The CSR for SSL generated the PrivateKey ( xyz-key.der ), no locking password
was provided. I used Entrust Toolkit and converted it to an RSAPrivateKey. When
I use this file as Server Keyfile and tried starting the server, it gives an EOF
Exception. Can anybody please tell, whether WLS support RSA style PrivateKey,
or does it support only SSLeay PrivateKeys. You may also mail me at the address
provided. Thanks in advance
Nilanjan Karfa wrote:
Hi,
Verify if you have the correct ServerCertificateChainFileName.
Could you post the complete stack trace you are getting? and how you start WLS?
--
Roula Korkmaz
Developer Relations Engineer
BEA Support
<Jan 18, 2002 12:16:31 PM IST> <Alert> <WebLogicServer> <Security
configuration problem with certifi
cate file config/mydomain/gokula_java-key.der, java.io.EOFException>
java.io.EOFException
at weblogic.security.Utils.inputByte(Utils.java:133)
at weblogic.security.ASN1.ASN1Header.inputTag(ASN1Header.java:125)
at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:398)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1064)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:492)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)
<Jan 18, 2002 12:16:47 PM IST> <Notice> <Management> <Application
Poller not started for production
server.>
This is my config.xml
<Server ListenPort="7001" Name="myserver" NativeIOEnabled="true"
TransactionLogFilePrefix="config/mydomain/logs/">
<KernelDebug Name="myserver"/>
<Log FileName="config/mydomain/logs/weblogic.log"
Name="myserver"/>
<ServerStart Name="myserver"
OutputFile="D:\weblogic6.1\wlserver6.1\.\config\NodeManagerClientLogs\myserver\startserver_1010126375161.log"/>
<ServerDebug DebugSecurityRealm="true" Name="myserver"/>
<ExecuteQueue Name="default" ThreadCount="15"/>
<WebServer DefaultWebApp="DefaultWebApp"
LogFileName="./config/mydomain/logs/access.log"
LoggingEnabled="true" Name="myserver"/>
<SSL ClientCertificateEnforced="false" Enabled="true"
ListenPort="7002" Name="myserver"
ServerCertificateChainFileName="config/mydomain/getcacert.pem"
ServerCertificateFileName="config/mydomain/ServerCert.pem"
ServerKeyFileName="config/mydomain/gokula_java-key.der"
TrustedCAFileName="trusted-ca.pem"/>
</Server>
please let me know where i had gone wrong.
with regards,
Gokul.
Thanks for replying. Let me tell you what I did.
1. Generated CSR.
2. Applied for certificate to my own Netscape CMS.
3. Got the signed certificate in Base64 Encoded form, and Certificate Chain as
Base64 encoded PKCS#7 form.
4. Saved the above as 2 separate file with extension (.pem )
5. Set the filenames against the SSL initialization page using WLS console. The
PrivateKey was the one generated by WLS (SSLeay).
6. WLC Started giving error for the ServerCertChainFile. Exception was like "BadPadding
or something similar".
7. Changed the ServerCertChainFile to empty string, and started the Server. (
This seems like a bug in WLS, though )
8. Server started properly.
Used entrust Toolkit and converted the SSLeayPrivateKey to RSAPrivateKey in PEM
format extension (.pem).
9. Changed ServerCert to this new file, ServerCertChain still is blank.
10. Starting the server gave EOFException.
Please let me know whether a ServerCertChainFile is necessitated while starting
WLS. If so, what are the supported formats and algorithms for both PrivateKey
as well as Certificate Chain files.
I would really appreciate your help.
Regards
Nil.
I tried this on WLS 5.1 instead and this is what I got. When I converted the (.der)
SSLeay into (.pem) SSLeay, it is functioning good. Problem starts with RSAPvtKey
!!
**** SEE BELOW *****
Tue Jan 22 16:59:02 GMT+05:30 2002:<I> <WebLogicServer> Server loading from weblogic.class.path.
EJB
redeployment enabled.
java.io.EOFException
at weblogic.security.Utils.inputByte(Utils.java:126)
at weblogic.security.ASN1.ASN1Header.inputTag(ASN1Header.java:110)
at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:104)
at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:116)
at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:85)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java, Compiled
Code)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:869)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:140)
at weblogic.Server.main(Server.java, Compiled Code)
at weblogic.Server.main(Server.java:58)
at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
at java.lang.Thread.run(Thread.java:479)
Tue Jan 22 16:59:05 GMT+05:30 2002:<E> <SSLListenThread> Security Configuration
Problem with SSL ser
ver encryption Key (d:\nilanjan files\Weblogic51\myserver\9at271-rsa.pem), java.io.EOFException
Tue Jan 22 16:59:05 GMT+05:30 2002:<I> <Security> Not listening for SSL: java.io.IOException:
Securi
ty Configuration Problem with SSL server encryption Key (d:\nilanjan files\Weblogic51\myserver\9at27
1-rsa.pem), java.io.EOFException
****************************************************************
Regards
Nilanjan
****************************************************************
I suggest to you to look at the following links to find which kind of keys are supported in
WLS.
http://e-docs.bea.com/wls/docs61//security/concepts.html#1035320
http://e-docs.bea.com/wls/docs61//////adminguide/cnfgsec.html#1067988
where you can find the following note:
Note: If you obtain a private key file from a source other than the Certificate Request
Generator servlet, verify that the private key file is in PKCS#5/PKCS#8 PEM format.
Regards