Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SSL Certificate Install Problem

0 views
Skip to first unread message

eraldo

unread,
Nov 22, 2002, 10:00:05 AM11/22/02
to
hi,
I tried to install SSL certicate on a Weblogic 6.1 SP3 (running on a
Solaris 8). Following the post 5457 (found in your newsgroup) I made
this steps:
- I generated CSR using web application /certificate
- I sent CSR to Entrust.com obtaining a certicate and a chain
certificate
- I configured the server under "Configuration - SSL" with following
parameters:
- Enabled = true
- Listen port = 8002
- Server Key File Name = <path to private key ".der" file>
- Server Certificate File Name = <path to Entrust CRT ".pem" file>
- Server Certificate Chain File Name = <path to Entrust CA ".pem"
file>
- Key Encrypted = true
- I changed startWebLogic.sh:
- added "-Dweblogic.management.pkpassword=<my_pwd>" to JAVA command
line


Launchin' the script I got the following exception:
*****************************************
<Nov 22, 2002 2:34:44 PM GMT-01:00> <Alert> <WebLogicServer> <Security
configuration problem with ce
rtificate file config/sdfdomain/H3MIS097_H3G_IT-key.der,
java.io.IOException: weblogic.security.Ciph
erException: Invalid padding length 48>
java.io.IOException: weblogic.security.CipherException: Invalid
padding length 48
at weblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:157)
at weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:125)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:391)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1097)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:490)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:206)
at weblogic.Server.main(Server.java:35)
*****************************************

Any idea?
Thanks in advance,
Eraldo

kirann

unread,
Nov 22, 2002, 2:25:37 PM11/22/02
to

try converting your key from der2pem using
java utils.der2pem {keyfile in der} {keyfile out in pem}

thanks
kiran

"eraldo" <eraldo.qu...@h3g.it> wrote in message
news:771facc9.02112...@posting.google.com...

Jan Bruun Andersen

unread,
Nov 22, 2002, 5:18:59 PM11/22/02
to
Hi Eraldo,

I wish I had an answer for you :-(

I am strugling with a similar problem in WLS 7.0 sp1. I am also trying to get SSL to work with something else than the the demo-stuff. Just as you, I created the Request and got a trial Cert something called an intermediate CA from VeriSign.

Attempting not to complicate things like using the keystore (whatever that is), I saved the PEM's in the filesystem and rebooted.

During boot, the server complained about a missing pkpassword, so I put that in the startWebLogic.sh script. But no luck!

Right now, I am back to the demo stuff, and now I am searching for some easy-to-understand guide with a working example of how to configure this damn SSL-thingy.
--
Jan

Michael Jouravlev

unread,
Nov 25, 2002, 12:03:53 PM11/25/02
to
If you want to implement 1-way SSL (client authenticates server), then
trusted CA from Verisign should be accessible from the client, not from the
server. Server needs only two files: Private Key file (generated by WL
during CSR process) and your Server Certificate, which Verisign sends you by
mail. Both files should be either PEM or DER, and according to the manual,
WL distinguishes correct file format by its extension. (For example, if you
want to use Verisign CER file later for 2-way SSL, you better rename it to
DER).

So, just use Private Key and your server Certificate. If you entered the
password for your Private Key during CSR process, then set this password in
your WebLogic startup command file using
weblogic.management.pkpassword=<Your Private Key password>.

Michael J.

"Jan Bruun Andersen" <AMIPAS...@spammotel.com> wrote in message
news:3ddead53$1...@newsgroups.bea.com...

0 new messages