Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

setting up SSL on test server

0 views
Skip to first unread message

Brian Hall

unread,
Dec 26, 2001, 7:04:36 PM12/26/01
to
I'm having an issue setting up a test server to do some SSL/client
certificate testing on WLS6.0. I have generated a key using the WLS
servlet, submitted and received back a 14day trial cert combination from
Verisign. However I seem to be having trouble getting my test server to
accept it.

I do have a password on the key so I've included the
-Dweblogic.management.pkpassword parameter on the command line and I
have the KeyEncrypted="true" setting in the config.xml.

My problem is with the ServerCertificateChainFileName. Since this is a
trial cert, should I be using the Verisign intermediate .PEM file that
you can get from their site or the CA.PEM file that comes with the
default installation ? I've tried both & I get the same results. It
certainly looks like my ServerCertificateChainFileName is the problem,
but am unclear as to what else to try.

Thanks-


Here's the stack trace:

<Dec 26, 2001 3:51:16 PM PST> <Notice> <WebLogicServer> <Certificate
expires in 14 days: xxxxx , issuer = O=VeriSign, Inc OU
=For VeriSign authorized testing only. No assurances (C)VS1997 , key =
modulus length=129 exponent length=3>
weblogic.security.CipherException: Incorrect block length 64 (modulus
length 128)
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:167)
at
weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:243)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Dec 26, 2001 3:51:16 PM PST> <Alert> <WebLogicServer> <Inconsistent
security configuration, weblogic.security.Authentic
ationException: Incorrect block length 64 (modulus length 128) possibly
incorrect SSLServerCertificateChainFileName set
for this server certificate>
weblogic.security.AuthenticationException: Incorrect block length 64
(modulus length 128) possibly incorrect SSLServerCe
rtificateChainFileName set for this server certificate
at weblogic.security.X509.verifySignature(X509.java:251)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)

Sunnynani (Reply@ToNewsgroup.Only)

unread,
Dec 26, 2001, 8:29:09 PM12/26/01
to
If you have got 14-day trial certificate in email then there should also be
a link to CA root certificate in the same email. Try that, it should work
fine.

-- SunnyNani.

"Brian Hall" <bh...@directcommerce.com> wrote in message
news:3C2A6594...@directcommerce.com...

0 new messages