on the destConn.getOutputStream().
    What does this mean? And how do I fix it?
    System.setProperty("https.proxyHost", "xxxx");
    System.setProperty("https.proxyPort", "0000");
    System.setProperty("java.protocol.handler.pkgs",
    "com.sun.net.ssl.internal.www.protocol");
    URL destURL = new URL("URLaddress");
    URLConnection destConn = destURL.openConnection();
    ((java.net.HttpURLConnection)destConn).setRequestMethod("POST");
    destConn.setDoInput(true);
    destConn.setDoOutput(true);
    URLin = new PrintWriter( new BufferedWriter(
    new
    OutputStreamWriter(destConn.getOutputStream())));

  • SSL VPN Failed to validate server certificate (cannot access https)

    Hi all,
    I have the next problem.
    I've configured in an UC520 a SSL VPN.
    I can access properly and I can see the labels, but I only can access urls which are http, not https:
    I can access the default ip of the uc520 (192.168.1.10) but
    When I try to get access to a secure url I get the msg: Failed to validate server certificate
    I'm trying to access a Cisco Digital Media Manager, whose url is https://pc.sumkio.local:8080
    Does the certificate of both hardware has to be the same?
    How can I add a https?
    Here is the config of the router:
    webvpn gateway SDM_WEBVPN_GATEWAY_1
    ip address 192.168.1.254 port 443 
    ssl trustpoint TP-self-signed-2977472073
    inservice
    webvpn context SDM_WEBVPN_CONTEXT_1
    secondary-color white
    title-color #CCCC66
    text-color black
    ssl authenticate verify all
    url-list "Intranet"
       heading "Corporate Intranet"
       url-text "DMM Sumkio" url-value "http://pc.sumkio.local:8080"
       url-text "Impresora" url-value "http://192.168.10.100"
       url-text "DMM" url-value "https://pc.sumkio.local:8443"
       url-text "DMM 1" url-value "http://192.168.10.10:8080"
       url-text "UC520" url-value "http://192.168.10.1"
    policy group SDM_WEBVPN_POLICY_1
       url-list "Intranet"
       mask-urls
       svc dns-server primary 192.168.10.250
       svc dns-server secondary 8.8.8.8
    default-group-policy SDM_WEBVPN_POLICY_1
    aaa authentication list sdm_vpn_xauth_ml_1
    gateway SDM_WEBVPN_GATEWAY_1
    max-users 10
    inservice
    Any help would be apreciatted.
    Thank you

    Hi, thanks for your advise.
    I'm trying to copy the certificate via cut and paste, but I'm getting a
    % Error in saving certificate: status = FAIL
    I dont know if I'm doing this right.
    I open the https page from the DMM with Mozilla Firefox, and in options I export the certificate in PEM format.
    I get a file which if I open with notepad is like
    -----BEGIN CERTIFICATE-----
    MIICOzCCAaSgAwIBAgIET7EwyzANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQGEwJV
    KoZIhvcNAQEFBQADgYEAdk7n+tJi0igrTD2o7RD9ty8MLTyHN4uk8km+7DbpEy0g
    mxLY0UZswYvbj15kPdd8QbeGEdDR6SXOYePsfIRJzL0mqMON4oiUhsqAK5y2yC6R
    nqy4wWQ2fGVEYAeLpb1jGKdZWpuag/CO90NMHcMiobfBh+4eTqm7kRPTEyma6V0=
    -----END CERTIFICATE-----
    If I try to authenticate the trustpoint, I get that error.
    how can I export the certificate from the DMM?
    I think that this file is not the right file.
    and then, do I have to make some changes in
    webvpn gateway SDM_WEBVPN_GATEWAY_1?
    Should I choose the new trustpoint?
    I understand that the old trustpoint is for the outside connection, no for the LAN connection.
    Dont worry about me, answer when you can but I really need to fix this.
    Thank you so much

  • AnyConnect 3.1 - removing Security Warning: Untrusted VPN Server Certificate!

    Hi guys,
    Is there a way to disable the warning generated from using self signed certs?
    I would like to make the process as seamless as possible.
    AnyConnect 3.1
    ASA 8.4(2)
    Thanks.

    Hi,
    We had problem with the above error message with our certificate when we moved to AnyConnect 3.1
    We were instructed to request a new one
    Also here is the link to Cisco site we were provided that explains the changes in 3.1
    IPSec and SSL connections require server  certificates to contain Key Usage attributes of Digital Signature and  Key Encipherment, as well as an Enhanced Key Usage attribute of Server  Authentication or IKE Intermediate. Note that IPSec server certificates  not containing a Key Usage are considered invalid for all Key Usages,  and similarly an IPSec server certificate not containing an Enhanced Key  Usage is considered invalid for all Enhanced Key Usages.
    Link to document
    http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html#wp1049936
    Sadly I dont dable with certificates myself so I'm not really familiar with this.
    - Jouni

  • How to add a certificate to IIS global "Server Certificates" list using PowerShell?

    Hi, been surfing the web for an example on how to add a certificate to the "global" IIS "Server Certificates" list using PowerShell but to no luck. I already have code in place on how to tie / associate a specific website with a specific cert but not how
    to add the new .cer file using the "Complete Certificate Request..." wizard using PowerShell.... I dont expect the final code to become published but if someone had an idea on howto integrate / get an entry point on where to interact between the "Server Certificate"
    list in IIS and POSH I would be super happy! :|
    I am runnign IIS on a Windows 2008R2 x64 Standard Edition if that helps..... of course, I would saddle for an CLI if there is no other way, but POSH is of course the way to go! :)
    Thanks for the help in advance guys, take care!
    br4tt3

    Hi and thanks for the suggestions!
    Although it comes close, the suggested code example points on howto import / incorporate .pfx files - I am getting fed by .cer files which I need to add into the IIS console using POSH.
    I tried explore the IIS.CertObj object but was not able to work out if this one could be used for importing / adding .cer files into IIS! However, launching the following command from a POSH console with Import-Module Webadministration already
    loaded into that shell;
    $certMgr = New-Object -ComObject IIS.CertObj returns the following error message:
    New-Object : Cannot load COM type IIS.CertObj
    From an IIS perspective I have the following components installed;
    [X] Web Server (IIS)                                    Web-Server
        [X] Web Server                                      Web-WebServer
            [ ] Common HTTP Features                        Web-Common-Http
                [ ] Static Content                          Web-Static-Content
                [ ] Default Document                        Web-Default-Doc
                [ ] Directory Browsing                      Web-Dir-Browsing
                [ ] HTTP Errors                             Web-Http-Errors
                [ ] HTTP Redirection                        Web-Http-Redirect
                [ ] WebDAV Publishing                       Web-DAV-Publishing
            [X] Application Development                     Web-App-Dev
                [ ] ASP.NET                                
    Web-Asp-Net
                [X] .NET Extensibility                      Web-Net-Ext
                [ ] ASP                                    
    Web-ASP
                [ ] CGI                                    
    Web-CGI
                [ ] ISAPI Extensions                        Web-ISAPI-Ext
                [ ] ISAPI Filters                           Web-ISAPI-Filter
                [ ] Server Side Includes                    Web-Includes
            [ ] Health and Diagnostics                      Web-Health
                [ ] HTTP Logging                            Web-Http-Logging
                [ ] Logging Tools                           Web-Log-Libraries
                [ ] Request Monitor                         Web-Request-Monitor
                [ ] Tracing                                
    Web-Http-Tracing
                [ ] Custom Logging                          Web-Custom-Logging
                [ ] ODBC Logging                            Web-ODBC-Logging
            [X] Security                                   
    Web-Security
                [ ] Basic Authentication                    Web-Basic-Auth
                [ ] Windows Authentication                  Web-Windows-Auth
                [ ] Digest Authentication                   Web-Digest-Auth
                [ ] Client Certificate Mapping Authentic... Web-Client-Auth
                [ ] IIS Client Certificate Mapping Authe... Web-Cert-Auth
                [ ] URL Authorization                       Web-Url-Auth
                [X] Request Filtering                       Web-Filtering
                [ ] IP and Domain Restrictions              Web-IP-Security
            [ ] Performance                                 Web-Performance
                [ ] Static Content Compression              Web-Stat-Compression
                [ ] Dynamic Content Compression             Web-Dyn-Compression
        [X] Management Tools                                Web-Mgmt-Tools
            [X] IIS Management Console                      Web-Mgmt-Console
            [X] IIS Management Scripts and Tools            Web-Scripting-Tools
            [ ] Management Service                          Web-Mgmt-Service
            [ ] IIS 6 Management Compatibility              Web-Mgmt-Compat
                [ ] IIS 6 Metabase Compatibility            Web-Metabase
                [ ] IIS 6 WMI Compatibility                 Web-WMI
                [ ] IIS 6 Scripting Tools                   Web-Lgcy-Scripting
                [ ] IIS 6 Management Console                Web-Lgcy-Mgmt-Console
        [X] FTP Server                                      Web-Ftp-Server
            [X] FTP Service                                 Web-Ftp-Service
            [X] FTP Extensibility                           Web-Ftp-Ext
        [ ] IIS Hostable Web Core                           Web-WHC
    More or less the one thing that I am trying to get up and running is an automated FTPS solution - I just use the IIS console to be able to troubleshoot / compare how things scripted from POSH interacts in the MMC representation. The error I am getting
    might be that I am lacking some IIS components to be in place to be able to automate some parts of the IIS - as suggested by the IIS.CertObj object listed in the example..... I will get back if I can track down which component needs to be added to be
    able to reference the IIS.CertObj object.
    Br4tt3 signing out...
    br4tt3

  • How can I make Firefox trust a Server Certificate by Default?

    I'm trying to distribute Firefox via Empirum. All settings are made using the CCK-Wizard Addon.
    When I import our Certificates in CCK-Wizard, I can make trust-settings for CA's, but not for Server Certificates, and so the SC isn't trusted by default.
    Is there any way to make the trust Settings for SC's in the install package, maybe through an option in about:config (didn't find any, but maybe somebody knows more than google :P )?
    I tried to do it like PRF_1 suggested here https://support.mozilla.org/de/questions/687296#answer-112220 but in the last step I got an Error 1: C compiler cannot create executables.
    Regards,
    Bowser

    Hello,
    '''Try Firefox Safe Mode''' to see if the problem goes away. Safe Mode is a troubleshooting mode, which disables most add-ons.
    ''(If you're not using it, switch to the Default theme.)''
    * On Windows you can open Firefox 4.0+ in Safe Mode by holding the '''Shift''' key when you open the Firefox desktop or Start menu shortcut.
    * On Mac you can open Firefox 4.0+ in Safe Mode by holding the '''option''' key while starting Firefox.
    * On Linux you can open Firefox 4.0+ in Safe Mode by quitting Firefox and then going to your Terminal and running: firefox -safe-mode (you may need to specify the Firefox installation path e.g. /usr/lib/firefox)
    * Or open the Help menu and click on the '''Restart with Add-ons Disabled...''' menu item while Firefox is running.
    [[Image:FirefoxSafeMode|width=520]]
    ''Once you get the pop-up, just select "'Start in Safe Mode"''
    [[Image:Safe Mode Fx 15 - Win]]
    '''''If the issue is not present in Firefox Safe Mode''''', your problem is probably caused by an extension, and you need to figure out which one. Please follow the [[Troubleshooting extensions and themes]] article for that.
    ''To exit the Firefox Safe Mode, just close Firefox and wait a few seconds before opening Firefox for normal use again.''
    ''When you figure out what's causing your issues, please let us know. It might help other users who have the same problem.''
    Thank you.

  • Error: Untrusted Server Certificate

    When i click on Query Interfaces (IPS Manager: Configuration > Settings > Interfaces) i get the following error:
    An error occurred trying to get the interface information. An error occurred while trying to determine the sensor version. Detail = Error occurred while communicating with 172.17.xx.xx: java.security.cert.CertificateException: Untrusted Server Certificate Chain
    Any suggestion?
    Thank you,

        That is a pretty strange message. Have you had a chance to reach out to Windows Live?
    TamaraH_VZW
    Follow us on Twitter @VZWSupport

  • Untrusted Server Certificate Chain error

    I am trying to use a certificate (digital signature) on the client, when accessing a Webservice. This fails with the following error :
    javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Server Certificate Chain
    My code is :
    KeyStore ks = null;
    String strURL = "https://myserver.com/myurl/lookup.asmx";
    SSLSocketFactory sslSocketFactory = null;
    System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
    // Load certificate dynamically
    SSLContext sslContext = SSLContext.getInstance("SSLv3");
    TrustManagerFactory trustMgtFactory = TrustManagerFactory.getInstance("SunX509");
    CertificateFactory cert = CertificateFactory.getInstance("X.509");
    FileInputStream lo_fileinputstream = null;
    lo_fileinputstream = new FileInputStream("c:\\temp\\digital.cer");
    X509Certificate servercacert = (X509Certificate)cert.generateCertificate(lo_fileinputstream);
    lo_fileinputstream.close();
    String s1 = servercacert.getSerialNumber().toString();
    if(ks == null)
    ks = KeyStore.getInstance("JKS");
    ks.load(null, null);
    ks.setCertificateEntry(s1, servercacert);
    trustMgtFactory.init(ks);
    sslContext.init(null, trustMgtFactory.getTrustManagers(), null);
    sslSocketFactory = sslContext.getSocketFactory();
    HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory);
    // Call webservice
    URL cascadeURL = new URL(strURL);
    HttpsURLConnection conn = (HttpsURLConnection) cascadeURL.openConnection();
    String inputline=null;
    if (conn instanceof HttpsURLConnection) {
    conn.connect();
    BufferedReader in = new BufferedReader(
    new InputStreamReader(
    conn.getInputStream()));
    while ((inputline = in.readLine()) != null) {
    System.out.println(inputline);
    in.close();
    Please help - I am on a very tight deadline (as usual).

    Found the problem. I simply needed to add another certificate.

Maybe you are looking for

  • IPlanet 4.1SP9 *hangs* when shutting down

    I just moved our iPlanet 4.1SP9 web servers from a Solaris 2.6 box to a Solaris 2.8 box and now the port 80 (http) server hangs EVERY time I try to stop it. This never happened on Solaris 2.6. I even tried re-installing rather than copying the entire

  • Still cannot purchase item at game inside . What can I do?

    Still cannot purchase . What can I do ? Change credit card also cannot. Or got any contact service can help me?

  • Remove  "  from file

    Hallow Im doing a batch input from file csv (comma dilmeted) In the file I have company that ok and company name with before and after the company name word <b>''</b>    how can I get rid of  from that . just<b> ''</b> before and after the company na

  • OMG! ..what on Earth is going on with Version?

    OMG!!! ...I've never experienced anything like this in my 49 yrs dealing with customer service. I will try and make this as quick and least painful to read. First, I'm a recently returning customer after leaving Verizon for over ten years. My wife wo

  • My Nokia N9 does not work properly with a camera a...

    Hi guys! Some time ago I noticed that when I turn on the camera, a message appears "CAMERA NOT RESPONDING Close application?". Shortly after the camera is turned on. Almost is the same with the maps apllication. The message is "MAPS NOT RESPONDING Cl