Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Incorrect Block Length error when configuring SSL

0 views
Skip to first unread message

Brooke

unread,
Aug 7, 2001, 12:24:02 AM8/7/01
to

Hello, gurus:

I am messing around with SSL configurations on WebLogic 6.0.2. I have generated
a CSR, and located my non-password protected private key and CSR files to the
/config/[my_test_domain] folder. I have received my test cert from VeriSign, which
I have saved to /config/[my_test_domain] as cert.pem. Lastly, I copied off of
VeriSign's site an Intermediate CA certificate (or Server Cert Chain), and saved
that at ca.pem.

Now when I attempt to start WebLogic, I am seeing the following Alert messages:
==============================================================

<2001/08/07 12:03:04:JST> <Alert> <WebLogicServer> <&#12475;&#12461;&#12517;&#12522;&#12486;&#12451;
&#12467;&#12531;&#12501;&#12451;&#12464;&#12524;&#12540;
&#12471;&#12519;&#12531; weblogic.security.AuthenticationException: Incorrect
block length 64 (mod
ulus length 128) possibly incorrect SSLServerCertificateChainFileName set for
th
is server certificate &#12395;&#30683;&#30462;&#12364;&#12354;&#12426;&#12414;&#12377;&#12290;>
weblogic.security.AuthenticationException: Incorrect block length 64 (modulus
le
ngth 128) possibly incorrect SSLServerCertificateChainFileName set for this serv
er certificate
at weblogic.security.X509.verifySignature(X509.java:251)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)

==============================================================

BTW, I am doing all of this on a Japanese (EUC_JP) OS, so I apologize if part
of the above message is rendered illegible.

Anyhow, does anyone have any idea as to what is bombing?

Thanks in advance,
Brooke

Brooke

unread,
Aug 8, 2001, 6:13:40 AM8/8/01
to

"Brooke" <bro...@dml.com> wrote:
>
>...Lastly, I copied off of VeriSign's site an Intermediate CA
>certificate (or Server Cert Chain), and saved that as ca.pem.
>...

.. And that was the whole problem. After doing more search of the resources here,
I discovered that the Server Certificate Chain File Name needed the Root Server
CA cert from VeriSign. The solution was to copy VeriSign's Root Server CA cert
from their repository page, and then use OpenSSL to transform that into a .der
file. Using this .der file as the Server Certificate Chain File did the trick.

Kirk Everett

unread,
Aug 8, 2001, 12:21:04 PM8/8/01
to Brooke
Can you elaborate on what you did to get the root ca cert from verisign's repository
page and
convert it to DER format using OpenSSL? I've been trying to figure out how to do
this for about
a week now... I finally got verisign support to just email me a root ca cert but I
would like to know
what you did.. Did you just cut & paste the class 1 root ca from the repository page
(http://www.verisign.com/repository/root.html) to a file? Where did you get OpenSSL
and what
did you do to convert the file to a DER? I looked at the OpenSSL site but I couldn't
figure it out.
Any help on this would be greatly appreciated. I can't believe how much time I have
wasted
looking into this...

Kirk Everett

Brooke

unread,
Aug 8, 2001, 9:54:30 PM8/8/01
to

Check out the Support Knowledge Base posting for Solution S-01788 at http://www.bea.com/support/askbea/wls/S-07188.shtml.

0 new messages