Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Circular reference in documentation while configuring SSL

0 views
Skip to first unread message

Stephen Marwick

unread,
Dec 10, 2001, 5:26:47 PM12/10/01
to
I'm trying to get SSL working with WLS 6.0 SP1 and, as per the documentation, I need to generate a private key and CSR. Which is fine, except that the documentation says that I need to access the Certificate application via the secure port, which is what I'm trying to configure in the first place.

I'm sure that I'm missing something simple here, but I can't work out what it is.

To give more detail:
- I'm using WebLogic Server 6.0 Service Pack 1;
- I have the certificate.war file in the applications directory;
- The server is up and running, and the Certificate application is successfully installed (is this different to "started"?);
- I'm using port 7006 for "normal" connections and 7007 for secure connections.

Any help would be appreciated.

Thanks,
Stephen.

Stephen Marwick

unread,
Dec 10, 2001, 7:27:19 PM12/10/01
to
Joe Jerry,

Thanks for the prompt reply.

I tried again, same result - doesn't seem to work. I did however have a
closer look at the error log that is produced.

During startup, when loading the certificate application, WebLogic reports a
<warning> about using an old version of the servlet DTD (version 1.2 instead
of 2.2), and it suggests that I change the web.xml file. This is obviously
a bit tough since it's wrapped in a war file, with who knows what else. It
then reports an <info> about having a malformed DTD. However the rest of
the deployment seems to go fine, and it is reported as having been deployed.

When I attempt to access the page http://host:port/certificate it pauses for
a while (obviously trying to load something), then the (Netscape) browser
comes back with a popup saying that it couldn't access the page (or words to
that effect). On the error log there is a much more informative error.
Unfortunately I can't cut and paste between these systems, but I did see a
very similar (the same?) error in Emil Terziev's post of a few days ago.
Here's the cut and paste from Emil's post:

-- start copy --
<Dec 10, 2001 9:36:37 AM EST> <Error> <Kernel> <ExecuteRequest failed
java.lang.IllegalArgumentException: bad URLMatchMap path: ''
at weblogic.servlet.utils.URLMatchMap.get(URLMatchMap.java:196)
at
weblogic.servlet.security.internal.WebAppSecurity.getConstraint(WebAppSecuri
ty.java:135)
at
weblogic.servlet.security.internal.SecurityModule.checkTransport(SecurityMod
ule.java:177)
at
weblogic.servlet.security.internal.BasicSecurityModule.checkA(BasicSecurityM
odule.java:48)
at
weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(Servle
tSecurityManager.java:150)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:1250)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:1622)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
-- end copy --

Potentially this could be to do with the DTD problem.(?) Seems nasty though.
Any ideas?

Pursuing a slightly different approach, do you know what WebLogic adds to
the request (that is, the CSR)? There is a bunch of stuff that the doco
says I need to provide, but the servlet obviously adds some choice bits of
info. I'm thinking that I can create my own certificate (it is for a LAN
after all), using something like the JDK keytool utility. I suppose this
still leaves me without a private key - though I'm sure I can find a utility
somewhere that will create a public/private key-pair.


Also, on a slightly separate issue, when you say that everyone has the same
private key from WebLogic, is that the demo key you're talking about, or the
"generated" key?

Thanks again,
Stephen.

"Jerry" <nos...@youwish.com> wrote in message
news:3C154020...@youwish.com...
> Hi Stephen,
>
> SSL should work for an "out of box" installation of WebLogic. Only
problem is that since you're using WebLogic demo certificates, so they're
not very secure, since anyone who downloads a copy of WebLogic basically has
the private key. But that being said, SSL _will_ work.
>
> Also, the documentation may be wrong. I don't think there's any reason in
particular why you should have to access the certificate servlet on the
secure port. Doing http://host/certificate should be no different than
https://host/certificate. Your CSR and key will certainly be created
perfectly
> well.
>
> I hope this helps,
> Joe Jerry

Stephen Marwick

unread,
Dec 11, 2001, 4:58:54 PM12/11/01
to
I'm replying to this post since something is playing up. I saw the new post
suggesting appending the slash earlier this morning, but now I can't see it
(or any other new posts).

However I did try it, and that was the problem. Appending a slash to the
non-SSL URL worked. Pretty darn sneaky if you ask me, but I suppose it
makes pretty good sense as well.

Thanks for your help,
Stephen.

"Jerry" <nos...@youwish.com> wrote in message
news:3C154020...@youwish.com...
> Hi Stephen,
>
> SSL should work for an "out of box" installation of WebLogic. Only
problem is that since you're using WebLogic demo certificates, so they're
not very secure, since anyone who downloads a copy of WebLogic basically has
the private key. But that being said, SSL _will_ work.
>
> Also, the documentation may be wrong. I don't think there's any reason in
particular why you should have to access the certificate servlet on the
secure port. Doing http://host/certificate should be no different than
https://host/certificate. Your CSR and key will certainly be created
perfectly
> well.
>
> I hope this helps,
> Joe Jerry
>
> Stephen Marwick wrote:
>

0 new messages