Trusted ca keystore
Using WebLogic Portal 7.0 on Solaris 8. I have installed the
Portal Login Framework per the instructions for mutual
authentication. One of the steps says that if using Portal 7.0
to add the trusted ca root certificates to the keystore as
described in http://e-docs.bea.com/wls/docs70/upgrade/upgrade6xto70.html#1041313
under
Creating a Trusted CA Keystore. I followed the instructions
there and added the -Dweblogic.security.SSL.trustedCAKeyStore=/home/bea7/weblogic700/server/lib/cacerts
line to the startup line. However, when I
start the portal it says it is using the JDK keystore to find
trusted CA's. Is there something else I need to configure for
the server to look for trusted CA's someplace other than the
default JDK keystore?
Thanks,
Curt
Hi there,
Actually I'm having the same problem, and I have followed your recommendations, but still no client certificates are sent to the server.
I have recieved a client certificate that works fine in the browser. I have exported this sertificate from Internet Explorer into a X509 (.cer) file and then impoted it into the keystore using keytool. I can even see it by using the following code:
for (Enumeration e = keyStore.aliases() ; e.hasMoreElements() ;) {
String alias = e.nextElement().toString();
System.out.println("CERTIFICATE: " + alias);
System.out.println(ks.getCertificate(alias));
Howerver the server returns 403.7 code (client certificate required). I even tried the following code to see if any client certificates are sent to the server, after establishing the connection using connect() method:
java.security.cert.Certificate[] localCerts = ((HttpsURLConnection)con).getLocalCertificates();
if (localCerts != null)
for (int i=0; i<localCerts.length; i++)
System.out.println("LOCAL CERTIFICATE: " + localCerts.toString());
else
System.out.println("NO LOCAL CERTIFICATES SENT");
And as you guess I always get "no local certificates sent".
By the way, do you have to use -genkey before importing the cerificates into the keystore? It seems that importing generates the keys and there is no need to generate the key explicitly.
Thank you for your help.
Similar Messages
-
How to import Root CA "No trusted certificate found" exception.
I have an application that connects https to a server and POSTs some data. That application works fine with one server but not with another. I get javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found.
Both servers have certificates signed by 2 different CAs. 1 is I think Thawte or Verisign (need confirmation with my admin) and the other I know for sure is Equifax. Of course Equifax is the least popular of the 2 and is not found in the cacerts keystore...
Now I downloaded the Equifax root certificate and installed in the default keystore by typing keytool -import -alias blabla -file c:\bla.cer and it imported correctly. I reran my app and I still got the same exception...
So I figure that the root cert for Equifax must be imported within the cacerts file in jre/lib/cacerts am I correct? Whats the default password for that keystore?
ThanksHave you tried to import the certificate in the cacerts keystore file?
This file can be found in the <jdkDirectory>/jre/lib/security/ directory. It is the default trustStore used by Java.
I remember that trusted certificate keystore location can be set using the javax.net.ssl.trustStore property. Have you set it to point to your keystore file?
You can found explanations there:
http://www.onjava.com/pub/a/onjava/2001/05/03/java_security.html#certificates
Hope this helps. -
Setting up SSL for Weblogic Server10.3.1
I have read the doc http://download.oracle.com/docs/cd/E15523_01/web.1111/e13707/ssl.htm#i1194343 for Setting up SSL:
1) Obtain Certs and keys: Public Certificates and Private Keys
2) Store the private keys, digital certificates, and trusted CA certificates. Private keys and trusted CA certificates are stored in a keystore.
3) Configure the identity and trust keystores in the Admin console.
4) Set SSL configuration option for private key alias and password in Admin console.
step 1)
for the developement I'd use the demo certs offered by WLS install. I have found 4 certs in WLS_HOME\server\lib
and they are CertGenCAKey, CertGenCA, demo and trusted.
which are the Public Certificates? and the Private Keys? which ones should we use? Can we use them without any modifications ?
Or we should use CertGen to create the certs and keys?
TIA
Z
Edited by: user12220476 on May 12, 2010 4:34 PM2) Store the private keys, digital certificates, and trusted CA certificates. Private keys and trusted CA certificates are stored in a keystore.
3) Configure the identity and trust keystores in the Admin console.
4) Set SSL configuration option for private key alias and password in Admin console.
I have used CertGen created the following key and cert files
natcert.der, natcert.pem, natkey.der and natkey.pem
For creating the keystore from the private key, I use utils.ImportPrivateKey
steps (http://download.oracle.com/docs/cd/E15523_01/web.1111/e13749/utils.htm#ADMRF151)
Convert the certificate from DER format to PEM format.
$ java utils.der2pem CertGenCA.der
Concatenate the certificate and the Certificate Authority (CA).
$ cat natcert.pem CertGenCA.pem >> newnatcerts.pem
Create a new keystore named natkeystore and load the private key located in the natkey.pem file.
$ java utils.ImportPrivateKey -certfile newnatcerts.pem -keyfile natkey.pem -keyfilepass natkey123 -keystore natkeystore.jks -storepass nat123 -alias natalias
Using Admin console to configure SSL
configuration > general > enable ssl port 7002
configuration > keytores > Custom Identity and Java Standard Trust
--- Identity -----------------
Custom Identity Keystore: $WLS_HOME/server/lib/natkeystore.jks
Custom Identity Keystore Type: jks
Custom Identity Keystore Passphrass: nat123
---Trust -----------------------
Java Standard Trust keystore: JDK_HOME/jre/lib/security/cacerts
Java Standard Trust keystore Type: jks
Java Standard Trust keystore PassPhrass: changeit
configuration > SSL
Identity and Trust Locations : Keystores
---- Identity ----------------------
Private key location: from custom identity keystores
Private key alias: natalias
Private key Passphrass: nat123
Certificate Location: from custom identity keystore
---- Trust -------------------------
Trust Certificate Authorities : from Java Standard Trust Keystores
I restarted the WLS and fail to access the SSL port.
Found following error mssages in the Admin server log:
<BEA-090716> <Failed to retrieve identity key/certificate from keystore \...\wlserver_10.3\server\lib\natkeystore.jks under alias natalias on server AdminServer>
<BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: Failed to retrieve identity key/certificate from keystore \..\wlserver_10.3\server\lib\natkeystore.jks under alias natalias on server AdminServer>
<BEA-090034> <Not listening for SSL, java.io.IOException: Failed to retrieve identity key/certificate from keystore \..\wlserver_10.3\server\lib\natkeystore.jks under alias natalias on server AdminServer.>
<BEA-090171> <Loading the identity certificate and private key stored under the alias natalias from the jks keystore file \..\wlserver_10.3\server\lib\natkeystore.jks.>
By the way, it works if configured the keystores with the weblogic's demo identity and trusted.
Edited by: user12220476 on May 18, 2010 12:38 AM -
Please read my problem when I configure Weblogic https
I want to use https protocol and SSL for my web application in Weblogic
I have a problem but I am not sure it's related to configuring Weblogic or not please if you can advice me
I use "openssl" to be my own Certificate Authority (CA)
I used this instructions for using openssl [http://www.g-loaded.eu/2005/11/10/be-your-own-ca/]
after configuring openssl I used these steps for creating my keystore
1. First I use this keytool for creating my private key and public key
keytool -genkeypair -keyalg rsa -keystore ali_keytool.jks -storepass ali120 -alias ali_alias
What is your first and last name?
[Unknown]: AliKhosravi
What is the name of your organizational unit?
[Unknown]: Boors
What is the name of your organization?
[Unknown]: software
What is the name of your City or Locality?
[Unknown]: Tehranali_keytool.jks
What is the name of your State or Province?
[Unknown]: Tehran_Province
What is the two-letter country code for this unit?
[Unknown]: IR
Is CN=AliKhosravi, OU=Boors, O=software, L=Tehran, ST=Tehran_Province, C=IR correct?
[no]: y
2. I create my CSR by this command
keytool -certreq -alias ali_alias -keystore ali_keytool.jks -storepass ali120 -file ali_keytool.csr
3. I sign the ali_keytool.csr by openssl . I do it like this :
openssl x509 -req -in ali_keytool.csr -CA certs/myca.crt -CAkey private/myca.key -out ali_keytool.crt -days 365 -CAcreateserial -CAserial my_ca.seq
4.Now my I have a signed certificate (ali_keytool.crt) and my CA certificate (myca.crt)
and I import CA certificate to my keystore
keytool -import -alias Openssl_ca -file myca.crt -keystore ali_keytool.jks -storepass ali120
5. I import the signed certificate into my keystore by alias of private key
keytool -import -alias ali_alias -file ali_keytool.crt -keystore ali_keytool.jks -storepass ali120
6. I import the CA certificate again into a new keystore for creating Trust
keytool -import -alias my_ca -file myca.crt -keystore ali_keytool_trust.jks -storepass ali120
All steps done without any errors
I used this address for help [http://www.startux.de/java/44-dealing-with-java-keystores]
Now I want to configure kestores ans ssl in Weblogic
7. I go to the Environment-->Servers-->AdminServer-->Keystore tab in wblogic
8. I set "Keystores=Custom Identity and Custom Trust", "Custom Identity Keystore = H:\trust\ali_keytool.jks" , "Custom Identity Keystore Type=jks" ,
"Custom Identity Keystore Passphrase:ali120"
"Confirm Custom Identity Keystore Passphrase=ali120"
"Custom Trust Keystore=H:\trust\ali_keytool_trust.jks" , "Custom Trust Keystore Type=jks" ,
"Custom Trust Keystore Passphrase=ali120" , "Confirm Custom Trust Keystore Passphrase=ali120"
9. Then I go to SSL tab and I set "Identity and Trust Locations=Keystores" , "Private Key Alias=ali_alias" ,"Private Key Passphrase=ali120",
"Confirm Private Key Passphrase=ali120"
10. I go to the General tab and select "SSL Listen Port Enabled"
11. I user Firefox as WebBrowser so I configure my Browser I select Tools-->Options-->ViewCertificates --> Authorities tab
and I import the server certificate here is "myca.crt the openssl certificate"
in Downloading Certificate window I select
"Trust this CA to identify web sites"
"Trust this CA to identify email users"
"Trust this CA to identify software developers"
12. I restart Weblogic
13. I try to loging in weblogic like this "https://127.0.0.1:7002/console"
The webBroser show me this warning:
This Connection is Untrusted
You have asked Firefox to connect
securely to 127.0.0.1:7002, but we can't confirm that your connection is secure.
Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right place. However, this site's identity can't be verified.
What Should I Do?
If you usually connect to
this site without problems, this error could mean that someone is
trying to impersonate the site, and you shouldn't continue.
Technical Details
I Understand the Risks
I don't know why the WebBrowser show me this warning while I imported the Server Certificate
I don't know that my problem is in configuring WebLogic or FireFox WebBrowser or Keystore
If you know please advice me
ThanksModerator Action:
You already aked this question a couple of weeks earlier:
My problem when I enable SSL in Weblogic and I don't have a trusted CA cert
This is a user-to-user forum.
There is no obligation that anyone respond. They will answer if they choose to.
If there is a business need for a resolution, use your service contract privileges and open a support ticket with Oracle Support.
http://www.oracle.com/us/support/contact-068555.html
This duplicate forum post is locked. -
Invoking Webservice over HTTPS
Hi all,
I'm using Weblogic 9.2 with default configuration of Keystore & SSL. The webservice client is generated using 'Clientgen' Ant task, I can invoke the webservice using http without problem, but when using https it's always rejected, basically I'm not sure what system properties to put for the client, here's my last desperate attempt:
System.setProperty("weblogic.webservice.verbose", "true");
System.setProperty("java.protocol.handler.pkgs", "weblogic.net");
System.setProperty("weblogic.security.SSL.trustedCAKeyStore", "config/DemoIdentity.jks");
System.setProperty("weblogic.security.SSL.ignoreHostnameVerification", "true");
System.setProperty("weblogic.security.SSL.TrustKeyStore", "DemoTrust");
System.setProperty("weblogic.webservice.client.ssl.strictcertchecking", "false");
System.setProperty("ssl.debug", "true");
PaymentGateway service = new PaymentGateway_Impl();
PaymentGatewayPort port = service.getPaymentGatewayPort();
Stub.class.cast(port)._setProperty(Stub.ENDPOINT_ADDRESS_PROPERTY, "https://192.168.56.3:7002/ws/PaymentGateway?WSDL");
Stub.class.cast(port)._setProperty(Stub.USERNAME_PROPERTY, "weblogic");
Stub.class.cast(port)._setProperty(Stub.PASSWORD_PROPERTY, "weblogic");
ISODocument isoDoc = new ISODocument();
isoDoc.setMti(new Integer(200));
port.balanceInquery(isoDoc);And here's the exception thrown in client:
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: SSL license found
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Not in server, Certicom SSL license found
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Ignoring not supported JCE Mac: SunJCE version 1.5 for algorithm HmacSHA1
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Will use default Mac for algorithm HmacSHA1
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Ignoring not supported JCE Mac: SunJCE version 1.5 for algorithm HmacMD5
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Will use default Mac for algorithm HmacMD5
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Ignoring not supported JCE KeyAgreement: SunJCE version 1.5 for algorithm DiffieHellman
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Will use default KeyAgreement for algorithm DiffieHellman
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Will use default KeyAgreement for algorithm ECDH
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Using JCE Cipher: SunJCE version 1.5 for algorithm DESede/CBC/NoPadding
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Using JCE Cipher: SunJCE version 1.5 for algorithm DES/CBC/NoPadding
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Using JCE Cipher: SunJCE version 1.5 for algorithm AES/CBC/NoPadding
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Using JCE Cipher: SunJCE version 1.5 for algorithm RC4
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Using JCE Cipher: SunJCE version 1.5 for algorithm RSA
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Using JCE Cipher: SunJCE version 1.5 for algorithm RSA/ECB/NoPadding
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: SSL Session TTL :90000
<!-------------------- REQUEST FROM CLIENT ---------------->
URL : https://192.168.56.3:7002/ws/PaymentGateway?WSDL
Headers :
Authorization: [Basic d2VibG9naWM6d2VibG9naWM=]
SOAPAction: [""]
Content-Type: [text/xml]
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><env:Header></env:Header><env:Body env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><m:balanceInquery xmlns:m="http://www.telkomsel.com/PaymentGateway"><iSODocument xmlns:n1="java:com.visitek.pgi.models" xsi:type="n1:ISODocument"><amount xsi:nil="true"></amount><audit_number href="#ID_2"></audit_number><bank_code xsi:type="xsd:string">000151</bank_code><currency_code href="#ID_2"></currency_code><data href="#ID_2"></data><encrypted_pin href="#ID_2"></encrypted_pin><expiration_date href="#ID_2"></expiration_date><institution_code href="#ID_2"></institution_code><institution_data xsi:type="xsd:string">62812006002616</institution_data><local_tracking_id xsi:type="xsd:string">080722163229082127.0.0.1:9595</local_tracking_id><mti xsi:type="xsd:int">200</mti><network_information_code xsi:type="xsd:short">0</network_information_code><original_data_element href="#ID_2"></original_data_element><pan_null_true xsi:type="xsd:string">yes</pan_null_true><pos_entry href="#ID_2"></pos_entry><primary_acc_number xsi:nil="true"></primary_acc_number><response_code href="#ID_2"></response_code><response_terminal_number href="#ID_2"></response_terminal_number><service_code xsi:type="xsd:int">6016</service_code><settlement_date href="#ID_2"></settlement_date><terminal_number href="#ID_2"></terminal_number><transaction_code xsi:type="xsd:int">380000</transaction_code><transaction_data href="#ID_2"></transaction_data><transaction_date href="#ID_2"></transaction_date><transaction_sequence href="#ID_2"></transaction_sequence><transaction_time href="#ID_2"></transaction_time><transaction_timestamp href="#ID_2"></transaction_timestamp></iSODocument></m:balanceInquery><xsd:string xsi:type="xsd:string" id="ID_2"></xsd:string></env:Body></env:Envelope>
<!-------------------- END REQUEST FROM CLIENT ------------>
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Trusted CA keystore: config/DemoIdentity.jks
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Filtering JSSE SSLSocket
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: SSLIOContextTable.addContext(ctx): 24864323
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: SSLSocket will NOT be Muxing
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: write SSL_20_RECORD
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: isMuxerActivated: false
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: 25567987 SSL3/TLS MAC
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: 25567987 received HANDSHAKE
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: HANDSHAKEMESSAGE: ServerHello
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: isMuxerActivated: false
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: 25567987 SSL3/TLS MAC
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: 25567987 received HANDSHAKE
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: HANDSHAKEMESSAGE: Certificate
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Cannot complete the certificate chain: No trusted cert found
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Validating certificate 0 in the chain: Serial number: -151503846264256045339669576782538934945
Issuer:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=CertGenCAB
Subject:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=paymentd
Not Valid Before:Wed Mar 12 15:39:27 GMT+07:00 2008
Not Valid After:Mon Mar 13 15:39:27 GMT+07:00 2023
Signature Algorithm:MD5withRSA
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: validationCallback: validateErr = 16
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: cert[0] = Serial number: -151503846264256045339669576782538934945
Issuer:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=CertGenCAB
Subject:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=paymentd
Not Valid Before:Wed Mar 12 15:39:27 GMT+07:00 2008
Not Valid After:Mon Mar 13 15:39:27 GMT+07:00 2023
Signature Algorithm:MD5withRSA
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Warning> <Security> <BEA-090542> <Certificate chain received from 192.168.56.3 - 192.168.56.3 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <Validation error = 16>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <Certificate chain is untrusted>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <SSLTrustValidator returns: 16>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:153)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:367)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.net.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:705)
at java.net.URLConnection.getContentType(URLConnection.java:479)
at weblogic.webservice.binding.http11.Http11ClientBinding.receive(Http11ClientBinding.java:230)
at weblogic.webservice.core.handler.ClientHandler.handleResponse(ClientHandler.java:64)
at weblogic.webservice.core.HandlerChainImpl.handleResponse(HandlerChainImpl.java:238)
at weblogic.webservice.core.ClientDispatcher.receive(ClientDispatcher.java:246)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:147)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:473)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:459)
at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:306)
at com.visitek.pgi.client.PaymentGatewayPort_Stub.balanceInquery(PaymentGatewayPort_Stub.java:48)
at com.visitek.test.pg.TestPGWebservice.testWebserviceSSLInvocation(TestPGWebservice.java:70)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at junit.framework.TestCase.runTest(TestCase.java:164)
at junit.framework.TestCase.runBare(TestCase.java:130)
at junit.framework.TestResult$1.protect(TestResult.java:106)
at junit.framework.TestResult.runProtected(TestResult.java:124)
at junit.framework.TestResult.run(TestResult.java:109)
at junit.framework.TestCase.run(TestCase.java:120)
at junit.framework.TestSuite.runTest(TestSuite.java:230)
at junit.framework.TestSuite.run(TestSuite.java:225)
at org.eclipse.jdt.internal.junit.runner.junit3.JUnit3TestReference.run(JUnit3TestReference.java:130)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <write ALERT, offset = 0, length = 2>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <close(): 19097823>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <19097823 read(offset=0, length=8192)>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <19097823 read returns -1>
<!-------------------- RESPONSE TO CLIENT --------------->
URL : https://192.168.56.3:7002/ws/PaymentGateway?WSDL
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <19097823 read(offset=0, length=8192)>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <19097823 read returns -1>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <19097823 read(offset=0, length=8192)>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <19097823 read returns -1>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Info> <WebService> <BEA-220025> <Handler weblogic.webservice.core.handler.ClientHandler threw an exception from its handleResponse method. The exception was:
javax.xml.rpc.JAXRPCException: java.io.EOFException: Response contained no data.> I'm a total stranger to this HTTPS & SSL thing & I've googled around only to find partial answers. My plan is to use custom identity, but firstly I want to make sure that using the default works.
Any help would be greatly appreciated.
Regards,
SetyaWhy does it throw SSLKeyException: SSL handshake failure? I have printed the contents of DemoIdentity.jks and DemoTrust.jks files.Can you please find out what I need to do for it?
I added the following code ,but it did not help me to resolve this issue.
private static void callSSLService() {
System.setProperty("weblogic.webservice.verbose", "false");
System.setProperty("ssl.debug", "false");
// System.setProperty("weblogic.security.SSL.trustedCAKeyStore", "C:/bea/weblogic81/server/lib/DemoIdentity.jks");
System.setProperty("weblogic.security.SSL.trustedCAKeyStore", "C:/bea/weblogic81/server/lib/DemoTrust.jks");
System.setProperty("weblogic.security.SSL.ignoreHostnameVerification", "true");
System.setProperty("weblogic.webservice.client.ssl.strictcertchecking", "false");
SOAP Fault:javax.xml.rpc.soap.SOAPFaultException:
Exception during processing: javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from servicemngr-ccc.tsl.xxxx.com - 142.xxx.xxx.xx was not trusted causing SSL handshake failure. (see Fault Detail for stacktrace)
Detail:
<detail><bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from servicemngr- com - 142.xxx.xxx.xx was not trusted causing SSL handshake failure.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:122)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:322)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:29)
at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:832)
at weblogic.webservice.binding.http11.Http11ClientBinding.receive(Http11ClientBinding.java:238)
at weblogic.webservice.core.handler.ClientHandler.handleResponse(ClientHandler.java:63)
at weblogic.webservice.core.HandlerChainImpl.handleResponse(HandlerChainImpl.java:237)
at weblogic.webservice.core.ClientDispatcher.receive(ClientDispatcher.java:243)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:144)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:471)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:303)
keytool -list -v -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase
keytool -list -v -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase
I executed keytool -list -v -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase, I got the following
C:\bea\weblogic81\server\lib>keytool -list -v -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: demoidentity
Creation date: 21-Jan-2011
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=L020658, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Serial number: -657037958f4825551ebcae3bc2a3349c
Valid from: Thu Jan 20 09:56:28 PST 2011 until: Wed Jan 21 09:56:28 PST 2026
Certificate fingerprints:
MD5: 89:30:08:A6:5F:4F:05:83:D2:1D:B4:B3:EB:B3:CF:F2
SHA1: 1D:E1:1F:93:30:64:CD:DC:C4:60:78:12:23:55:25:FF:FD:19:6A:2B
I executed keytool -list -v -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase, I got the following
C:\bea\weblogic81\server\lib>keytool -list -v -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase
Keystore type: jks
Keystore provider: SUN
Your keystore contains 4 entries
Alias name: certgenca
Creation date: 22-Mar-2002
Entry type: trustedCertEntry
Owner: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Issuer: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Serial number: 33f10648fcde0deb4199921fd64537f4
Valid from: Thu Mar 21 12:12:27 PST 2002 until: Tue Mar 22 13:12:27 PDT 2022
Certificate fingerprints:
MD5: 8E:AB:55:50:A4:BC:06:F3:FE:C6:A9:72:1F:4F:D3:89
SHA1: E2:CB:88:9D:C5:09:F9:0A:AA:0D:3C:F6:75:7B:5F:1D:2B:A1:F7:F0
Alias name: wlsdemocanew2
Creation date: 24-Jan-2003
Entry type: trustedCertEntry
Owner: [email protected], CN=Demo Certificate Authority Constraints, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California,
C=US
Issuer: [email protected], CN=Demo Certificate Authority Constraints, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California
, C=US
Serial number: 0
Valid from: Fri Nov 01 12:02:22 PST 2002 until: Mon Oct 16 13:02:22 PDT 2006
Certificate fingerprints:
MD5: 5B:10:D5:3C:C8:53:ED:75:43:58:BF:D5:E5:96:1A:CF
SHA1: 4E:FB:1D:2F:58:EA:D4:0C:FC:2A:86:91:2D:43:4F:C1:79:D0:A6:4E
Alias name: wlsdemocanew1
Creation date: 24-Jan-2003
Entry type: trustedCertEntry
Owner: [email protected], CN=Demo Certificate Authority Constraints, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California
, C=US
Issuer: [email protected], CN=Demo Certificate Authority Constraints, OU=Security, O=BEA WebLogic, L=San Francisco, ST=Californi
a, C=US
Serial number: 0
Valid from: Fri Nov 01 12:02:11 PST 2002 until: Mon Oct 16 13:02:11 PDT 2006
Certificate fingerprints:
MD5: A1:17:A1:73:9B:70:21:B9:72:85:4D:83:01:69:C8:37
SHA1: 84:13:A2:63:D6:74:75:3B:25:15:6F:62:8C:18:79:87:62:5B:9A:0C
Alias name: wlscertgencab
Creation date: 24-Jan-2003
Entry type: trustedCertEntry
Owner: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Serial number: 234b5559d1fa0f3ff5c82bdfed032a87
Valid from: Thu Oct 24 08:54:45 PDT 2002 until: Tue Oct 25 08:54:45 PDT 2022
Certificate fingerprints:
MD5: A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
SHA1: F8:5D:49:A4:12:54:78:C7:BA:42:A7:14:3E:06:F5:1E:A0:D4:C6:59
******************************************* -
Bridge JMS on SSL Mutual authenticathed Servers
Hi all,
I'm facing a problem on bridging JMS message with WLS bridge on SSL Mutual authenticathed Servers
I configured two WLS (8.1 SP6), say "ALICE" and "BOB", with SSL listen port and I enabled "Two Way Client Cert Behavior" with "Client Certs Requested and Enforced" for both servers.
I configured a WLS bridge on ALICE with source destination on ALICE itself and target destination on BOB.
When I start this bridge it cannot connect to BOB. I enabled SSL debug and I found that ALICE didn't send CLIENT certificate to BOB.
Here is BOB's log:
<22-mag-2008 14.56.10 CEST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<22-mag-2008 14.56.10 CEST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 32975481>
<22-mag-2008 14.56.10 CEST> <Debug> <TLS> <000000> <SSLSocket will be Muxing>
<22-mag-2008 14.56.10 CEST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<22-mag-2008 14.56.10 CEST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<22-mag-2008 14.56.10 CEST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <7192496 SSL Version 2 with no padding>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <21231495 SSL3/TLS MAC>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <21231495 received SSL_20_RECORD>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ClientHelloV2>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 58>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 566>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 260>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 4>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<22-mag-2008 14.56.12 CEST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <21231495 SSL3/TLS MAC>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <21231495 received HANDSHAKE>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <validationCallback: validateErr = 0>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <Required peer certificates not supplied by peer>
<22-mag-2008 14.56.13 CEST> <Warning> <Security> <BEA-090508> <Certificate chain received from localhost - 127.0.0.1 was incomplete.>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <Validation error = 4>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <Certificate chain is incomplete>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <User defined JSSE trustmanagers not allowed to override>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <SSLTrustValidator returns: 68>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <Trust failure (68): CERT_CHAIN_INCOMPLETE>
<22-mag-2008 14.56.13 CEST> <Debug> <TLS> <000000> <NEW ALERT with Severity: FATAL, Type: 40
and here is ALICE's log:
<22-mag-2008 15.28.01 CEST> <Warning> <Connector> <BEA-190032> << Weblogic Messaging Bridge Adapter (XA)_eis/jms/WLSConnectionFactoryJNDIXA > ResourceAllocationException of javax.resource.ResourceException: ConnectionFactory: failed to get
initial context (InitialContextFactory =weblogic.jndi.WLInitialContextFactory, url = t3s://localhost:7002, user name = jmsbob) on createManagedConnection.>
<22-mag-2008 15.28.01 CEST> <Info> <MessagingBridge> <BEA-200043> <Bridge "AliceToBobMessagingBridge" failed to connect to the target destination and will try again in 25 seconds. (java.lang.Exception: javax.resource.ResourceException: Conn
ectionFactory: failed to get initial context (InitialContextFactory =weblogic.jndi.WLInitialContextFactory, url = t3s://localhost:7002, user name = jmsbob)
at weblogic.jms.adapter.JMSBaseConnection.throwResourceException(JMSBaseConnection.java:1386)
at weblogic.jms.adapter.JMSBaseConnection.throwResourceException(JMSBaseConnection.java:1366)
at weblogic.jms.adapter.JMSBaseConnection.startInternal(JMSBaseConnection.java:345)
at weblogic.jms.adapter.JMSBaseConnection.start(JMSBaseConnection.java:219)
at weblogic.jms.adapter.JMSManagedConnectionFactory.createManagedConnection(JMSManagedConnectionFactory.java:188)
at weblogic.connector.common.internal.ConnectionFactory.createResource(ConnectionFactory.java:127)
at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1193)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:345)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:286)
at weblogic.connector.common.internal.ConnectionPool.reserveResource(ConnectionPool.java:567)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:280)
at weblogic.connector.common.internal.ConnectionPoolManager.getConnection(ConnectionPoolManager.java:650)
at weblogic.connector.common.internal.ConnectionManagerImpl.allocateConnection(ConnectionManagerImpl.java:106)
at weblogic.jms.adapter.JMSBaseConnectionFactory.getTargetConnection(JMSBaseConnectionFactory.java:120)
at weblogic.jms.bridge.internal.MessagingBridge.getConnections(MessagingBridge.java:809)
at weblogic.jms.bridge.internal.MessagingBridge.execute(MessagingBridge.java:991)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)
-------------- Linked Exception ------------
javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://localhost:7002: Destination unreachable; nested exception is:
javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE alert received from localhost - 127.0.0.1. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted C
As, and hostname verification settings.; No available router to destination]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:47)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:651)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:320)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:253)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:135)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at weblogic.jms.adapter.JMSBaseConnection.getInitialContext(JMSBaseConnection.java:1967)
at weblogic.jms.adapter.JMSBaseConnection.startInternal(JMSBaseConnection.java:233)
at weblogic.jms.adapter.JMSBaseConnection.start(JMSBaseConnection.java:219)
at weblogic.jms.adapter.JMSManagedConnectionFactory.createManagedConnection(JMSManagedConnectionFactory.java:188)
at weblogic.connector.common.internal.ConnectionFactory.createResource(ConnectionFactory.java:127)
at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1193)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:345)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:286)
at weblogic.connector.common.internal.ConnectionPool.reserveResource(ConnectionPool.java:567)
at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:280)
at weblogic.connector.common.internal.ConnectionPoolManager.getConnection(ConnectionPoolManager.java:650)
at weblogic.connector.common.internal.ConnectionManagerImpl.allocateConnection(ConnectionManagerImpl.java:106)
at weblogic.jms.adapter.JMSBaseConnectionFactory.getTargetConnection(JMSBaseConnectionFactory.java:120)
at weblogic.jms.bridge.internal.MessagingBridge.getConnections(MessagingBridge.java:809)
at weblogic.jms.bridge.internal.MessagingBridge.execute(MessagingBridge.java:991)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)
Caused by: java.net.ConnectException: t3s://localhost:7002: Destination unreachable; nested exception is:
javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE alert received from localhost - 127.0.0.1. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted C
As, and hostname verification settings.; No available router to destination
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:200)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:310)
... 23 more
)>
<22-mag-2008 15.28.09 CEST> <Info> <MessagingBridge> <BEA-200036> <The Started attribute of Bridge "AliceToBobMessagingBridge" has been changed from "true" to "false".>
What I need to do to avoid this problem?
Nathan65I checked my configuration. ALICE's keystores are
IDENTITY
Tipo keystore: jks
Provider keystore: SUN
Il keystore contiene 2 entry
Nome alias: certgenca
Data di creazione: 21-mag-2008
Tipo entry: trustedCertEntry
Proprietario: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Numero di serie: 234b5559d1fa0f3ff5c82bdfed032a87
Valido da Thu Oct 24 17:54:45 CEST 2002 a Tue Oct 25 17:54:45 CEST 2022
Impronte digitali certificato:
MD5: A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
SHA1: F8:5D:49:A4:12:54:78:C7:BA:42:A7:14:3E:06:F5:1E:A0:D4:C6:59
Nome alias: alicecert
Data di creazione: 21-mag-2008
Tipo entry: keyEntry
Lunghezza catena certificati: 1
Certificato[1]:
Proprietario: [email protected], OU=CompetenceCenter, O=ValueTeam, L=Rome, ST=IT, C=IT
Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Numero di serie: -1dbb65eaa595141fa1e44ba5856d65e4
Valido da Tue May 20 09:39:25 CEST 2008 a Sun May 21 09:39:25 CEST 2023
Impronte digitali certificato:
MD5: BA:01:C2:E3:CC:92:C4:99:F7:8C:28:FF:C1:16:88:D9
SHA1: C0:D8:E8:B6:C2:62:03:90:3F:23:3C:FA:A8:C8:0A:00:FA:96:5A:4E
TRUST
Tipo keystore: jks
Provider keystore: SUN
Il keystore contiene 1 entry
Nome alias: certgenca
Data di creazione: 21-mag-2008
Tipo entry: trustedCertEntry
Proprietario: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Numero di serie: 234b5559d1fa0f3ff5c82bdfed032a87
Valido da Thu Oct 24 17:54:45 CEST 2002 a Tue Oct 25 17:54:45 CEST 2022
Impronte digitali certificato:
MD5: A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
SHA1: F8:5D:49:A4:12:54:78:C7:BA:42:A7:14:3E:06:F5:1E:A0:D4:C6:59
BOB's keystores are:
IDENTITY
Tipo keystore: jks
Provider keystore: SUN
Il keystore contiene 2 entry
Nome alias: certgenca
Data di creazione: 21-mag-2008
Tipo entry: trustedCertEntry
Proprietario: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Numero di serie: 234b5559d1fa0f3ff5c82bdfed032a87
Valido da Thu Oct 24 17:54:45 CEST 2002 a Tue Oct 25 17:54:45 CEST 2022
Impronte digitali certificato:
MD5: A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
SHA1: F8:5D:49:A4:12:54:78:C7:BA:42:A7:14:3E:06:F5:1E:A0:D4:C6:59
Nome alias: bobcert
Data di creazione: 21-mag-2008
Tipo entry: keyEntry
Lunghezza catena certificati: 1
Certificato[1]:
Proprietario: [email protected], OU=CompetenceCenter, O=ValueTeam, L=Rome, ST=IT, C=IT
Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Numero di serie: 26ccb8983c1cd0dc2eb6b0c7019eddb2
Valido da Tue May 20 09:53:38 CEST 2008 a Sun May 21 09:53:38 CEST 2023
Impronte digitali certificato:
MD5: 6C:B3:9D:02:6E:CD:F4:04:C2:76:F2:92:97:39:66:7E
SHA1: D1:07:5A:64:79:2F:FE:35:4D:D4:FD:7E:42:FC:D3:9C:68:6B:EE:B8
TRUST (same as ALICE's TRUST)
Tipo keystore: jks
Provider keystore: SUN
Il keystore contiene 1 entry
Nome alias: certgenca
Data di creazione: 21-mag-2008
Tipo entry: trustedCertEntry
Proprietario: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Numero di serie: 234b5559d1fa0f3ff5c82bdfed032a87
Valido da Thu Oct 24 17:54:45 CEST 2002 a Tue Oct 25 17:54:45 CEST 2022
Impronte digitali certificato:
MD5: A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
SHA1: F8:5D:49:A4:12:54:78:C7:BA:42:A7:14:3E:06:F5:1E:A0:D4:C6:59
Here is a FRAGMENT of ALICE's "config.xml" (I use custom identity and custom trust)
<Server
CustomIdentityKeyStoreFileName="C:\bea\wlp81sp6\user_projects\domains\ALICE\CERTIFICATI\alice.jks"
CustomIdentityKeyStorePassPhraseEncrypted="{3DES}/q7+XXkrvz0zncx18PjDug=="
CustomIdentityKeyStoreType="JKS"
CustomTrustKeyStoreFileName="C:\bea\wlp81sp6\user_projects\domains\ALICE\CERTIFICATI\certgenca.jks"
CustomTrustKeyStorePassPhraseEncrypted="{3DES}/q7+XXkrvz0zncx18PjDug=="
CustomTrustKeyStoreType="JKS" ExpectedToRun="false"
JavaStandardTrustKeyStorePassPhraseEncrypted="{3DES}CVtHlHaDky1XKC1QZVz2Kw=="
KeyStores="CustomIdentityAndCustomTrust" ListenAddress=""
ListenPort="7011" Name="alice" NativeIOEnabled="true"
ReliableDeliveryPolicy="RMDefaultPolicy" ServerVersion="8.1.6.0"
StdoutDebugEnabled="true" StdoutSeverityLevel="64">
<SSL ClientCertificateEnforced="true" Enabled="true"
HostnameVerificationIgnored="true"
IdentityAndTrustLocations="KeyStores" ListenPort="7012"
Name="alice" ServerPrivateKeyAlias="alicecert"
ServerPrivateKeyPassPhraseEncrypted="{3DES}/q7+XXkrvz0zncx18PjDug==" TwoWaySSLEnabled="true"/>
<Log FileCount="2" FileMinSize="5000" Name="alice" NumberOfFilesLimited="true"/>
</Server>
and also here is a fragment of BOB's "config.xml" (same of ALICE's keystores configuration)
<Server
CustomIdentityKeyStoreFileName="C:\bea\wlp81sp6\user_projects\domains\BOB\CERTIFICATI\bob.jks"
CustomIdentityKeyStorePassPhraseEncrypted="{3DES}PJMoAH+j5jeVWzQfY8Gf2w=="
CustomIdentityKeyStoreType="JKS"
CustomTrustKeyStoreFileName="C:\bea\wlp81sp6\user_projects\domains\BOB\CERTIFICATI\certgenca.jks"
CustomTrustKeyStorePassPhraseEncrypted="{3DES}PJMoAH+j5jeVWzQfY8Gf2w=="
CustomTrustKeyStoreType="JKS" ExpectedToRun="false"
JavaStandardTrustKeyStorePassPhraseEncrypted="{3DES}TXgi1bpazzUgtLpwMy9q9Q=="
KeyStores="CustomIdentityAndCustomTrust" ListenAddress=""
ListenPort="7001" Name="bob" NativeIOEnabled="true"
ReliableDeliveryPolicy="RMDefaultPolicy" ServerVersion="8.1.6.0"
StdoutDebugEnabled="true" StdoutSeverityLevel="64">
<SSL ClientCertificateEnforced="true" Enabled="true"
HostnameVerificationIgnored="true"
IdentityAndTrustLocations="KeyStores" ListenPort="7002"
Name="bob" ServerPrivateKeyAlias="bobcert"
ServerPrivateKeyPassPhraseEncrypted="{3DES}PJMoAH+j5jeVWzQfY8Gf2w==" TwoWaySSLEnabled="true"/>
<Log FileCount="2" FileMinSize="5000" Name="bob" NumberOfFilesLimited="true"/>
</Server>
PS: I used a JNDI Client to access to BOB configured with ALICE's keystores and I got a success.
Nat. -
Configuring JMS and loadbalancer with SSL termination? Has Anyone done it?
Hi all,
I'm having a problem getting JMS or even any JNDI lookup to work with a hardware load balancer and SSL termination. Has anyone used such a configuration? The load balancer in question is a Cisco CSS 11500 Series which has an SSL module. A client communicates with the CSS over SSL, the SSL module decrypts the packets and sends it for content switching and on to WebLogic as cleartext.
Without SSL termination everthing works fine. With SSL termination active, Web service and web content all work fine, but I can't get SSL tGetting Initial context from ms01
<29-Sep-2006 16:07:22 o'clock IST> <Debug> <TLS> <000000> <SSL/Domestic license found>
<29-Sep-2006 16:07:22 o'clock IST> <Debug> <TLS> <000000> <Not in server, Certicom SSL license found>
<29-Sep-2006 16:07:23 o'clock IST> <Debug> <TLS> <000000> <SSL Session TTL :90000>
<29-Sep-2006 16:07:23 o'clock IST> <Debug> <TLS> <000000> <Trusted CA keystore: D:/eclipse/workspace/LoadBalancerTest/ssl/keystores/cssKeyS
ore.keystore>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 886220>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <write SSL_20_RECORD>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <3941240 received HANDSHAKE>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <3941240 received HANDSHAKE>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <validationCallback: validateErr = 0>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> < cert[0] = [
Version: V3
Subject: EMAILADDRESS="[email protected] ", CN=10.51.0.200, OU=Web Administration, O=Revenue Commissioners, L=Dublin, ST=Dublin,
=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
a8f60248 b87c5860 229b9044 a666a9ae 27eb488c 424d9e67 e7b9d6d0 c292f081
cfa76c04 f3d89b28 1bf544f9 5de2b66d 576ebeca 5dc5ca8a fceead9a 52e2ce6c
2b91afef e4da5071 49b8784c 12d7f5f3 99f76482 79efe1d8 0a24f664 4c8d6e9e
b0bc63be 1faf8319 eeb23e8a 019b65b2 59dd086d 1b714d4c 01618804 66f416bb
Validity: [From: Fri Sep 08 11:44:28 BST 2006,
To: Mon Sep 05 11:44:28 BST 2016]
Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
SerialNumber: [ 0131]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0E 6E 72 2E B1 3B B6 A3 59 79 5A C5 41 26 B7 B6 .nr..;..YyZ.A&..
0010: A2 39 4C 73 .9Ls
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
SerialNumber: [ 00]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 2C A0 0C 34 4E 0D CA 24 A5 C3 03 3A 71 A1 2D D3 ,..4N..$...:q.-.
0010: 65 A2 FA EF C1 5D D4 4A 28 8C 1A 70 5F 92 73 5E e....].J(..p_.s^
0020: 7B 13 D4 AE 36 A8 86 EA 60 7F A5 E3 86 6E 84 1F ....6...`....n..
0030: 5E 5F 30 06 B4 AA 2E 5C A7 65 74 32 09 0A 91 14 ^_0....\.et2....
]>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> < cert[1] = [
Version: V3
Subject: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
bc61b29f a830c97a 7a76883e 1665a241 a68b891f 8e4167eb 62e578ac 9e342c3e
53c9de8b e756634b e364010f 4d36c1c5 21a65b37 b64b4861 6f4dda29 b932191f
Validity: [From: Mon May 31 15:22:15 BST 2004,
To: Thu May 29 15:22:15 BST 2014]
Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 3C 64 7C 9E 0B 90 48 9D 70 74 06 80 7F 2C AF 73 <d....H.pt...,.s
0010: 92 1C C3 39 DD C3 45 B6 A4 8E 11 27 8E 21 18 4B ...9..E....'.!.K
0020: FD AA 31 5E 35 FC DF 9E 70 42 F4 65 5C DF 56 9A ..1^5...pB.e\.V.
0030: DD 8C 6B B7 3B BE E5 A7 D5 4A 16 23 C1 91 07 CA ..k.;....J.#....
]>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLTrustValidator returns: 0>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <Trust status (0): NONE>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <Performing hostname validation checks: 10.51.0.200>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 received HANDSHAKE>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 134>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 received CHANGE_CIPHER_SPEC>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 received HANDSHAKE>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 272>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3445873 read(offset=0, length=2048)>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3941240 received APPLICATION_DATA: databufferLen 0, contentLength 372>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3445873 read databufferLen 372>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3445873 read A returns 372>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 339>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3445873 read(offset=372, length=1676)>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 6771926>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 93>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 SSL3/TLS MAC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 received HANDSHAKE>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 SSL3/TLS MAC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 received CHANGE_CIPHER_SPEC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 SSL3/TLS MAC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 received HANDSHAKE>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 402>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 1707>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <23328673 read(offset=0, length=2048)>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 SSL3/TLS MAC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 received APPLICATION_DATA: databufferLen 0, contentLength 174>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <23328673 read databufferLen 174>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <23328673 read A returns 174>
<29-Sep-2006 16:07:44 o'clock IST> <Debug> <TLS> <000000> <NEW ALERT with Severity: WARNING, Type: 0
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
at weblogic.net.http.HttpClient.closeServer(HttpClient.java:466)
at weblogic.net.http.KeepAliveCache$1.run(KeepAliveCache.java:120)
at java.util.TimerThread.mainLoop(Unknown Source)
at java.util.TimerThread.run(Unknown Source)
>
<29-Sep-2006 16:07:44 o'clock IST> <Debug> <TLS> <000000> <avalable(): 23328673 : 0 + 0 = 0>
<29-Sep-2006 16:07:44 o'clock IST> <Debug> <TLS> <000000> <write ALERT, offset = 0, length = 2>
<29-Sep-2006 16:07:44 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 6771926>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <3941240 received APPLICATION_DATA: databufferLen 0, contentLength 98>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <3445873 read databufferLen 98>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <3445873 read A returns 98>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 8406772>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 93>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 SSL3/TLS MAC>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 received HANDSHAKE>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 SSL3/TLS MAC>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 received CHANGE_CIPHER_SPEC>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 SSL3/TLS MAC>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 received HANDSHAKE>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 339>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <5618579 read(offset=0, length=2048)>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
Exception in thread "main" javax.naming.CommunicationException [Root exception is java.net.ConnectException: https://10.51.0.200:8143: Boot
trap to: 10.51.0.200/10.51.0.200:8143' over: 'https' got an error or timed out]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:47)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:636)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:306)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:239)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:135)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at TestAllManagedServers.main(TestAllManagedServers.java:54)
Caused by: java.net.ConnectException: https://10.51.0.200:8143: Bootstrap to: 10.51.0.200/10.51.0.200:8143' over: 'https' got an error or t
med out
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:200)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:296)
... 7 more
o work for a simple JNDI lookup. With SSL debugging turned on, the following output is given:
When I compare the Server HTTP logs I see that an initial context lookup involves 3 HTTP requests, e.g.
25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "GET /bea_wls_internal/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+8.1.5+dummy+%0A&r
and=3018901804201457976&AS=255&HL=19 HTTP/1.1" 200 17
25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0&rand=7332722597180897050 HTTP/1
.1" 200 2341
25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "POST /bea_wls_internal/HTTPClntSend/a.tun?connectionID=0&rand=3415396992694182025 HTTP/
1.1" 200 17
When my request goes through the load balancer I see the following in the HTTP logs:
10.51.0.200 - - [29/Sep/2006:16:31:33 +0100] "GET /bea_wls_internal/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+8.1.5+dummy+%0A&
rand=8279752507152372405&AS=255&HL=19 HTTP/1.1" 200 17
10.51.0.200 - - [29/Sep/2006:16:31:33 +0100] "POST /bea_wls_internal/HTTPClntSend/a.tun?connectionID=0&rand=1051450669479197885 HTTP
/1.1" 200 17
10.51.0.200 - - [29/Sep/2006:16:32:28 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0&rand=6035654607615870287 HTTP/
1.1" 200 5
10.51.0.200 - - [29/Sep/2006:16:33:13 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0&rand=8245112057388607005 HTTP/
1.1" 200 5
Notice the time delay in some of the messages.
The following error appears in the WebLogic server log, however I've verified that all IP addresses referenced by the load balancer configuration match those in the WebLogic configuration:
<29-Sep-2006 16:31:43 o'clock IST> <Error> <RJVM> <BEA-000572> <The server rejected a connection attempt JVMMessage from: '266014296
868812899C:25.2.1.210R:2462711729186814398S:10.51.0.2:[8113,8113,8114,8114,8113,8114,-1,0,0]:10.51.0.1:8103,10.51.0.1:8105,10.51.0.1
:8107,10.51.0.2:8109,10.51.0.2:8111,10.51.0.2:8113:risIntCluster01:ms06' to: '0S:10.51.0.200:[-1,-1,-1,8143,-1,-1,-1,-1,-1]' cmd: 'C
MD_IDENTIFY_REQUEST', QOS: '102', responseId: '0', invokableId: '0', flags: 'JVMIDs Sent, TX Context Not Sent', abbrev offset: '228'
probably due to an incorrect firewall configuration or admin command.>
When a JNDI lookup is made directly to a WebLogic server on the https port, the client gives the following output:
Getting Initial context from ms01
<29-Sep-2006 16:29:22 o'clock IST> <Debug> <TLS> <000000> <SSL/Domestic license found>
<29-Sep-2006 16:29:22 o'clock IST> <Debug> <TLS> <000000> <Not in server, Certicom SSL license found>
<29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <SSL Session TTL :90000>
<29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <Trusted CA keystore: D:/eclipse/workspace/LoadBalancerTest/ssl/keystores/cssKeySt
ore.keystore>
<29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 7860099>
<29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <write SSL_20_RECORD>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <32915800 received HANDSHAKE>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <32915800 received HANDSHAKE>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <validationCallback: validateErr = 0>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> < cert[0] = [
Version: V3
Subject: CN=10.52.0.3, OU=Revenue Integration Server, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
ac47cae5 45e55fe4 8ec06362 84aab923 af35d7f1 8b7e8aaa 32772d8a d8185106
0ba91363 07162207 6eaa33b4 db8a3fbb 1e228e93 841ff322 e319242a 04ae7447
Validity: [From: Mon May 31 16:45:21 BST 2004,
To: Thu May 29 16:45:21 BST 2014]
Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
SerialNumber: [ 05]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D7 B3 92 7B C7 4E 2F 5D F3 97 CB 3B F9 FB 0A 1E .....N/]...;....
0010: 97 C5 DD F1 ....
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
SerialNumber: [ 00]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 57 B6 54 4E 1A 54 91 66 5C A8 FE AF B6 50 AB 23 W.TN.T.f\....P.#
0010: 6A 32 42 77 06 44 D5 7D 40 81 E4 DD 84 E3 7B 55 [email protected]
0020: 96 A6 BC E9 E9 51 96 B9 E4 01 56 F9 41 B7 0C C3 .....Q....V.A...
0030: 0A 92 C0 17 6E 6B 9D D6 9A 87 6D 6E 15 5A 86 F4 ....nk....mn.Z..
]>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> < cert[1] = [
Version: V3
Subject: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
bc61b29f a830c97a 7a76883e 1665a241 a68b891f 8e4167eb 62e578ac 9e342c3e
53c9de8b e756634b e364010f 4d36c1c5 21a65b37 b64b4861 6f4dda29 b932191f
Validity: [From: Mon May 31 15:22:15 BST 2004,
To: Thu May 29 15:22:15 BST 2014]
Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 3C 64 7C 9E 0B 90 48 9D 70 74 06 80 7F 2C AF 73 <d....H.pt...,.s
0010: 92 1C C3 39 DD C3 45 B6 A4 8E 11 27 8E 21 18 4B ...9..E....'.!.K
0020: FD AA 31 5E 35 FC DF 9E 70 42 F4 65 5C DF 56 9A ..1^5...pB.e\.V.
0030: DD 8C 6B B7 3B BE E5 A7 D5 4A 16 23 C1 91 07 CA ..k.;....J.#....
]>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLTrustValidator returns: 0>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <Trust status (0): NONE>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <Performing hostname validation checks: 10.51.0.1>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 received HANDSHAKE>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 70>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 received CHANGE_CIPHER_SPEC>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 received HANDSHAKE>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 270>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <30340343 read(offset=0, length=2048)>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLYou will need an AAM set with the internal (http) address.
http://blogs.msdn.com/b/ajithas/archive/2009/09/11/alternate-access-mapping-in-reverse-proxy-configuration.aspx
Dimitri Ayrapetov (MCSE: SharePoint) -
SSL exception when using FileAdapter - PI 7.0
Hi,
I'm currently using the FileAdapter to send a CSV file to an external FTPs server. I have loaded the FTPs server certificated into the ClientCertificates keystore in J2EE as well as the Verisign intermediate and root certs into the Trusted CAs. When testing the connection, i'm still getting a chain verification exception like below:
Delivery of the message to the application using connection File_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Peer certificate rejected by ChainVerifier: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier.
Has anyone had experience configuring this scenario and might be able to help out?
Many thanks,
NicholasThis is a typical answer to OSS ticket concerning this issue:
"A strict server name check is first performed in the SSL handshake,
before any certificate chain is verfied against the certificates in the
Trusted CA keytore view.
The strict server name check means that the CN in the server certificate
must exactly match the host name in the request URL.
In this step, the certificates in the client (J2EE engine) Trusted CA
keystore view are not yet involved.
You'll either need to configure the host name, as the CN of the
server certificate or create the server certificate with the CN (and
import/use it in the server), as you plan to use it in the FTP Adapter
receiver channel configuration.
Please ensure your channel configuration uses the hostname expected
by the server. i.e. that you are also using: *.sap.com
and that this FQHN is used consistently.
If you still have problems, please note that the FTP protocol itself
has no concept of hostnames, so an FTP client is reliant on the IP
address of the server to obtain the hostname. If any reverse DNS
lookup is taking place during the processing on your network, you need
to ensure the DNS lookup returns the FQHN of your FTP server, which
is: *.sap.com
Try run the scenario using a public certificate and adding the IP
address and host name to the host file."
Hope that helps
Stefan -
Usage of 'export' & 'import' command in SSL
Hi,
I have a query regarding 'export' and 'import' command while creating security certificates.
Why do we use export word in this command and not anywhere else -
keytool -export -alias weblogic -file trust.pem -keystore mykeystore.jks -storepass weblogic -rfc
why can't we use import instead of export and vice versa.
what do u mean when u say, import or export, what is the basic difference between these two in terms of security command.
Thanks,
SidHi Vankan,
Your question is so extensive that should be explained a bit.
Could you please be more specific? Which platform are we talking about? DB, OS, etc?
Which kind of export/import do you want to carry out?: e.g.: client transport, client copy, homogeneous system copy, heterogeneous system copy...
The technique you will use for that depends on what you want to do and on the platform you are working on. -
Multi SSL connections in one application
In my web application I have two servlets, any of them call different web services. The protocol is HTTPS, so how can I tell them to use different trust and keystores? Or if I should use common keystore, how can I use something like keyAlias to show on any servlet to use different PrivateKey if there is client authentication.
For now my code in every servlet is:
System.setProperty("javax.net.ssl.keyStoreType", "");
System.setProperty("javax.net.ssl.keyStore", "");
System.setProperty("javax.net.ssl.keyStorePassword", "");
System.setProperty("javax.net.ssl.trustStoreType", "");
System.setProperty("javax.net.ssl.trustStore", "");
System.setProperty("javax.net.ssl.trustStorePassword", "");
Ofcourse with appropiate values.
But that works only for the first servlet witch is called.
Please help.The protocol is HTTPS, so how can I tell them to use different trust and keystores?Why would you want to do that?
Or if I should use common keystore, how can I use something like keyAlias to show on any servlet to use different PrivateKey if there is client authentication.Why?
There is no reason in the world to use different truststores or keystores. All that this PKI does is establish identity. Whether the applications concerned should trust that identity in specific contexts is an application question that can't be resolved via keystores and truststores and different private keys. This is a common misconception. It's not what they are for, it's not what they are designed to do, and you can't use them for that purpose securely.
See [this thread|http://forums.sun.com/thread.jspa?threadID=5388459&tstart=0] for a full discussion. -
Using ohs as a front end to weblogic
I had a lot of trouble trying to enable ssl in weblogic (10.3.4 windows 64 bits). So I was thinking of just using ohs as a front end. I need the traffice between the forms and reports clients and the web service to be encrypted. Between the webservice and weblogic and database can be in the clear. I already got ohs to do ssl for application express. It was nowhere as hard to deal with as weblogic (10.3.4) . I don't seem to be able to think like weblogic :-(
However I need some good and correct instructions on how to do this. Anyone got any?
This is one of those things where the more you look the more confused you get.
(BTW this seems to be saying you can't use ohs in front of em or console.)
for example:
Doc ID 1268723.1
Following this note will result in the following architecture:
Browser --> https --> OHS --> https --> WebLogic Server
There are three steps needed to configure mod_wl_ohs in this setup:
Step I: Configure OHS for SSL
Step II: Configure Weblogic for SSL
Step III: Configure mod_wl_ohs
Now that is very complex and one has to face both the wallet and the keystore and more.
whereas another doc
Doc ID 1240977.1
advocates only enabling ssl in ohs and not in weblogic. Well which is it? Does ssl have to be in weblogic?
If it does I could picture not involving ohs and that apparently crash prone module.Well I wanted to close this out by saying that I never found out definitively how to put ohs in front of
weblogic. (10.3.4) I'm not sure it's that great of an idea considering some reports of problems with
mod_wl_ohs in support but anyway I did get ssl working in weblogic. Basically I followed 1109753.1 This is the very
simple way that you just configure ssl for wls_forms and wls_reports in weblogic and no involvement of any apache
modules or rewriting or proxying or anything like that.
I did convert the oracle wallet (cwallet.sso) that I was using for ohs to .jks using the
orapki pks12_to_jks command. That had in fact the server cert and two associated trust certs from the cert
vendor. Some instructions make it sound like you have to "separate identity and trust" but I didn't and it does
work.
Configuration of WLS_FORMS or WLS_REPORTS for ssl is like this:
in weblogic administration http://myserver:7001/console :
(environment,servers, WLS_FORMS)
_________keystores tab _________________
keystores: custom identity and java standard trust
custom identity keystore: d:\somewhere\mykeystore.jks
custom identity keystore type JKS
custom identity keystore passphrase keystorepasswd
Java Standard Trust Keystore:
C:\PROGRA~1\Java\JDK16~1.0_2\jre\lib\security\cacerts
Java Standard Trust Keystore Type: jks
<no passwords entered for java standard trust although the password is known to be changeit>
___________SSL tab_____________
Identity and Trust Locations: Keystores
Private Key Location: from Custom Identity Keystore
Private Key Alias: <for key. You can list this with a utility if you forgot>
Private Key Passphrase: <private key password>
Certificate Location: from Custom Identity Keystore
Trusted Certificate Authorities: from Java Standard Trust Keystore
plus in Configuration Tab:
ssl listen port enabled specify port you want
I am guessing that since the forms and reports ports are different by default
that the ssl ports should be different also?
after that I actually think you have to stop and then start the service instead of just restart ssl.
Anyway then try whatever your forms or reports url was but using the new port and using https:
eg. https://my.domain.name:7002/forms/frmservlet
If that doesn't work then look for the log which is something like:
c:\<middlewarehome>/user_projects/domains/mydomain/servers/WLS_FORMS/logs look for it there. -
Java.io.IOException: Invalid identity certificate signature
Hi,
My WebLogic 11g is running on a Windows Server 2008 64 bit server. I have obtained a certificate with private key for this Windows server. Now I would like to use this certificate and private key for my WebLogic server.
What I have done:
1. Exported server certificate using mmc.exe to my_domain.pfx
2. Extracted my certificates and key with OpenSSL:
openssl pkcs12 -in my_domain.pfx -out tempcertfile.crt -nodes
3. Cut and pasted the section
-----BEGIN RSA PRIVATE KEY-----
(Block of Encrypted Text)
-----END RSA PRIVATE KEY-----
of the generated tempcertfile.crt to file my_domain.key
4. Copied the second set of -----BEGIN CERTIFICATE----- & -----END CERTIFICATE----- from tempcertfile.crt to file TrustedRoot.crt
5. Used keytool to create a new trust certificate keystore:
keytool -import -trustcacerts -file TrustedRoot.crt -alias server -keystore new_trust_keystore.jks -storepass NEWPASSWORD
where NEWPASSWORD is the new password of the keystore
6. Used utils.ImportPrivateKey to create a new identity certificate keystore:
java utils.ImportPrivateKey -keystore new_identity_keystore.jks -storepass NEWPASSWORD -storetype JKS -keypass NEWPASSWORD -alias server -certfile tempcertfile.crt
-keyfile my_domain.key -keyfilepass PFXPASSWORD
7. Configured WebLogic to use the new trust and identity certificate keystores
When I try to start the WebLogic server it shuts down again with the following log:
####<22-03-2012 07:10:42 CET> <Critical> <WebLogicServer> <HID-1041559> <AdminServer> <main> <<WLS Kernel>> <> <> <1332396642889> <BEA-000362> <Server failed. Reason:
There are 1 nested errors:
java.io.IOException: Invalid identity certificate signature: [***]
at weblogic.server.channels.DynamicSSLListenThread.<init>(DynamicSSLListenThread.java:64)
at weblogic.server.channels.DynamicListenThreadManager.createListener(DynamicListenThreadManager.java:296)
at weblogic.server.channels.AdminPortService.bindListeners(AdminPortService.java:76)
at weblogic.server.channels.EnableAdminListenersService.start(EnableAdminListenersService.java:39)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: weblogic.management.configuration.ConfigurationException: Invalid identity certificate signature: [***]
Does anybody know what I'm doing wrong?
Thanks in advance, SteffenThe solution is that the certificates in tempcertfile.crt must be in the correct order. The order must be:
Identity certificate
Intermediate certificate
Root certificate
The identity certificate can be located easily in tempcertfile.crt since there must be header that shows the identity--information such as the name of a person or an organization, their address, and so forth. The intermediate certificate will be the last certificate in the tempcertfile.crt.
After I changed the order of the certificates it worked fine.
Regards Steffen -
Getting the Error : SSLException :End user tried to act as a CA in WAS
I have a web service application running in WAS 5.1 and client application running in WAS 6.1.
We use server side authentication and we have configured the trust store keystore on the client side.
But when we try to invoke the wenservice i get the error "SSLException :End user tried to act as a CA".
Kindly let me know the possibility of this error.
Thanks In advance
Shyam.Hello,
I tested again and with the same code and the same java libraries. There is no problem using Apache with OpenSSL 0.9.6h. The problem only occures with OpenSSL 0.9.7.
Are there any known incompatibilities between JSSE and OpenSSL 0.9.7?
TIA,
Robert Stroetgen. :) -
Getting error to access the JMS resouce.
I have confabulated 4 managed servers (des1, des2,des3 and des4) with JMS servers in a cluster on WebLogic 9.2. The servers des1 and des2 are located on same host of admin server installed(e.g. the hostname is adminhost). The servers des3 and des4 are located on anther host (remotehost). I have confabulated the JMS Connection Factory and Uniform Distributed Topic and target them to the cluster by using a subdeployment. I started the admin server on adminhost:7001.
I set the JMS provider URL to t3://adminhost:5010,adminhost:5020,remotehost:5010,remotehost:5020 in my java code to look up my JMS topic.
I can get the JMS topic from the adminhost's servers (des1 and des2). But on the remote host, if I don't start adminhost:5010, the server will get got error when try to get the JMS topic.
javax.naming.NameNotFoundException: While trying to lookup 'peoplesoft.crm.omk.jms.omkBroadcastTopic'
didn't find subcontext 'peoplesoft'. Resolved ''; remaining name 'peoplesoft/crm/omk/jms/omkBroadcastTopic'
at weblogic.jndi.internal.BasicNamingNode.newNameNotFoundException(BasicNamingNode.java:1139)
The remote server will only can get the JMS topic when the adminhost:5010 is up and running, which is the first one listed in the JMS provider URL.
Can any one give me the idea that:
Q1: Why only the admin server's managed servers can access the JMS topic?(because the des2 does not rely on if the server on adminhost:5010 running).
Is there any way I can make it work on remote host?
Q2: Why only the first server is recognized in the JMS provider URL?
Q3: Why the JSM provider is singleton fail point?
Thank you in advance!
Lucy
Edited by: user710140 on Feb 20, 2009 3:27 PMHere are my config.xml and jms.xml. Thank you for help!
config.xml
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/security/xacml http://www.bea.com/ns/weblogic/90/security/xacml.xsd http://www.bea.com/ns/weblogic/90/security http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/920/domain http://www.bea.com/ns/weblogic/920/domain.xsd http://www.bea.com/ns/weblogic/90/security/wls http://www.bea.com/ns/weblogic/90/security/wls.xsd">
<name>omk</name>
<domain-version>9.2.0.0</domain-version>
<security-configuration>
<name>omk</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{3DES}DCrNeNp+kXrDhSu/xl1jSPlzzeCAUak9MRuA+ZvX8Ih/gYhSJAhEXNBeX92iiOAFcusvheIQMuMPAtQfFmG7UOSiq8Rm3q8s</credential-encrypted>
<node-manager-username>system</node-manager-username>
<node-manager-password-encrypted>{3DES}sDP3fr4NSp2l89H2BtwOoA==</node-manager-password-encrypted>
</security-configuration>
<server>
<name>crm9</name>
<ssl>
<name>crm9</name>
<enabled>true</enabled>
<hostname-verification-ignored>true</hostname-verification-ignored>
<listen-port>444</listen-port>
<two-way-ssl-enabled>false</two-way-ssl-enabled>
<server-private-key-alias>rfas010</server-private-key-alias>
<identity-and-trust-locations>KeyStores</identity-and-trust-locations>
</ssl>
<log>
<name>crm9</name>
<file-name>./logs/PIA_weblogic.log</file-name>
<log-file-severity>Info</log-file-severity>
</log>
<execute-queue>
<name>weblogic.kernel.Default</name>
<thread-count>50</thread-count>
</execute-queue>
<listen-port>7001</listen-port>
<web-server>
<name>crm9</name>
<web-server-log>
<name>crm9</name>
<file-name>./logs/PIA_access.log</file-name>
<logging-enabled>false</logging-enabled>
</web-server-log>
<https-keep-alive-secs>120</https-keep-alive-secs>
</web-server>
<iiop-enabled>false</iiop-enabled>
<listen-address></listen-address>
<staging-directory-name>./stage</staging-directory-name>
<upload-directory-name>./upload</upload-directory-name>
<staging-mode>nostage</staging-mode>
<graceful-shutdown-timeout>30</graceful-shutdown-timeout>
<msi-file-replication-enabled>true</msi-file-replication-enabled>
<custom-identity-key-store-file-name>keystore/pskey</custom-identity-key-store-file-name>
<custom-identity-key-store-type>JKS</custom-identity-key-store-type>
<custom-trust-key-store-file-name>keystore/pskey</custom-trust-key-store-file-name>
<custom-trust-key-store-type>JKS</custom-trust-key-store-type>
</server>
<server>
<name>proxyServer</name>
<ssl>
<enabled>false</enabled>
<listen-port>5011</listen-port>
</ssl>
<machine>rhas001</machine>
<listen-port>5010</listen-port>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address>10.138.120.154</listen-address>
</server>
<server>
<name>des1</name>
<ssl>
<enabled>false</enabled>
<listen-port>5011</listen-port>
</ssl>
<log>
<file-name>./logs/PIA_weblogic.log</file-name>
<log-file-severity>Info</log-file-severity>
</log>
<machine>rfas010</machine>
<listen-port>5010</listen-port>
<cluster>PsftOmkCluster</cluster>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address>10.138.121.100</listen-address>
<server-start>
<class-path>D:/PT849/webserv/omk/applications/crm/com.peoplesoft.crm.omk.jar;D:/PT849/webserv/omk/applications/crm/commons-fileupload-1.0.jar;D:/PT849/webserv/omk/applications/crm/commons-logging.jar;D:/PT849/webserv/omk/applications/crm/commons-net-1.2.2.jar;D:/PT849/webserv/omk/applications/crm/toplink.jar;D:/PT849/webserv/omk/applications/crm/xercesImpl.jar;D:/PT849/webserv/omk/applications/crm/xml-apis.jar;D:/PT849/webserv/omk/applications/crm/xmlparserv2.jar;D:/PT849/webserv/omk/applications/crm/xalan.jar;D:/PT849/webserv/omk/applications/crm/psjoa.jar;D:/PT849/webserv/omk/applications/crm/ptib.jar;D:/PT849/webserv/omk/lib/pluto-1.0.1.jar;D:/PT849/webserv/omk/lib/portlet-api-1.0.jar;D:/PT849/webserv/omk/lib/ps_patch.jar;D:/PT849/webserv/omk/lib/xerces.jar;C:/bea/weblogic92/platform/lib/p13n/p13n-schemas.jar;C:/bea/weblogic92/platform/lib/p13n/p13n_common.jar;C:/bea/weblogic92/platform/lib/p13n/p13n_system.jar;C:/bea/weblogic92/platform/lib/wlp/netuix_common.jar;C:/bea/weblogic92/platform/lib/wlp/netuix_schemas.jar;C:/bea/weblogic92/platform/lib/wlp/netuix_system.jar;C:/bea/weblogic92/platform/lib/wlp/wsrp-common.jar;c:/bea/JROCKI~1/jre/lib/tools.jar;C:/bea/weblogic92/server/lib/weblogic_sp.jar;C:/bea/weblogic92/server/lib/weblogic.jar;D:/PT849/webserv/omk/applications/crm/ojdbc14.jar</class-path>
<arguments>-server -Xms256m -Xmx512m -XX:MaxPermSize=128m -Dps_home=D:/PT849 -Dps_vault=D:/PT849/secvault/psvault -Djava.util.logging.config.file=D:/PT849/webserv/omk/applications/peoplesoft/logging.properties -Dtoplink.xml.platform=oracle.toplink.platform.xml.jaxp.JAXPPlatform -Djavax.net.ssl.trustStore=D:/PT849/webserv/omk/keystore/pskey -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger</arguments>
<password-encrypted>{3DES}HbT3X8jahd4=</password-encrypted>
</server-start>
<jta-migratable-target>
<user-preferred-server>des1</user-preferred-server>
<cluster>PsftOmkCluster</cluster>
</jta-migratable-target>
</server>
<server>
<name>des2</name>
<ssl>
<enabled>false</enabled>
<listen-port>5021</listen-port>
</ssl>
<log>
<file-name>./logs/PIA_weblogic.log</file-name>
<log-file-severity>Info</log-file-severity>
</log>
<machine>rfas010</machine>
<listen-port>5020</listen-port>
<cluster>PsftOmkCluster</cluster>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address>10.138.121.100</listen-address>
<server-start>
<class-path>D:/PT849/webserv/omk/applications/crm/com.peoplesoft.crm.omk.jar;D:/PT849/webserv/omk/applications/crm/commons-fileupload-1.0.jar;D:/PT849/webserv/omk/applications/crm/commons-logging.jar;D:/PT849/webserv/omk/applications/crm/commons-net-1.2.2.jar;D:/PT849/webserv/omk/applications/crm/toplink.jar;D:/PT849/webserv/omk/applications/crm/xercesImpl.jar;D:/PT849/webserv/omk/applications/crm/xml-apis.jar;D:/PT849/webserv/omk/applications/crm/xmlparserv2.jar;D:/PT849/webserv/omk/applications/crm/xalan.jar;D:/PT849/webserv/omk/applications/crm/psjoa.jar;D:/PT849/webserv/omk/applications/crm/ptib.jar;D:/PT849/webserv/omk/lib/pluto-1.0.1.jar;D:/PT849/webserv/omk/lib/portlet-api-1.0.jar;D:/PT849/webserv/omk/lib/ps_patch.jar;D:/PT849/webserv/omk/lib/xerces.jar;C:/bea/weblogic92/platform/lib/p13n/p13n-schemas.jar;C:/bea/weblogic92/platform/lib/p13n/p13n_common.jar;C:/bea/weblogic92/platform/lib/p13n/p13n_system.jar;C:/bea/weblogic92/platform/lib/wlp/netuix_common.jar;C:/bea/weblogic92/platform/lib/wlp/netuix_schemas.jar;C:/bea/weblogic92/platform/lib/wlp/netuix_system.jar;C:/bea/weblogic92/platform/lib/wlp/wsrp-common.jar;c:/bea/JROCKI~1/jre/lib/tools.jar;C:/bea/weblogic92/server/lib/weblogic_sp.jar;C:/bea/weblogic92/server/lib/weblogic.jar;D:/PT849/webserv/omk/applications/crm/ojdbc14.jar</class-path>
<arguments>-server -Xms256m -Xmx512m -XX:MaxPermSize=128m -Dps_home=D:/PT849 -Dps_vault=D:/PT849/secvault/psvault -Djava.util.logging.config.file=D:/PT849/webserv/omk/applications/peoplesoft/logging.properties -Dtoplink.xml.platform=oracle.toplink.platform.xml.jaxp.JAXPPlatform -Djavax.net.ssl.trustStore=D:/PT849/webserv/omk/keystore/pskey -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger</arguments>
<password-encrypted>{3DES}HbT3X8jahd4=</password-encrypted>
</server-start>
<jta-migratable-target>
<user-preferred-server>des2</user-preferred-server>
<cluster>PsftOmkCluster</cluster>
</jta-migratable-target>
</server>
<server>
<name>des3</name>
<ssl>
<enabled>false</enabled>
<listen-port>5011</listen-port>
</ssl>
<log>
<file-name>./logs/PIA_weblogic.log</file-name>
<log-file-severity>Info</log-file-severity>
</log>
<machine>rtas043</machine>
<listen-port>5010</listen-port>
<cluster>PsftOmkCluster</cluster>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address>10.138.123.106</listen-address>
<server-start>
<class-path>D:/PT849/webserv/omk/applications/crm/com.peoplesoft.crm.omk.jar;D:/PT849/webserv/omk/applications/crm/commons-fileupload-1.0.jar;D:/PT849/webserv/omk/applications/crm/commons-logging.jar;D:/PT849/webserv/omk/applications/crm/commons-net-1.2.2.jar;D:/PT849/webserv/omk/applications/crm/toplink.jar;D:/PT849/webserv/omk/applications/crm/xercesImpl.jar;D:/PT849/webserv/omk/applications/crm/xml-apis.jar;D:/PT849/webserv/omk/applications/crm/xmlparserv2.jar;D:/PT849/webserv/omk/applications/crm/xalan.jar;D:/PT849/webserv/omk/applications/crm/psjoa.jar;D:/PT849/webserv/omk/applications/crm/ptib.jar;D:/PT849/webserv/omk/lib/pluto-1.0.1.jar;D:/PT849/webserv/omk/lib/portlet-api-1.0.jar;D:/PT849/webserv/omk/lib/ps_patch.jar;D:/PT849/webserv/omk/lib/xerces.jar;C:/bea/weblogic92/platform/lib/p13n/p13n-schemas.jar;C:/bea/weblogic92/platform/lib/p13n/p13n_common.jar;C:/bea/weblogic92/platform/lib/p13n/p13n_system.jar;C:/bea/weblogic92/platform/lib/wlp/netuix_common.jar;C:/bea/weblogic92/platform/lib/wlp/netuix_schemas.jar;C:/bea/weblogic92/platform/lib/wlp/netuix_system.jar;C:/bea/weblogic92/platform/lib/wlp/wsrp-common.jar;c:/bea/JROCKI~1/jre/lib/tools.jar;C:/bea/weblogic92/server/lib/weblogic_sp.jar;C:/bea/weblogic92/server/lib/weblogic.jar;D:/PT849/webserv/omk/applications/crm/ojdbc14.jar</class-path>
<arguments>-server -Xms256m -Xmx512m -XX:MaxPermSize=128m -Dps_home=D:/PT849 -Dps_vault=D:/PT849/secvault/psvault -Djava.util.logging.config.file=D:/PT849/webserv/omk/applications/peoplesoft/logging.properties -Dtoplink.xml.platform=oracle.toplink.platform.xml.jaxp.JAXPPlatform -Djavax.net.ssl.trustStore=D:/PT849/webserv/omk/keystore/pskey -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger</arguments>
<password-encrypted>{3DES}HbT3X8jahd4=</password-encrypted>
</server-start>
<jta-migratable-target>
<user-preferred-server>des3</user-preferred-server>
<cluster>PsftOmkCluster</cluster>
</jta-migratable-target>
</server>
<server>
<name>des4</name>
<ssl>
<enabled>false</enabled>
<listen-port>5021</listen-port>
</ssl>
<log>
<file-name>./logs/PIA_weblogic.log</file-name>
<log-file-severity>Info</log-file-severity>
</log>
<machine>rtas043</machine>
<listen-port>5020</listen-port>
<cluster>PsftOmkCluster</cluster>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address>10.138.123.106</listen-address>
<server-start>
<class-path>D:/PT849/webserv/omk/applications/crm/com.peoplesoft.crm.omk.jar;D:/PT849/webserv/omk/applications/crm/commons-fileupload-1.0.jar;D:/PT849/webserv/omk/applications/crm/commons-logging.jar;D:/PT849/webserv/omk/applications/crm/commons-net-1.2.2.jar;D:/PT849/webserv/omk/applications/crm/toplink.jar;D:/PT849/webserv/omk/applications/crm/xercesImpl.jar;D:/PT849/webserv/omk/applications/crm/xml-apis.jar;D:/PT849/webserv/omk/applications/crm/xmlparserv2.jar;D:/PT849/webserv/omk/applications/crm/xalan.jar;D:/PT849/webserv/omk/applications/crm/psjoa.jar;D:/PT849/webserv/omk/applications/crm/ptib.jar;D:/PT849/webserv/omk/lib/pluto-1.0.1.jar;D:/PT849/webserv/omk/lib/portlet-api-1.0.jar;D:/PT849/webserv/omk/lib/ps_patch.jar;D:/PT849/webserv/omk/lib/xerces.jar;C:/bea/weblogic92/platform/lib/p13n/p13n-schemas.jar;C:/bea/weblogic92/platform/lib/p13n/p13n_common.jar;C:/bea/weblogic92/platform/lib/p13n/p13n_system.jar;C:/bea/weblogic92/platform/lib/wlp/netuix_common.jar;C:/bea/weblogic92/platform/lib/wlp/netuix_schemas.jar;C:/bea/weblogic92/platform/lib/wlp/netuix_system.jar;C:/bea/weblogic92/platform/lib/wlp/wsrp-common.jar;c:/bea/JROCKI~1/jre/lib/tools.jar;C:/bea/weblogic92/server/lib/weblogic_sp.jar;C:/bea/weblogic92/server/lib/weblogic.jar;D:/PT849/webserv/omk/applications/crm/ojdbc14.jar</class-path>
<arguments>-server -Xms256m -Xmx512m -XX:MaxPermSize=128m -Dps_home=D:/PT849 -Dps_vault=D:/PT849/secvault/psvault -Djava.util.logging.config.file=D:/PT849/webserv/omk/applications/peoplesoft/logging.properties -Dtoplink.xml.platform=oracle.toplink.platform.xml.jaxp.JAXPPlatform -Djavax.net.ssl.trustStore=D:/PT849/webserv/omk/keystore/pskey -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger</arguments>
<password-encrypted>{3DES}HbT3X8jahd4=</password-encrypted>
</server-start>
<jta-migratable-target>
<user-preferred-server>des4</user-preferred-server>
<cluster>PsftOmkCluster</cluster>
</jta-migratable-target>
</server>
<cluster>
<name>PsftOmkCluster</name>
<multicast-address>239.192.0.0</multicast-address>
<multicast-port>7009</multicast-port>
<multicast-ttl>2</multicast-ttl>
<number-of-servers-in-cluster-address>4</number-of-servers-in-cluster-address>
</cluster>
<embedded-ldap>
<name>omk</name>
<credential-encrypted>{3DES}6Sr2wTwijurtQum4aELROj7jVGCnAucX5/41CQo4NNw=</credential-encrypted>
</embedded-ldap>
<configuration-version>9.2.0.0</configuration-version>
<app-deployment>
<name>crm9</name>
<target>PsftOmkCluster</target>
<module-type>ear</module-type>
<source-path>applications/crm9</source-path>
<sub-deployment>
<name>/DCS</name>
<target>PsftOmkCluster</target>
</sub-deployment>
<deployment-order>1</deployment-order>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>nostage</staging-mode>
</app-deployment>
<app-deployment>
<name>proxyServer</name>
<target>proxyServer</target>
<module-type>war</module-type>
<source-path>C:\Temp\wlst\proxyApp.war</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<app-deployment>
<name>wlnav</name>
<target>crm9</target>
<module-type>war</module-type>
<source-path>D:\lucy\wlnav.war</source-path>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>stage</staging-mode>
</app-deployment>
<machine>
<name>rhas001</name>
<node-manager>
<nm-type>SSL</nm-type>
<listen-address>rhas001.us.oracle.com</listen-address>
<listen-port>5556</listen-port>
</node-manager>
</machine>
<machine>
<name>rfas010</name>
<node-manager>
<nm-type>SSL</nm-type>
<listen-address>rfas010.us.oracle.com</listen-address>
<listen-port>5556</listen-port>
</node-manager>
</machine>
<machine>
<name>rtas043</name>
<node-manager>
<nm-type>SSL</nm-type>
<listen-address>rtas043.us.oracle.com</listen-address>
<listen-port>5556</listen-port>
</node-manager>
</machine>
<jms-server>
<name>PsftOmkJMSServer1</name>
<target>des1</target>
</jms-server>
<jms-server>
<name>PsftOmkJMSServer2</name>
<target>des2</target>
</jms-server>
<jms-server>
<name>PsftOmkJMSServer3</name>
<target>des3</target>
</jms-server>
<jms-server>
<name>PsftOmkJMSServer4</name>
<target>des4</target>
</jms-server>
<migratable-target>
<name>des1 (migratable)</name>
<notes>This is a system generated default migratable target for a server. Do not delete manually.</notes>
<user-preferred-server>des1</user-preferred-server>
<cluster>PsftOmkCluster</cluster>
</migratable-target>
<migratable-target>
<name>des2 (migratable)</name>
<notes>This is a system generated default migratable target for a server. Do not delete manually.</notes>
<user-preferred-server>des2</user-preferred-server>
<cluster>PsftOmkCluster</cluster>
</migratable-target>
<migratable-target>
<name>des3 (migratable)</name>
<notes>This is a system generated default migratable target for a server. Do not delete manually.</notes>
<user-preferred-server>des3</user-preferred-server>
<cluster>PsftOmkCluster</cluster>
</migratable-target>
<migratable-target>
<name>des4 (migratable)</name>
<notes>This is a system generated default migratable target for a server. Do not delete manually.</notes>
<user-preferred-server>des4</user-preferred-server>
<cluster>PsftOmkCluster</cluster>
</migratable-target>
<jms-system-resource>
<name>PsftOmkJMSModule</name>
<target>PsftOmkCluster</target>
<sub-deployment>
<name>PsftOmkClusterSubdeployment</name>
<target>PsftOmkCluster</target>
</sub-deployment>
<descriptor-file-name>jms/psftomkjmsmodule-jms.xml</descriptor-file-name>
</jms-system-resource>
<admin-server-name>crm9</admin-server-name>
</domain>
jms
<?xml version='1.0' encoding='UTF-8'?>
<weblogic-jms xmlns="http://www.bea.com/ns/weblogic/90" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xsi:schemaLocation="http://www.bea.com/ns/weblogic/920 http://www.bea.com/ns/weblogic/920.xsd">
<connection-factory name="omkBroadcaster">
<sub-deployment-name>PsftOmkClusterSubdeployment</sub-deployment-name>
<jndi-name>jms.connection.omkConFactory</jndi-name>
<load-balancing-params>
<server-affinity-enabled>false</server-affinity-enabled>
</load-balancing-params>
</connection-factory>
<uniform-distributed-topic name="omkBroadcastTopic">
<sub-deployment-name>PsftOmkClusterSubdeployment</sub-deployment-name>
<jndi-name>peoplesoft.crm.omk.jms.omkBroadcastTopic</jndi-name>
<load-balancing-policy>Round-Robin</load-balancing-policy>
</uniform-distributed-topic>
</weblogic-jms>
Edited by: user710140 on Feb 23, 2009 8:54 AM -
Help me with Running SpecjAppServer2004 benchmark
I am trying to run SpecjAppServer2004 on Weblogic 9.0 server.I have created a domain and deployed SpecjAppServer.ear on the admin server.I have the ear file from the disclosure archive og specj result submission.
But when i ran the benchmark with 30 injection rate, no load is there at the server.So i want to know, if i disable native io,and want to use execute queues, how I can do that.I am using different execute queues for different interfaces(dispatch-policy is included in application xmls).
The config.xml file i used is given below and all the threads for execute queue "default" are idle.It also says that the number of Socket Readers is 4.How?
Please help me
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://www.bea.com/ns/weblogic/90/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/domain.xsd">
<name>SpecjAppServer_Domain</name>
<security-configuration>
<name>SpecjAppServer_Domain</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xsi:type="wls:default-role-mapperType"></sec:role-mapper>
<sec:authorizer xsi:type="wls:default-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{3DES}6b3pwzdi0MWd4xJQRL9V8azRZJyAXK8KkGRKTjZ3FJfUzxzClL32YdAjxw8y6XKQSuTSF5jmVE6EL8R1aTeH1uOFls2Ch+gj</credential-encrypted>
<node-manager-username>xua5WFT4K9</node-manager-username>
<node-manager-password-encrypted>{3DES}odrmII7Q/Ev+JBz7yYfEhQ==</node-manager-password-encrypted>
</security-configuration>
<log>
<name>SpecjAppServer_Domain</name>
<file-name>logs/SpecjAppServer_Domain.log</file-name>
</log>
<server>
<name>SpecjAppServer</name>
<native-io-enabled>false</native-io-enabled>
<ssl>
<name>SpecjAppServer</name>
<enabled>false</enabled>
<login-timeout-millis>25000</login-timeout-millis>
<identity-and-trust-locations>KeyStores</identity-and-trust-locations>
</ssl>
<log>
<name>SpecjAppServer</name>
<file-name>logs/SpecjAppServer.log</file-name>
</log>
<instrument-stack-trace-enabled>false</instrument-stack-trace-enabled>
<execute-queue>
<name>default</name>
<thread-count>50</thread-count>
<threads-increase>1</threads-increase>
<threads-minimum>50</threads-minimum>
</execute-queue>
<execute-queue>
<name>deliveryQueue</name>
<thread-count>100</thread-count>
<threads-increase>1</threads-increase>
<threads-minimum>100</threads-minimum>
</execute-queue>
<execute-queue>
<name>mfgQueue</name>
<thread-count>150</thread-count>
<threads-increase>1</threads-increase>
<threads-minimum>150</threads-minimum>
</execute-queue>
<execute-queue>
<name>webQueue</name>
<thread-count>300</thread-count>
<threads-increase>1</threads-increase>
<threads-minimum>300</threads-minimum>
</execute-queue>
<use81-style-execute-queues>true</use81-style-execute-queues>
<listen-port>7001</listen-port>
<web-server>
<web-server-log>
<file-name>logs/access.log</file-name>
<logging-enabled>false</logging-enabled>
</web-server-log>
<keep-alive-enabled>true</keep-alive-enabled>
<keep-alive-secs>120</keep-alive-secs>
<default-web-app-context-root>/DefaultWebApp</default-web-app-context-root>
</web-server>
<listen-address></listen-address>
<accept-backlog>5000</accept-backlog>
<server-version>9.0.0.0</server-version>
<default-file-store>
<name>SpecjAppServer</name>
<directory>SpecjAppServerFileStore</directory>
<synchronous-write-policy>Direct-Write</synchronous-write-policy>
</default-file-store>
</server>
<embedded-ldap>
<name>SpecjAppServer_Domain</name>
<credential-encrypted>{3DES}MBvn6Ve0ic0jUp2LBDBanpG5bwDE60P7BKnA1Tb6cC4=</credential-encrypted>
</embedded-ldap>
<configuration-version>9.0.0.0</configuration-version>
<app-deployment>
<name>SPECjAppServer</name>
<target>SpecjAppServer</target>
<module-type>ear</module-type>
<source-path>E:\SpecJAppServer2004_weblogic\jars\SPECjAppServer.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<jms-server>
<name>SpecjJmsServer</name>
<target>SpecjAppServer</target>
</jms-server>
<web-app-container>
<relogin-enabled>true</relogin-enabled>
<allow-all-roles>true</allow-all-roles>
<filter-dispatched-requests-enabled>true</filter-dispatched-requests-enabled>
<rtexprvalue-jsp-param-name>true</rtexprvalue-jsp-param-name>
<jsp-compiler-backwards-compatible>true</jsp-compiler-backwards-compatible>
</web-app-container>
<jms-system-resource>
<name>jms_module</name>
<target>SpecjAppServer</target>
<sub-deployment>
<name>SpecQueueConnectionFactory</name>
<target>SpecjAppServer</target>
</sub-deployment>
<sub-deployment>
<name>ReceiveQueue</name>
<target>SpecjJmsServer</target>
</sub-deployment>
<sub-deployment>
<name>BuyerQueue</name>
<target>SpecjJmsServer</target>
</sub-deployment>
<sub-deployment>
<name>FulfillOrderQueue</name>
<target>SpecjJmsServer</target>
</sub-deployment>
<sub-deployment>
<name>LargeOrderQueue</name>
<target>SpecjJmsServer</target>
</sub-deployment>
<descriptor-file-name>jms/jms_module-jms.xml</descriptor-file-name>
</jms-system-resource>
<admin-server-name>SpecjAppServer</admin-server-name>
<jdbc-system-resource>
<name>SpecDataSource</name>
<target>SpecjAppServer</target>
<descriptor-file-name>jdbc/SpecDataSource-5808-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
</domain>Please check the run.properties file under specj config directory. If the doAudit parameter is set to 1 and you do not run the chart application you will not see any load or output.
Maybe you are looking for
-
Issue with if condition in smartform text elements
Hi all. iam having a problem in smart forms itab has 3 fields id matnr werks 1 a p1 1 b p2 1 c p3 2 b l1 2 c l2 3 q u1 3 l u2 i neead output like in the smart form -id = 1- a p1 b p2 c p3 -id = 2- b l1 c l2 -id = 3- q u1 l u2 I have aloop in mai
-
Transfer Structure Could not be Collected
I am trying to activate some Business Content (CO-OM-CCA Costs & Allocations). In the <b>Select Object</b> Popup, after selecting the required object and I am pressing the Transfer <b>Selection</b>. Now I am getting the errors as below <i>1) Obje
-
A better SQL to avoid Index growth
Our developer passed this code along to us as we are getting some performance and behaviour in our 9.2.0.7 DB. When this process run, our 4MB index grows to over 1.5 GB and we are forced to re-org it to bring it back down. BEGIN PRETERR := 'NO ERROR'
-
UDF In Marketing Document At Title Level - Display/Activate
Can you display an UDF in a Marketing Document and if so how do you make it visible and active? I see how to do this for the rows but not the title.
-
Hi. I have this servlet which caches frequently used disk data (images, css sheets etc.), and stores it into memory, so that it eliminates disk I/O overhead in order to increase throughput. Is it worth it ? Thanks.