Using self-signed certificates for HTTPS

Similar Messages

• How to replace self-signed certificate for enterprise manager console

  Does anyone know how to change self-signed certificate for https access to Enterprise Manager console, which is issued during installation of Oracle 11g?

  Well, this might not be much help, but for 10g, on AIX, docID 1171558.1 describes how to create a new certificate.
  Not sure how relevant it will be for 11g, sorry :(

• How to use self-signed Certificate or No-Check-Certificate in Browser ?

  Folks,
  Hello. I am running Oracle Database 11gR1 with Operaing System Oracle Linux 5. But Enterprise Manager Console cannot display in Browser. I do it in this way:
  [user@localhost bin]$ ./emctl start dbconsole
  The command returns the output:
  https://localhost.localdomain:1158/em/console/aboutApplication
  Starting Oracle Enterprise Manager 11g Database Control ... ...
  I open the link https://localhost.localdomain:1158/em/console/aboutApplication in browser, this message comes up:
  The connection to localhost.localdomain: 1158 cannot be established.
  [user@localhost bin]$ ./emctl status dbconsole
  The command returns this message: not running.
  [user@localhost bin]$ wget https://localhost.localdomain:1158/em
  The command returns the output:
  10:48:08 https://localhost.localdomain:1158/em
  Resolving localhost.localdomain... 127.0.0.1
  Connecting to localhost.localdomain|127.0.0.1|:1158... connected.
  ERROR: cannot verify localhost.localdomain's certificate, issued by `/DC=com/C=US/ST=CA/L=EnterpriseManager on localhost.localdomain/O=EnterpriseManager on localhost.localdomain/OU=EnterpriseManager on localhost.localdomain/CN=localhost.localdomain/[email protected]':
  Self-signed certificate encountered.
  To connect to localhost.localdomain insecurely, use `--no-check-certificate'.
  Unable to establish SSL connection.
  A long time ago when I installed Database Server Oracle 11gR1 into my computer, https://localhost.localdomain:1158/em in Browser comes up this message:
  Website certified by an Unknown Authority. Examine Certificate...
  I select Accept this certificate permanently. Then https://localhost.localdomain:1158/em/console/logon/logon in Browser displays successfully.
  But after shut down Operating System Oracle Linux 5 and reopen the OS, https://localhost.localdomain:1158/em/console/logon/logon in Browser returns a blank screen with nothing, and no more message comes up to accept Certificate.
  My browser Mozilla Firefox, dbconsole, and Database Server 11gR1 are in the same physical machine.I have checked Mozilla Firefox in the following way:
  Edit Menu > Preferences > Advanced > Security > View Certificates > Certificate Manager > Web Sites and Authorities
  In web sites tab, there is only one Certificate Name: Enterprise Manager on localhost.localdomain
  In Authorities tab, there are a few names as indicated in the above output of wget.
  My question is: How to use self-signed certificate and no-check-certificate in Mozilla Firefox for EM console to display ?
  Thanks.

  Neither problem nor solution do involve Oracle DB
  root cause of problem & fix is 100% external, detached, & isolated from Oracle DB.
  This thread is OFF TOPIC for this forum.

• Self Signed Certificate for Exchange 2013

   
  What's the draw back for using self sign certificate in production enviroment

  Hi,
  Based on my research, here are the disadvantages of self-signed certificate:
  1. The certificates aren’t trusted by other applications/operating systems. This may lead to authentications errors etc.
  Note: To overcome this limitation, some IT staff add the self-signed certificates to the Trusted Roots Certificate Authorities. However, using this workaround may to additional time that needed for management and troubleshooting.
  2. Self-signed certificates life time is usually 1 years. Before the year is ended, the certificate may need to renew/replace.
  3. Self-signed certificates may use low hash and cipher technologies. Due this, the security level that implemented by self-signed certificates may not satisfy the current Security Policy etc. .
  4. No support for advanced PKI (Public Key Infrastructure) functions (e.g. Online checking of the revocation list etc.).
  5. Most of the advanced feathers of the server side applications required to impended a PKI (Public Key Infrastructure). By this, self-signed certificates advantages cant be used.
  For more information, you can refer to the following article:
  http://blogs.microsoft.co.il/yuval14/2011/09/23/the-advantages-and-disadvantages-of-using-self-signed-certificates/
  Thanks,
  Angela Shi
  TechNet Community Support

• How to register iOS device when using self signed certificate with apple Server?

  Hi,
  I have installed the server.app by Apple and used a slef signed certificate for my server. Now I want to register my different devices (iMac, iPhone etc.). I could register the iMac without problesm (I just had to add my self signed certificate to the trusted certificates)
  Sadly, with the iPhone it is not that easy. I can install the "trust profile", but still after that I can not register my device. It seems like it does not accept my self signed certificate for device registration. When adding a registration profile, I get the error "www._mydomain_.tld/devicemanagement/api/device/auto_join_ota_service" is not valid.
  Nethertheless, I can install a profile with setting, e.g. my imap settings, via the profile management without problems.
  Does anyone have an idea how to get around the problem with the self signed certificate?
  Best regards

  Try deleting the Server.app and download it again from the App Store, restart.
  My Server is also using self signed certificates and is working with iOS device (Trust Profile needed first).

• Possible to select self-signed certificate for client validation when connecting to VPN with EAP-TLS

  In windows 8.2, I have a VPN connection configured with PPTP as the outer protocol and EAP : "Smart card or other certificate ..." as the inner protocol. Under properties, in the "When connecting" section I've selected "Use a certificate
  on this computer" and un-checked "Use simple certificate selection".
  My preference would be to use separate self-signed certificates for all clients rather than having a common root certificate that signed all of the individual client certificates. I've tried creating the self-signed certificate both with and without the
  client authentication EKU specified, and I've added the certificate to the trusted root certificate authority store on the client. But when I attempt to connect to the VPN I can not get the self signed certificate to appear on the "Choose a certificate"
  drop down.
  Are self signed certificates supported for this use in EAP-TLS? If it makes a difference, I'm working with makecert (not working with a certificate server).
  TIA,
  -Rick

  Hi Rick,
  Thank you for your patience.
  According to your description, would you please let me know what command you were using to make a self-signed certificate by tool makecert? I would like to try to reproduce this issue. Also based on my experience, please let me
  know if the certificate has private key associated and be present in the local machine store. Hence, please move the certificate from the trusted root certificate authority store to personal store.
  Best regards,
  Steven Song
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Use self signed certificate

  Hi,
  I have got a theoretical question: Is it right to use self-signed certificate in production environment?
  We don't want to use this cert. for authentication but for SSL decryption. Is this a good solution?
  Thanks!
  V.

  Hi Rick,
  May be I was not completely clear in my wordings :)
  VPN connection is not a mandate. The VPN connection already existed between our organization and the provider service (instead of going over the internet) and hence the security person in our organization was fine with us using self signed certificates.
  I gave you a scenario where the use of self signed certs was authorized. And also once more scenario where using self signed certs in test environments is not allowed.
  Two contrasting thoughts, so basically it is up to the perception of the security people to assess the risk and give a go ahead.
  Personally I feel that if the communication channel is secure between the systems (2 way ssl) then using self signed certs for message encryption might be fine.
  If the channel is not secured (may be even 1 way SSL), I would prefer using CA certified certs.
  Hope I make more sense now :)
  Thanks,
  Patrick

• Self Signed Certificate for Web Proxy 4.0.2

  Does anyone have instructions on how to create and install self signed Certificate for Web Proxy Server 4.0.2? My OS is RHEL 4.
  Shed.

  Unfortunately you will not be able to do that from the GUI.
  You will have to use certutil frin proxy-install/bin/proxy/admin/bin/certutil
  Make sure that your LD_LIBRARY_PATH includes proxy-install/bin/proxy/lib
  (start -shell will give you a shell with all necessary paths set.)
  create a file called password-file which contains your password to your cert database
  your cert database resides in the alias directory of proxy installation.
  certutil -S -s "CN=My Issuer" -n myissuer -x -t "C,C,C" -1 -2 -5 -m 1234
  -f password-file -d certdir

• Generating Self Signed Certificate for iPlanet Directory Server for testing

  Hi Experts,
  I am unable to find how to generate self signed certificate for iPlanet Directory Server for testing purpose. Actually what i mean is i want to connect to the iPlanet LDAP Server with LDAPS:// rather than LDAP:// for Secured LDAP Authentication. For this purpose How to create a Dummy Certificate to enable iPlanet Directory Server SSL. I searched in google but no help. Please provide me the solution how to test it.
  Thanks in Advance,
  Kalyan

  Here's one I did earlier.
  Refers to Solaris 10
  SSL Security
  add a new certificate that lasts for ten years (120 months).
  stop the instance:
  dsadm stop <instance>
  Remove DS from smf control:
  dsadm disable-service <instance>
  Change Certificate Database Password:
  dsadm set-flags <instance> cert-pwd-prompt=on
       Choose the new certificate database password:
       Confirm the new certificate database password:
  Certificate database password successfully updated.
  Restart the instance from the dscc:
  DSCC -> start <instance>
  Now add a new Certificate which lasts for ten years (120 months; -v 120):
  `cd <instance_path>`
  `certutil -S -d . -P slapd- -s "CN=<FQDN_server_name>" �n testcert �v 120 -t T,, -x`
       Enter Password or Pin for "NSS Certificate DB":
  Stop the Instance.
  On the DSCC Security -> Certificates tab:
       select option to "Do not Prompt for Password"
  Restart the instance.
  On the Security -> General tab, select the new certificate to use for ssl encryption
  Restart the instance
  Stop the instance
  Put DS back into smf control:
  dsadm enable-service <instance>
  Check the smf:
  svcs -a | grep ds
  # svcs -a|grep ds
  disabled Aug_16 svc:/application/sun/ds:default
  online Aug_16 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dscc6-dcc-ads
  online 17:04:28 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dsins1

• Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER]

  SCCM 2012 has been successfully installed on the server:
  SRVSCCM.
  The database is on SQL Server 2008 R2 SP1 CU6 Failover Cluster (CLS-SQL4\MSSQLSERVER04)
  Cluster nodes: SQL01 and SQL01. On all nodes made necessary the Security Setup of SCCM. No errors and warning on SCCM Monitoring.
  The cluster service is running on the account: sqlclusteruser
  The account has the appropriate SPN are registered:
  setspn -L domain\sqlclusteruser
  Registered ServicePrincipalNames for CN=SQL Cluster,OU=SQL,OU=Users special,OU=MAIN,DC=domain,DC=local:
  MSSQLSvc/CLS-SQL4
  MSSQLSvc/CLS-SQL4.domain.local
  MSSQLSvc/CLS-SQL4:11434
  MSSQLSvc/CLS-SQL4.domain.local:11434
  After some time on the cluster hosts every day started appearing new folders with files inside:
  srvboot.exe
  srvboot.ini
  srvboot.log
  srvboot.log contains the following information:
  SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER started.
  Microsoft System Center 2012 Configuration Manager v5.00 (Build 7711)
  Copyright (C) 2011 Microsoft Corp.
  Command line: "SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER CAS K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8 /importcertificate SOFTWARE\MicrosoftCertBootStrap\ SMS_SQL_SERVER".
  Set current directory to K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8.
  Site server: SRVSCCM.domain.local_SMS_SQL_SERVER.
  Importing machine self-signed certificate for site role [SMS_SQL_SERVER] on Server [SQL01]...
  Failed to retrieve SQL Server service account.
  Bootstrap operation failed: Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER].
  Disconnecting from Site Server.
  SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER stopped.

  The site server is trying to install the sms_backup agent on the SQL Server Cluster nodes.
  Without successfull bootstrap the siteserver backup is not able to run successfully.
  Try grant everyone the read permisson on
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS on the SQL server nodes.
  This worked for me.
  After that a Folder named "SMS_<SITESERVER-FQDN>" appeared on C: on the SQL Cluster nodes, and a "SMS_SITE_SQL_BACKUP_FQDN" Service should be installed.
  After the new Folder is created and the new Service is installed, you can safely remove the bootstrap Service by opening a command prompt and enter:
  sc delete "SMS_SERVER_BOOTSTRAP_FQDN-of-SiteServer_SMS_SQL_SERVER"

• Why, when I successfully connect to Server 2012 Essentials R2 via Anywhere Access does the Remote Desktop Connection use the self signed certificate for RDP instead of the SSL certificate I installed when I set up access anywhere?

  Scenario:
  Windows Server 2012 R2 Essentials
  I purchased an SSL Cert from GoDaddy and I managed (after some challenges) to set up Anywhere access to use that new SSL Cert. I to rebooted the server and I am able to login to Anywhere Access vis https (using the SSL certificate) from PC, Mac and iOS.
  So far so good.
  The problem I am having is that when I click to launch a remote desktop connection to the server RDP connection wants to use the self signed SSL certificate of the server rather than the SSL Certificate I installed into Anywhere Access. As a result, I get
  a security warning like this: "The identity of the remote computer cannot be verified. Do you want to connect anyway?"
  The name in the certificate appears as ACME-SERVER.ACMEDOMAIN.local  instead of the SSL Certificate I installed, which is
  remote.acmedomain.com
  If I lick to accept, RDP does work fine, it;s just using a self signed certificate. I want it to use the trusted certificate that I purchased and installed.
  My guess is that there must be an additional step to tell Anywhere Access that when it generates the RDP session that it should use the cert? OR, is this just how it works?

  Because....
  the server does not have a 'trusted' certificate assigned to it.
  Only the RDP Gateway has the trusted certificate for the external name.
  If you want to remove that error, you have to do one of the following:
  Make sure your domain uses a public top level domaim, and get a public trusted certificate for your server.
  So, something like,
  server.domain.publicdomain.com
  Or,
  Install that certificate on your remote computer so it is trusted.
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• Flyspray email notification using self signed certificates

  Hi all, I've been having an issue with flyspray sending notification emails through a SMTP server (running on localhost) which uses submission (port 587) and starttls with a self signed certificate. Whenever a notification would be sent I receive an error like the following:
  Notice: Undefined property: Swift_Transport_StreamBuffer::$_sequence in /usr/share/webapps/flyspray/includes/external/swift-mailer/classes/Swift/Transport/StreamBuffer.php on line 236 Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /usr/share/webapps/flyspray/includes/external/swift-mailer/classes/Swift/Transport/StreamBuffer.php on line 102 Completely unexpected exception: Unable to connect with TLS encryption
  This should never happend, please inform Flyspray Developers
  For the time being I just disabled notification all together. But this is a pretty big problem for me as I would like to avoid having to come to the web to view bugs I'm working on. Eventually I will create my own personal CA and this problem will become a non-issue, but until the time comes I'd love a work around (preferably not too dirty if at all possible).
  Thanks for the help.

  H Jerome,
  The certificate may have been generated incorrectly but I would suggest logging
  a support case.
  Kind Regards,
  Richard Wallace
  Senior Developer Relations Engineer
  BEA Support.
  "Jerome Cahuzac" <[email protected]> wrote:
  >
  >
  >
  I want to enable HTTPS protocol with WebLogic Server 5.1
  I want to use a self signed certificate generated with the JDK keytool.
  I've successfuly generated it and exported a dummy.cer file.
  I've updated the weblogic.properties file with weblogic.security.certificate.server=dummy.cer
  and I've got this exception
  java.lang.NullPointerException:
  at weblogic.security.RSAKey.toString(RSAKey.java:203)
  at java.lang.String.valueOf(String.java, Compiled Code)
  at java.lang.StringBuffer.append(StringBuffer.java, Compiled
  Code)
  at weblogic.security.X509.toString(X509.java:261)
  at java.lang.String.valueOf(String.java, Compiled Code)
  at java.lang.StringBuffer.append(StringBuffer.java, Compiled
  Code)
  at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:206)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java,
  Compiled
  Code)
  at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
  at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
  at java.lang.reflect.Method.invoke(Native Method)
  at weblogic.Server.startServerDynamically(Server.java:99)
  at weblogic.Server.main(Server.java:65)
  at weblogic.Server.main(Server.java:55)
  at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
  at java.lang.Thread.run(Thread.java:479)
  mar. dÚc. 18 12:20:03 GMT+01:00 2001:<E> <SSLListenThread> Security Configuration
  Problem with SSL server certificate file (d:\weblogic\myserver\dummy.cer)
  What's the right way to do this ?

• How to use Self Signed certificate with SSLServerSocket?

  Hello to all.
  I'm trying to build a simple client/server system wich uses SSLSocket to exchange data. (JavaSE 6)
  The server must have it's own certificate, clients don't need one.
  I started with this
  http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
  To generate key for the server and a self signed certificate.
  To sum it up:
       Create a new keystore and self-signed certificate with corresponding public/private keys.
  keytool -genkeypair -alias mytest -keyalg RSA -validity 7 -keystore /scratch/stores/server.jks
       Export and examine the self-signed certificate.
  keytool -export -alias mytest -keystore /scratch/stores/server.jks -rfc -file server.cer
       Import the certificate into a new truststore.
  keytool -import -alias mytest -file server.cer -keystore /scratch/stores/client.jksThen in my server code I do
  System.setProperty("javax.net.ssl.keyStore", "/scratch/stores/server.jks");
  System.setProperty("javax.net.ssl.keyStorePassword", "123456");
  SSLServerSocketFactory sf = sslContext.getServerSocketFactory();
  SSLServerSocket sslServerSocket = (SSLServerSocket)sf.createServerSocket( port );
  Socket s = sslServerSocket.accept();I am basically missing some point because I get a "javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled." when I try to run the server.
  Can it be a problem with the certificate? When using -validity <days> in keytool the certificate gets self-signed, so it should work if I'm not wrong.
  I have also tried this solution
  serverKeyStore = KeyStore.getInstance( "JKS" );
  serverKeyStore.load( new FileInputStream("/scratch/stores/server.jks" ),
       "123456".toCharArray() );
  tmf = TrustManagerFactory.getInstance( "SunX509" );
  tmf.init( serverKeyStore );
  sslContext = SSLContext.getInstance( "TLS" );
  sslContext.init( null, tmf.getTrustManagers(),secureRandom );
  SSLServerSocketFactory sf = sslContext.getServerSocketFactory();
  SSLServerSocket ss = (SSLServerSocket)sf.createServerSocket( port );and still it doesn't work.
  So what am I missing?

  You were right. I corrected the mistakes in the server code, now it's
       private SSLServerSocket setupSSLServerSocket(){
            try {
                 SSLContext sslContext = SSLContext.getInstance( "TLS" );
                 KeyManagerFactory km = KeyManagerFactory.getInstance("SunX509");
                 KeyStore ks = KeyStore.getInstance("JKS");
                 ks.load(new FileInputStream(_KEYSTORE), _KEYSTORE_PASSWORD.toCharArray());
                 km.init(ks, _KEYSTORE_PASSWORD.toCharArray());
                  * Da usare con un truststore se serve autenticazione dei client
                  * TrustManagerFactory tm = TrustManagerFactory.getInstance("SunX509");
                 tm.init(ks);*/
                 sslContext.init(km.getKeyManagers(), null, null);
                 SSLServerSocketFactory f = sslContext.getServerSocketFactory();
                 SSLServerSocket ss = (SSLServerSocket) f.createServerSocket(_PORT);
                 return ss;
            } catch (UnrecoverableKeyException e) {
                 e.printStackTrace();
            } catch (KeyManagementException e) {
                 e.printStackTrace();
            } catch (NoSuchAlgorithmException e) {
                 e.printStackTrace();
            } catch (KeyStoreException e) {
                 e.printStackTrace();
            } catch (CertificateException e) {
                 e.printStackTrace();
            } catch (FileNotFoundException e) {
                 e.printStackTrace();
            } catch (IOException e) {
                 e.printStackTrace();
            return null;
       }and on the client code
  private SSLSocket setupSSLClientSocket(){
       try {
            SSLContext sslContext = SSLContext.getInstance( "TLS" );
            /* SERVER
            KeyManagerFactory km = KeyManagerFactory.getInstance("SunX509");
            km.init(ks, _KEYSTORE_PASSWORD.toCharArray());
            KeyStore clientks = KeyStore.getInstance("JKS");
            clientks.load(new FileInputStream(_TRUSTSTORE), _TRUSTSTORE_PASS.toCharArray());
            TrustManagerFactory tm = TrustManagerFactory.getInstance("SunX509");
            tm.init(clientks);
            sslContext.init(null, tm.getTrustManagers(), null);
            SSLSocketFactory f = sslContext.getSocketFactory();
            SSLSocket sslSocket = (SSLSocket) f.createSocket("localhost", _PORT);
            return sslSocket;
       } catch (KeyManagementException e) {
            e.printStackTrace();
       } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
       } catch (KeyStoreException e) {
            e.printStackTrace();
       } catch (CertificateException e) {
            e.printStackTrace();
       } catch (FileNotFoundException e) {
            e.printStackTrace();
       } catch (IOException e) {
            e.printStackTrace();
       return null;
  }and added a System.out.println(sslSocket); after every incoming message (server side) and SSL is now fully working!
  So my mistakes were:
  [] Incorrect setup done by code
  [] Incorrect and insufficient println() of socket status
  Now that everything works, I've deleted all this manual setup and just use the system properties. (They MUST be set before getting the Factory)
  SERVER SIDE:
  System.setProperty("javax.net.ssl.keyStore", _KEYSTORE);
  System.setProperty("javax.net.ssl.keyStorePassword", KEYSTOREPASSWORD);
  SSLServerSocketFactory f = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
  SSLServerSocket sslServerSocket = (SSLServerSocket) f.createServerSocket(_PORT);
  CLIENT SIDE:
  System.setProperty("javax.net.ssl.trustStore", "/scratch/stores/client.jks");
  System.setProperty("javax.net.ssl.trustStorePassword", "client");
  SSLSocketFactory f = (SSLSocketFactory) SSLSocketFactory.getDefault();
  SSLSocket sslSocket = (SSLSocket) f.createSocket(_HOST, _PORT);
  And everything is working as expected. Thank you!
  I hope my code will help someone else in the future.

• MTLS using self-signed certificates

  We have a Expressway-C and Expressway-E setup in labs. While setting up a secure (TLS) traversal zone between C and E, can we use self-signed certs instead of trusted CA certs? (Import the C self-signed cert on to E and vice-verse will suffice for  MTLS?)

  H Jerome,
  The certificate may have been generated incorrectly but I would suggest logging
  a support case.
  Kind Regards,
  Richard Wallace
  Senior Developer Relations Engineer
  BEA Support.
  "Jerome Cahuzac" <[email protected]> wrote:
  >
  >
  >
  I want to enable HTTPS protocol with WebLogic Server 5.1
  I want to use a self signed certificate generated with the JDK keytool.
  I've successfuly generated it and exported a dummy.cer file.
  I've updated the weblogic.properties file with weblogic.security.certificate.server=dummy.cer
  and I've got this exception
  java.lang.NullPointerException:
  at weblogic.security.RSAKey.toString(RSAKey.java:203)
  at java.lang.String.valueOf(String.java, Compiled Code)
  at java.lang.StringBuffer.append(StringBuffer.java, Compiled
  Code)
  at weblogic.security.X509.toString(X509.java:261)
  at java.lang.String.valueOf(String.java, Compiled Code)
  at java.lang.StringBuffer.append(StringBuffer.java, Compiled
  Code)
  at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:206)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java,
  Compiled
  Code)
  at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
  at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
  at java.lang.reflect.Method.invoke(Native Method)
  at weblogic.Server.startServerDynamically(Server.java:99)
  at weblogic.Server.main(Server.java:65)
  at weblogic.Server.main(Server.java:55)
  at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
  at java.lang.Thread.run(Thread.java:479)
  mar. dÚc. 18 12:20:03 GMT+01:00 2001:<E> <SSLListenThread> Security Configuration
  Problem with SSL server certificate file (d:\weblogic\myserver\dummy.cer)
  What's the right way to do this ?

• Self signed certificate for web service security !!

  i've created self-signed certificate using keytool for web serivce security. But i'm unable to implement from the client side. When i'm giving "dn=localhost" it's working fine. But when i'm giving other than that it's throwing me error as :
  java.io.IOException: HTTPS hostname wrong: should be <192.168.2.36>
  I don't know what's the problem. Could any tell me where i'm wrong. In the CN i've given my ip address. Please help me out.
  Do i need to do something else?

  thanks for your kind help.
  But i follwed the same which are given. Do i need to set something in netbeans? i'm usign netbeans 5.5,tomcat 5.5 and jdk5. Still i'm getting the same error as "https hostname is wrong: it should be <192.168.2.278>", which my ip address. I've created my self signed certificate and given the path to it by mentioning in System.setProperty("javax.net.ssl.trustStore","d:/keystore/auth.keystore"); and for password to. Do i need to do something else?
  Please help me out in this reagard. I'm startup of this technology.
  in advance thanks.