WebLogic Server 8.12的SSL认证证书过期?
我新建了一个WebLogic Server 8.12的域,并且为这个域加上了SSL。但是启动后,控制台出现错误信息,大致意思是“VeriSign, Inc.的证书到2004年1月7日已经过期”。好像之前网上流传Symantec的产品也因为证书过期导致了一些问题。
那么,这个WebLogic的问题应该怎么解决呢?高手请现身!
我最近也在研究这个,大家是不是到 http://www.verisign.com/
这个网站得到的试用的?时间只有两个星期,后来到网上搜了下,有个叫openssl的可以生成,而且是免费的,具体的文章可以看下
http://www-900.ibm.com/developerWorks/cn/security/se-tcssl/index.shtml
这个,我也在研究中……
大家有什么成果希望贴出来啊!
该帖由 herosword 在 Jan 26, 2005 6:06 PM 编辑过
Similar Messages
-
How write rmi-iiop over ssl with weblogic server 6.1 - No server found
//New
Hello,
I have written an appication like this:
- An EJB server running on Weblogic server 6.1
(named: BankServerHome)
-A java client calling the BankServer.
Platform: windows 2000 - jdk1.3
Now I want to secure the communication with SSL protocol.
I have done this:
-generate a key peer with weblogic service named certificate.
-send the CSR to a CA and place the answer into the weblogic
server certificate directory.
-update path for ServerCertificateChainFileName,
ServerCertificateFileName, ServerKeyFileName into config.xml.
-launch weblogicServer
-> server certificate is recognized
-> listening port 7001 and 7002.
(-stop weblogicServer!)
At now, all is all right, errors come hereafter:
Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
"To use RMI over IIOP over SSL with a Java client, do the following:
2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
connections. Be sure to specify the port on which WebLogic Server listens for
SSL connections. For an example of a class that extends the
java.rmi.server.RMISocketFactory class, see Listing 4-22.
3. Run the ejbc compiler with the -d option.
4. Add your extension of the java.rmi.server.RMISocketFactory class to the
CLASSPATH of the Java client.
5. Use the following command options when starting the Java client:
-xbootclasspath/a:%CLASSPATH%
-Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
-Dssl.certs=directory location of digital certificate for Java client
-Dssl.key=directory location of private key for Java client"
At step 3. I found into documentation that -d is linked to a directory name.
When I run ejbc with this option -d I have the message:
"ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
% So what option can I use to run ejbc for secure usage?
At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
this pointed class is not instanciated.
Then I can not create a socket with my client.
The folowing exception is raised:
javax.naming.CommunicationException [Root exception is java.net.ConnectException:
No server found at T3S://localhost:7002]
So, my questions are:
% Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
the server?
My java client part, managing connection is:
-------------------BEGIN OF CONNECTION MANAGER-------------------
Properties env = new Properties ();
// Shouldn't have to do this, but for now you must
if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
env.put ("java.naming.provider.url", "t3s://localhost:7002");
InitialContext context = new InitialContext (env);
BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
BankServer = bssh.create();
-------------------END OF CONNECTION MANAGER-------------------
I have also try
env.put ("java.naming.provider.url", "corbaloc:iiop://localhost:7002");
but it throws the following error
javax.naming.InvalidNameException: url does not conatin !!!
% What is the code for the java client allowing connection with the ejb?
% And better, can I have a sample example for rmi-iiop over ssl?
(...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
speak ssl!)
Any help will be appreciate from you...
Best Regards.
Oliver"oliver" <[email protected]> writes:
The SSL support is poorly doc'd right now. We have fixed this and
updated the way you do things in SP2. Please either wait for SP2 or
contact support.
andy
I have written an appication like this:
- An EJB server running on Weblogic server 6.1
(named: BankServerHome)
-A java client calling the BankServer.
Platform: windows 2000 - jdk1.3
Now I want to secure the communication with SSL protocol.
I have done this:
-generate a key peer with weblogic service named certificate.
-send the CSR to a CA and place the answer into the weblogic
server certificate directory.
-update path for ServerCertificateChainFileName,
ServerCertificateFileName, ServerKeyFileName into config.xml.
-launch weblogicServer
-> server certificate is recognized
-> listening port 7001 and 7002.
(-stop weblogicServer!)
At now, all is all right, errors come hereafter:
Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
"To use RMI over IIOP over SSL with a Java client, do the following:
2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
connections. Be sure to specify the port on which WebLogic Server listens for
SSL connections. For an example of a class that extends the
java.rmi.server.RMISocketFactory class, see Listing 4-22.
3. Run the ejbc compiler with the -d option.
4. Add your extension of the java.rmi.server.RMISocketFactory class to the
CLASSPATH of the Java client.
5. Use the following command options when starting the Java client:
-xbootclasspath/a:%CLASSPATH%
-Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
-Dssl.certs=directory location of digital certificate for Java client
-Dssl.key=directory location of private key for Java client"
At step 3. I found into documentation that -d is linked to a directory name.
When I run ejbc with this option -d I have the message:
"ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
% So what option can I use to run ejbc for secure usage?
At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
this pointed class is not instanciated.
Then I can not create a socket with my client.
The folowing exception is raised:
javax.naming.CommunicationException [Root exception is java.net.ConnectException:
No server found at T3S://localhost:7002]
So, my questions are:
% Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
the server?
My java client part, managing connection is:
-------------------BEGIN OF CONNECTION MANAGER-------------------
Properties env = new Properties ();
// Shouldn't have to do this, but for now you must
if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
env.put ("java.naming.provider.url", "t3s://localhost:7002");
InitialContext context = new InitialContext (env);
BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
BankServer = bssh.create();
-------------------END OF CONNECTION MANAGER-------------------
I have also try
env.put ("java.naming.provider.url", "corbaloc:iiop://localhost:7002");
but it throws the following error
javax.naming.InvalidNameException: url does not conatin !!!
% What is the code for the java client allowing connection with the ejb?
% And better, can I have a sample example for rmi-iiop over ssl?
(...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
speak ssl!)
Any help will be appreciate from you...
Best Regards.
Oliver -
How write rmi-iiop over ssl with weblogic server 6.1?
Hello,
I have written an appication like this:
- An EJB server running on Weblogic server 6.1
(named: BankServerHome)
-A java client calling the BankServer.
Platform: windows 2000 - jdk1.4
Now I want to secure the communication with SSL protocol.
I have done this:
-generate a key peer with weblogic service named certificate.
-send the CSR to a CA and place the answer into the weblogic
server certificate directory.
-update path for ServerCertificateChainFileName,
ServerCertificateFileName, ServerKeyFileName into config.xml.
-launch weblogicServer
-> server certificate is recognized
-> listening port 7001 and 7002.
(-stop weblogicServer!)
At now, all is all right, errors come hereafter:
Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
"To use RMI over IIOP over SSL with a Java client, do the following:
2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
connections. Be sure to specify the port on which WebLogic Server listens for
SSL connections. For an example of a class that extends the
java.rmi.server.RMISocketFactory class, see Listing 4-22.
3. Run the ejbc compiler with the -d option.
4. Add your extension of the java.rmi.server.RMISocketFactory class to the
CLASSPATH of the Java client.
5. Use the following command options when starting the Java client:
-xbootclasspath/a:%CLASSPATH%
-Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
-Dssl.certs=directory location of digital certificate for Java client
-Dssl.key=directory location of private key for Java client"
At step 3. I found into documentation that -d is linked to a directory name.
When I run ejbc with this option -d I have the message:
"ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
% So what option can I use to run ejbc for secure usage?
At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
this pointed class is not instanciated.
Then I can not create a socket with my client.
The folowing exception is raised:
javax.naming.CommunicationException [Root exception is java.net.ConnectException:
No server found at T3S://localhost:7002]
So, my questions are:
% Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
the server?
My java client part, managing connection is:
-------------------BEGIN OF CONNECTION MANAGER-------------------
Properties env = new Properties ();
// Shouldn't have to do this, but for now you must
if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
env.put ("java.naming.provider.url", "t3s://localhost:7002");
} else {
env.put ("java.naming.provider.url", "rmi://localhost:7002");
InitialContext context = new InitialContext (env);
BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
BankServer = bssh.create();
-------------------END OF CONNECTION MANAGER-------------------
% What is the code for the java client allowing connection with the ejb?
% And better, can I have a sample example for rmi-iiop over ssl?
(...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
speak ssl!)
Any help will be appreciate from you...
Best Regards.
Oliver"oliver" <[email protected]> writes:
First off 1.4 isn't supported as yet. That is probably part of the problem.
You also must use a corba URL from the client in order for this to work for instance:
If you are using WLInitialContextFactory:
corbaloc:iiop:localhost:7001/NameService
If you are using CNCtxFactory:
iiop://localhost:7001
Using rmi: is the wrong thing to do - that will use jrmp or t3.
However, I suggest that you raise a call with support since there is
some other trickiness with getting SSL working. We hope to have this
much improved in SP2.
andy
Hello,
I have written an appication like this:
- An EJB server running on Weblogic server 6.1
(named: BankServerHome)
-A java client calling the BankServer.
Platform: windows 2000 - jdk1.4
Now I want to secure the communication with SSL protocol.
I have done this:
-generate a key peer with weblogic service named certificate.
-send the CSR to a CA and place the answer into the weblogic
server certificate directory.
-update path for ServerCertificateChainFileName,
ServerCertificateFileName, ServerKeyFileName into config.xml.
-launch weblogicServer
-> server certificate is recognized
-> listening port 7001 and 7002.
(-stop weblogicServer!)
At now, all is all right, errors come hereafter:
Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
"To use RMI over IIOP over SSL with a Java client, do the following:
2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
connections. Be sure to specify the port on which WebLogic Server listens for
SSL connections. For an example of a class that extends the
java.rmi.server.RMISocketFactory class, see Listing 4-22.
3. Run the ejbc compiler with the -d option.
4. Add your extension of the java.rmi.server.RMISocketFactory class to the
CLASSPATH of the Java client.
5. Use the following command options when starting the Java client:
-xbootclasspath/a:%CLASSPATH%
-Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
-Dssl.certs=directory location of digital certificate for Java client
-Dssl.key=directory location of private key for Java client"
At step 3. I found into documentation that -d is linked to a directory name.
When I run ejbc with this option -d I have the message:
"ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
% So what option can I use to run ejbc for secure usage?
At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
this pointed class is not instanciated.
Then I can not create a socket with my client.
The folowing exception is raised:
javax.naming.CommunicationException [Root exception is java.net.ConnectException:
No server found at T3S://localhost:7002]
So, my questions are:
% Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
the server?
My java client part, managing connection is:
-------------------BEGIN OF CONNECTION MANAGER-------------------
Properties env = new Properties ();
// Shouldn't have to do this, but for now you must
if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
env.put ("java.naming.provider.url", "t3s://localhost:7002");
} else {
env.put ("java.naming.provider.url", "rmi://localhost:7002");
InitialContext context = new InitialContext (env);
BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
BankServer = bssh.create();
-------------------END OF CONNECTION MANAGER-------------------
% What is the code for the java client allowing connection with the ejb?
% And better, can I have a sample example for rmi-iiop over ssl?
(...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
speak ssl!)
Any help will be appreciate from you...
Best Regards.
Oliver -
Confused about the 11g R2 Forms Server and using SSL
All,
I just installed the 11g R2 Forms Server software without configuring it.
I then ran the config.sh script to configure it which creates a weblogic server domain.
I'm a bit confused now. If I run opmnctl status command I get the following:
Processes in Instance: frmrep_inst_1
--------------------------------------------------------------+---------
ias-component | process-type | pid | status
--------------------------------------------------------------+---------
emagent_frmrep_inst_1 | EMAGENT | 28279 | Alive
RptSvr_eiaorapptest_frmrep_ins | ReportsServerComp~ | 28124 | Alive
ohs1 | OHS | 27831 | Alive
This looks to me like there is an Oracle Http Server installed.
Is the Oracle Http Server answering web calls when I run forms or is the Weg Logic Server answering the call?
Also, the Oracle Forms Installation Documentation talks about securing your environment with Oracle Identity Manager but we are not using Oracle Identity Manager. I want to use SSL but I'm not sure how to secure the environment with SSL. Do I need to configure the WebLogic server to use SSL or the OHS?
Any help would be greatly appreciated.
CheersFusion Middleware 11.1.x does include HTTP Server (OHS) and also requires WLS. Both HTTP Server and WLS are http listeners, amongst other things. So whether WLS handles a request or HTTP Server does it will be entirely up to you and/or the end-user.
OHS has a listener which by default (in FMw) listens for requests on port 8888. On the other hand WLS_FORMS is preconfigured to listen on port 9001.
This means that if your URL looks like the following, WLS_FORMS will directly answer the client:
<blockquote>http://server:9001/forms/frmservlet?form=abc</blockquote>
If the URL looks like the following, the HTTP Server will reply:
<blockquote>http://server:8888/forms/frmservlet?form=abc</blockquote>
The request path when using OHS as the listener to call Oracle Forms would look like this:
<blockquote>CLIENT --- OHS --- WLS_FORMS --- FORMS SERVLET --- FORMS RUNTIME (frmweb.exe) --- DATABASE</blockquote>
The request path when using WLS_FORMS as the listener to call Oracle Forms would look like this:
<blockquote>CLIENT --- WLS_FORMS --- FORMS SERVLET --- FORMS RUNTIME (frmweb.exe) --- DATABASE</blockquote>
Although removing OHS from the path would seem to be better because it is one less server to administer and less system resources consumed, generally it would be argued that the advantages of having it will outweigh the disadvantages.
There are numerous advantages to use OHS in front of WLS, but the most obvious should be that OHS can be set up so that you have one and only one entry point into your FMw environment. In other words, even though for example Forms WLS listens on 9001 and Reports on 9002 and some other app on 9999, all requests can be routed through a single OHS port (e.g. 8888). This gives added security since only one port would need to be open assuming a firewall was in place. This configuration is also helpful when calling one application from another. For example when calling Reports from Forms. If you use OHS, references to other WLS managed servers can be called with a relative reference rather than a fully qualified one.
Regarding whether or not SSL needs to be enabled at any particular point in the path is entirely up to you. You can enable SSL from the client all the way back to the db or any where in between. It is fairly common to see SSL between the client and OHS then no SSL to WLS. But if security is a great concern then you may want to consider SSL from front to back. However, keep in mind that SSL comes at a price. Performance will degrade slightly when SSL is enabled.
Also, OAM (Oracle Access Manager) has nothing to do with SSL. SSL refers to traffic encryption. OAM is for authentication - single sign on.
Consider reviewing the Forms Deployment Guide as well as the other Fusion Middleware documents referenced within it.
<blockquote>http://docs.oracle.com/cd/E24269_01/index.htm</blockquote>
Finally, and most important, this topic really has nothing to do with Oracle Forms. This is more about how a web server or its environment works. -
Weblogic server 10.3.5 error during SSL handshake
Please some one help to figure the issue with following logs.
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33092690>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33095418>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33092490 SSL Version data invalid>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
<16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33092690>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33095215 SSL Version data invalid>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
<16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33095418>
I just created domain with http and https ports. I installed an web app. When I am trying to access the app from browser through https the above error is occurring.
Please somebody help me.
Thanks in advance.
SKThis message indicates that the SSL connection is closed successfully. It is a warning message and normal to see in the logs when you enable the SSL debug flags. This is an expected behavior. If you see alerts when SSL debug is NOT ENABLED then it is a real alert and we need to take care of those issues. Also, it is not a real alert, it is a caught and handled exception from the certicom code which is not harmful and should be ignored, just because you have enabled the SSL debug flag. Once you turn it off, you won't see it in the logs.
Edited by: sharmela on Jan 22, 2013 4:55 AM -
ACE 4700 configuring SSL termination weblogic server 10.3.6
Hello,
Im trying to configure an ACE 4700 so that SSL termination is done on the ACE and HTTP reaches the weblogic server instance.
I have a working setup of a Apache reverse proxy doing SSL offloading and using a weblogic module and that works fine
Was reading http://docs.oracle.com/cd/E23943_01/web.1111/e13709/load_balancing.htm#i1045186
Can anyone point me to a working config example for doing this with the ACE4700 or give me some directions here?
Kind regards,
LaurensHi Laurens,
Here is a basic configuration for SSL termination:
rserver host test
ip address 10.198.16.98
inservice
rserver host test2
ip address 10.198.16.93
inservice
serverfarm host test
rserver test 80
inservice
rserver test2 80
inservice
ssl-proxy service TEST
key cert
cert cert
class-map match-all VIPSSL
2 match virtual-address 10.198.16.122 tcp eq https
policy-map type loadbalance first-match test
class class-default
serverfarm test
policy-map multi-match clients
class VIPSSL
loadbalance vip inservice
loadbalance policy test
loadbalance vip icmp-reply active
nat dynamic 1 vlan 112
ssl-proxy server TEST
interface vlan 112
ip address 10.198.16.91 255.255.255.192
access-group input Allow_Access
nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat
service-policy input NSS_MGMT
service-policy input clients
no shutdown
Cesar R
ANS Team -
Connect OEPE to a Weblogic Server running in Production SSL mode
I am trying to connect an ECLIPSE IDE to a production Weblogic Server domain. However when I add the AdminServer to the IDE I get the message that it is Stopped but Synchronized. Therefore I cannot deploy any code directly from the IDE. How do you get Eclipse to connect to a production domain running with SSL enabled?
According to the Oracle docs you can connect via ssl to a domain in development mode using the demo certificates. See
http://download.oracle.com/docs/cd/E11035_01/wls100/secmanage/identity_trust.html - Configuring Demo Certificates for Clients
I was wondering if it was possible using proper certificates and a production domain. -
Hi guys,
I installed webloigic 12.1.1 on windows 2003(32-bit);
I was requested add SSL Configuration to console;
I'm using keytool; It is not first time I setup SSL on weblogic console, only version is different;
before I did susssessfully on weblogic 11g(10.3.2-10.3.5) using the same scenario;
My steps:
1.generate key;
keytool -keyalg RSA -genkey -v -alias <server_name> -keysize 2048 -storepass <pwd> -validity 762 -keystore <name>.jks
2. create cert
keytool -certreq -alias <server_name> -file file_name.csr -keystore <name>.jks
after send and return certificate 3 layers;
imported back;
--root--
keytool -importcert -v -noprompt -alias rootca.kbr.com -file root0.cer -keystore <name>.jks -trustcacerts
Enter keystore password:
Certificate was added to keystore
[Storing <name>.jks]
keytool -importcert -v -noprompt -alias rootca1.kbr.com -file root1.cer -keystore <name>.jks -trustcacerts
Enter keystore password:
Certificate was added to keystore
[Storing <name>.jks]
keytool -importcert -v -noprompt -alias <server_name> -file root2.cer -keystore <name>.jks -trustcacerts
Enter keystore password:
Certificate reply was installed in keystore
[Storing <name>.jks]
confufigured weblogic using conosole;
it looks like this in config.xml file
<ssl>
<enabled>true</enabled>
<listen-port>7002</listen-port>
<server-private-key-alias><server_name></server-private-key-alias>
<server-private-key-pass-phrase-encrypted>{AES}TIRM5RT26K8IZDevCNMexlWp3BuhZaFpi8HEgPaOCrU=</server-private-key-pass-phrase-encrypted>
</ssl>
<listen-address>34.64.3.9</listen-address>
<key-stores>CustomIdentityAndCustomTrust</key-stores>
<custom-identity-key-store-file-name>path<name>.jks</custom-identity-key-store-file-name>
<custom-identity-key-store-type>JKS</custom-identity-key-store-type>
<custom-identity-key-store-pass-phrase-encrypted>{AES}hiemEGOTrjIRvEOnn0+ODuNpWehBbrgb8fydImfyXV4=</custom-identity-key-store-pass-phrase-encrypted>
<custom-trust-key-store-file-name>path<name>.jks</custom-trust-key-store-file-name>
<custom-trust-key-store-type>JKS</custom-trust-key-store-type>
<custom-trust-key-store-pass-phrase-encrypted>{AES}xzP2kU98nkVMNLdzMv7VRoRjoBQUTu5jjtlMLm87PHc=</custom-trust-key-store-pass-phrase-encrypted>
</server>
When I restart SSL , I see error in log file
Er<AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1381506732875>
<BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: No identity key/certificate entry was found under alias <SERVER_NAME> in keystore path<name>.jks on server AdminServer>
Please help
I thought before if import certification get status Certificate reply was installed in keystore
it shouldn't be problem for weblogic use thsi certificate;Compare your steps with the following
http://weblogic-wonders.com/weblogic/2011/05/25/ssl-configuration-for-weblogic-server/ -
WLS :: Will Vista web client work with Weblogic Server 8.1.6 over SSL?
Hello,
I have installed 51-2 bit SSL cert on weblogic 7 and found that the secure site doesn't work on Vista web client.
Weblogic gives error in handshaking and says algorithm is not supported.
Vista web client uses some algorithms which were not supported by weblogic 7.
So would like to know if would Vista web client work with Weblogic Server 8.1.6 over SSL?
Any information in this regard would be helpful.
Thanks in Advance.can you use the following debug flags in the weblogic server as java_options and paste the complete ssl handshake exception here.
-Dweblogic.StdoutDebugEnabled=true
-Dssl.debug=true
thanks,
sandeep -
Enable SSL between oracle JDBC Connection in weblogic server.
Hi ALL,
I have an requirement to enable SSL Mechanism in weblogic JDBC Connection Pool.we are using Oracle9i Enterprise Edition Release 9.2.0.7.0 - 64bit Production and Driver as "jdbc:oracle:thin@..." / oracle.jdbc.OracleDriver.
weblogic server 8.1 SP4
can anybody know what are the steps / configuration has to be done for enable Oracle Advanced Security encryption on the JDBC Oracle Thin driver with a WebLogic JDBC Connection Pool.
Thanks,
Karthik,Hi,
I changed the code as given below. Still getting the same error. Can I migrate my question to jdbc section? I am new to this forum.
import java.sql.*;
public class jdbc {
public static void main(String[] args) throws ClassNotFoundException, SQLException
Class.forName("oracle.jdbc.driver.OracleDriver");
String url = "jdbc:oracle:thin:@localhost:1521:xe";
Connection conn =
DriverManager.getConnection(url,"jestin","jj");
conn.setAutoCommit(false);
Statement stmt = conn.createStatement();
ResultSet rset =
stmt.executeQuery("select BANNER from SYS.V_$VERSION");
while (rset.next()) {
System.out.println (rset.getString(1));
stmt.close();
System.out.println ("Ok.");
jestinjoy@debian:~/java$ javac -classpath /usr/lib/java/ jdbc.java
jestinjoy@debian:~/java$ java jdbc
Exception in thread "main" java.lang.ClassNotFoundException: oracle.jdbc.driver.OracleDriver
at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:169)
at jdbc.main(jdbc.java:7)
same error when I give the command without classpath -
Weblogic server 9.2 and SSL server certificate for the wrong site
I turned on SSL service for a weblogic 9.2 server and later on changed the hostname of the machine that weblogic was running on. So the hostname that my SSL server certificate was issued to has now became an invalid hostname. But my weblogic server continues to run SSL service without any exception. I can still access my web applications thru the SSL port (except of course I get a warning for the server certificate every time that it is for the "wrong site"). My question is this: should weblogic 9.2 verify the hostname in the server certificate and stop SSL service if the certificate is for the wrong site? Or is verifying the certificate strictly the job of the browser? Just want to make sure there is nothing wrong with my SSL configuration. Thanks.
So you are saying that something is wrong with my weblogic 9.2 ssl configuration? And that given a server certificate issued to a different hostname, my weblogic server should NOT be servicing ssl request and/or it should throw some sort of exception during startup? Thanks for clarifying.
-
Weblogic Server 8.1 SP4 SSL Problem
I had a server setup using SSL and x.509 certificates on Weblogic 8.1 SP3. Everything was setup fine and working properly.
I installed SP4 and I couldnt get the Certificates to work properly. I keeps rejecting the certificate. All the Identity, Trust, and all configurations seem to be identical.
I get a message
Could not establish encrypted connection because your certificate was rejected by localhost Error Code: -12271
Any ideas on what the problem could be.I am also wondering what the status of this problem is? It is preventing us from going to SP4.
_Mike -
Apache 2.2 21 forward Proxy 2 way SSL for weblogic server as a client
Hi All,
Currently, i am trying to implement a forward SSL proxy. The client will hit my apache server which in return will hit a IIS Server.
scenarios 1
client(weblogic)--*2 way SSL*Apache(forward proxy)*2 way SSL*-- IIS
If i were to implement 1 way ssl, i am able to see the content of the website.
client(weblogic) --- Apache(forward proxy) --- IIS
If i were to launch the web browser from the client machine (with the client certificate imported in the browser), i am able to view the content in the IIS. But if i were to simulate the connection from weblogic server, it just give me end of file exception (response contain no data) on the logs.
Below is my configuration
Listen 8080
<VirtualHost default:8080>
ServerName serverA
ErrorLog "logs/ssl_error_log"
CustomLog "logs/ssl_access_log" common
SSLProxyEngine On
SSLProxyMachineCertificateFile /certificate/servercert.cer
SSLProxyCACertificateFile /certificate/rootCA.cer
SSLProxyVerify require
SSLProxyVerifyDepth 10
ProxyRequests On
ProxyVia On
AllowConnect 12345
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
</VirtualHost>
For 2 way SSL, will the client forward their client certificate to my apache proxy server and apache will on the client behalf forward the client certificate to the IIS server for authenication?
Or the SSL authenication still happen between the client (weblogic) and the end server (IIS) bypassing the proxy server.
Please help.It is a domain wide setting. Can you not create a new domain? I do not think that you can handle it from web.xml. I have never seen such thing in web.xml.
-
Enabling ssl on Weblogic server 5.1 using Verisign certificate.
"Hi,I am trying to enable ssl in Weblogic server 5.1The properties set in my properties file areweblogic.security.certificate.server=servercert.pem(sent from the verisign via email)weblogic.security.key.server=cp8212-2d2-key.der(generated by the Certificate Servlet of Weblogic Server)
"Hi,I am trying to enable ssl in Weblogic server 5.1The properties set in my properties file areweblogic.security.certificate.server=servercert.pem(sent from the verisign via email)weblogic.security.key.server=cp8212-2d2-key.der(generated by the Certificate Servlet of Weblogic Server)
-
[推荐]WebLogic Server 8.1 配置Keystores 和 SSL的步骤
为WebLogic Server 8.1 配置Keystores 和 SSL的步骤
一些必要条件
Keytool 工具的使用。
证书请求/ 应答。
导入证书到Keystores。
配置SSL。
通过HTTP测试WebLogic Console
http://support.bea.com/askbea_soln/attachments/S-22841/Configure_Keystore_SSL_WLS81_viewlet_swf.html我从verisign得到认证后,用keytool import时被告知“无法从回复中建立链接”。我从verisign网站上找到weblogic6.0的一个链接,得到一个intermediate CA,可以吗? 我把得到的intermediate CA加在原来verisign mail给我的CA中,再次import时,被告知“回复中的认证链未验证”。
请问我是哪一步做错了吗?有高手碰到过类似的问题吗?
Maybe you are looking for
-
how do I verify my icloud account? It is saying an email went to a different Apple ID. Checked and there is not an email.
-
I have a procedure that needs to execute a dynamic query. here is my brief code. sql_stmt := 'select * from test where default = '|| gc_default || '; this is just a part of my code. but the problem is that default column is varchar, so the "gc_defaul
-
SAP guru's:- in fi-mm procurement flow in the one step is the PRODUCTION RECEIPT:- finished goods a/c...... Dr To stock increasing/decreasing finished goods a/c|-->if the po GBB production
-
Can we buy unlocked iPhone 4s or 4 in the shop?
Can we buy unlocked iPhone 4s or 4 in the shop? I mean in a real shop.
-
FrameMaker 11 omits embedded pictures when publishing to epub 3
I am trying to publish a book containing multiple embedded pictures to epub 3, but for some reason the FrameMaker 11 omits the pictures when running the publish script. The pictures also disappear when publishing to html help, but not when merely pub