SSL Server startup using RSAPrivateKey

Nilanjan Karfa

未读，

2002年1月15日 00:51:302002/1/15

收件人

Hi,

The CSR for SSL generated the PrivateKey ( xyz-key.der ), no locking password
was provided. I used Entrust Toolkit and converted it to an RSAPrivateKey. When
I use this file as Server Keyfile and tried starting the server, it gives an EOF
Exception. Can anybody please tell, whether WLS support RSA style PrivateKey,
or does it support only SSLeay PrivateKeys. You may also mail me at the address
provided. Thanks in advance

Roula Korkmaz

未读，

2002年1月16日 09:49:202002/1/16

收件人

Nilanjan Karfa wrote:

Hi,

Verify if you have the correct ServerCertificateChainFileName.

Could you post the complete stack trace you are getting? and how you start WLS?

--
Roula Korkmaz
Developer Relations Engineer
BEA Support

Gokula Krishnan

未读，

2002年1月18日 02:22:192002/1/18

收件人

Hi,
I too get the same exception

<Jan 18, 2002 12:16:31 PM IST> <Alert> <WebLogicServer> <Security
configuration problem with certifi
cate file config/mydomain/gokula_java-key.der, java.io.EOFException>
java.io.EOFException
at weblogic.security.Utils.inputByte(Utils.java:133)
at weblogic.security.ASN1.ASN1Header.inputTag(ASN1Header.java:125)
at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:398)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1064)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:492)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)
<Jan 18, 2002 12:16:47 PM IST> <Notice> <Management> <Application
Poller not started for production
server.>

This is my config.xml

please let me know where i had gone wrong.

with regards,
Gokul.

Nilanjan

未读，

2002年1月21日 03:37:192002/1/21

收件人

Hi Raola,

Thanks for replying. Let me tell you what I did.

1. Generated CSR.
2. Applied for certificate to my own Netscape CMS.
3. Got the signed certificate in Base64 Encoded form, and Certificate Chain as
Base64 encoded PKCS#7 form.
4. Saved the above as 2 separate file with extension (.pem )
5. Set the filenames against the SSL initialization page using WLS console. The
PrivateKey was the one generated by WLS (SSLeay).
6. WLC Started giving error for the ServerCertChainFile. Exception was like "BadPadding
or something similar".
7. Changed the ServerCertChainFile to empty string, and started the Server. (
This seems like a bug in WLS, though )
8. Server started properly.

Used entrust Toolkit and converted the SSLeayPrivateKey to RSAPrivateKey in PEM
format extension (.pem).
9. Changed ServerCert to this new file, ServerCertChain still is blank.
10. Starting the server gave EOFException.

Please let me know whether a ServerCertChainFile is necessitated while starting
WLS. If so, what are the supported formats and algorithms for both PrivateKey
as well as Certificate Chain files.
I would really appreciate your help.

Regards
Nil.

Nilanjan

未读，

2002年1月21日 06:33:232002/1/21

收件人

Hi,

I tried this on WLS 5.1 instead and this is what I got. When I converted the (.der)
SSLeay into (.pem) SSLeay, it is functioning good. Problem starts with RSAPvtKey
!!

**** SEE BELOW *****

Tue Jan 22 16:59:02 GMT+05:30 2002:<I> <WebLogicServer> Server loading from weblogic.class.path.
EJB
redeployment enabled.
java.io.EOFException
at weblogic.security.Utils.inputByte(Utils.java:126)
at weblogic.security.ASN1.ASN1Header.inputTag(ASN1Header.java:110)
at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:104)
at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:116)
at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:85)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java, Compiled
Code)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:869)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:140)
at weblogic.Server.main(Server.java, Compiled Code)
at weblogic.Server.main(Server.java:58)
at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
at java.lang.Thread.run(Thread.java:479)
Tue Jan 22 16:59:05 GMT+05:30 2002:<E> <SSLListenThread> Security Configuration
Problem with SSL ser
ver encryption Key (d:\nilanjan files\Weblogic51\myserver\9at271-rsa.pem), java.io.EOFException
Tue Jan 22 16:59:05 GMT+05:30 2002:<I> <Security> Not listening for SSL: java.io.IOException:
Securi
ty Configuration Problem with SSL server encryption Key (d:\nilanjan files\Weblogic51\myserver\9at27
1-rsa.pem), java.io.EOFException

****************************************************************
Regards
Nilanjan

****************************************************************

Roula Korkmaz

未读，

2002年1月22日 08:15:552002/1/22

收件人

Hello,

I suggest to you to look at the following links to find which kind of keys are supported in
WLS.

http://e-docs.bea.com/wls/docs61//security/concepts.html#1035320

http://e-docs.bea.com/wls/docs61//////adminguide/cnfgsec.html#1067988
where you can find the following note:
Note: If you obtain a private key file from a source other than the Certificate Request
Generator servlet, verify that the private key file is in PKCS#5/PKCS#8 PEM format.

Regards

Hugh

未读，

2002年2月6日 18:06:122002/2/6

收件人

I am using the key generated by the certificate servlet, which is weblogics. It
still gives the same IOException listed below. Has anyone found an answer to this
problem yet? Its in mutilple places in the newsgroup. -Hugh