How to setup SSL on WebLogic

[rerez]

I am trying the examples.security.acl from the weblogic 5.1 examples and I
have generated the certificates the same way it is written in this mail and
I get this Error at Context lookup?

Exception in thread "main" java.io.IOException: mark/reset not supported
at java.io.InputStream.reset(InputStream.java:332)
at
weblogic.security.SSL.SSLParams.objectToCertificate(SSLParams.java:307)
at weblogic.security.SSL.SSLParams.<init>(SSLParams.java:280)
at weblogic.socket.JVMSocketT3S.newSocket(JVMSocketT3S.java:28)
at
weblogic.socket.JVMSocketT3.newSocketWithRetry(JVMSocketT3.java:275)
at weblogic.socket.JVMSocketT3.connect(JVMSocketT3.java:59)
at weblogic.socket.JVMAbbrevSocket.connect(JVMAbbrevSocket.java:160)
at
weblogic.socket.JVMSocketManager.create(JVMSocketManager.java:294)
at
weblogic.rjvm.ConnectionManager.findOrCreateSocket(ConnectionManager.java:91
8)
at
weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:339)
at
weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:306)
at
weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:248)
at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:219)
at
weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:186)
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:155)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:200)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialCon
textFactoryDelega
at weblogic.jndi.Environment.getContext(Environment.java:122)
at weblogic.jndi.Environment.getInitialContext(Environment.java:105)
at
WispBeanEnterpriseBeanClient1.main(WispBeanEnterpriseBeanClient1.java:99)
--------------- nested within: ------------------
weblogic.utils.NestedError: Unexpected problem setting SSL params: - with
nested exception:
[java.io.IOException: mark/reset not supported]
at weblogic.security.SSL.SSLParams.<init>(SSLParams.java:282)
at weblogic.socket.JVMSocketT3S.newSocket(JVMSocketT3S.java:28)
at
weblogic.socket.JVMSocketT3.newSocketWithRetry(JVMSocketT3.java:275)
at weblogic.socket.JVMSocketT3.connect(JVMSocketT3.java:59)
at weblogic.socket.JVMAbbrevSocket.connect(JVMAbbrevSocket.java:160)
at
weblogic.socket.JVMSocketManager.create(JVMSocketManager.java:294)
at
weblogic.rjvm.ConnectionManager.findOrCreateSocket(ConnectionManager.java:91
8)
at
weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:339)
at
weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:306)
at
weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:248)
at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:219)
at
weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:186)
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:155)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:200)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialCon
textFactoryDelega
at weblogic.jndi.Environment.getContext(Environment.java:122)
at weblogic.jndi.Environment.getInitialContext(Environment.java:105)
at
WispBeanEnterpriseBeanClient1.main(WispBeanEnterpriseBeanClient1.java:99)

can you please help me.

"Michael Girdley" <----> wrote in message
news:3a9ef575$1...@newsgroups.bea.com...
I assumed that you are using version 5.1. It looks like you have the
exportable strength version of the server. You need the domestic strength
version, which can be obtained from your WebLogic representative.

In version 6.0, all cryptography strength is determined by a license. So,
this is not a problem.

--

------------------
Michael Girdley
BEA Systems
Learning WebLogic? http://learnweblogic.com

"Andy Ping" <stcl...@sina.com> wrote in message
news:3a9e...@newsgroups.bea.com...
Hi,

I want to study how to set SSL on weblogic. The steps I took is the
following:

1) http://localhost:7001/Certificate
It generates 3 files: andy-key.der, andy-request.dem and
andy-request.pem.
2) http://www.thawte.com/cgi/server/test.exe
Copy the contents of andy-request.pem into the text field, and
select: Test X509v1 SSL Cert
select: Select the default for your kind of cert
then, click "generate test certificate".
Copy the text generated into a text file and saved it as andy-cert.pem.
3) http://www.thawte.com/servertest.txt
Copy the text into a text file and saved it as andy-ca.pem.
4) Copyall andy*.* into .\myserver.
5) In weblogic.properties, make changes like:
weblogic.security.ssl.enable=true
weblogic.system.SSLListenPort=7002
weblogic.security.certificate.server=andy-cert.pem
weblogic.security.key.server=andy-key.der
weblogic.security.certificate.authority=andy-ca.pem
6) Startup weblogic, errors appear like:
Thur Mar 01 16:30:24 GMT+08:00 2001:<I> <Security> 2 certificate(s):
fingerprint = 9a96eb5ff4c7352b6e8a6032427f9cbd, not before = Thu Mar 01
15:44:
31 CST 2001, not after = Fri Mar 01 15:44:31 CST 2002, holder = C=US
SP=Beijing
L=Beijing O=Sparkice.com OU=Technical Department CN=andy
Email=an...@sparkice.co
m.cn , issuer = C=ZA SP=FOR TESTING PURPOSES ONLY O=Thawte Certification
OU=TEST
TEST TEST CN=Thawte Test CA Root , key = modulus length=65 exponent
length=3
fingerprint = 5ee00e1d17b7caa57d36d602df4d26a4, not before = Thu Aug 01
08:00:
00 CST 1996, not after = Fri Jan 01 05:59:59 CST 2021, holder = C=ZA
SP=FOR TEST
ING PURPOSES ONLY O=Thawte Certification OU=TEST TEST TEST CN=Thawte
Test CA Roo
t , issuer = C=ZA SP=FOR TESTING PURPOSES ONLY O=Thawte Certification
OU=TEST TE
ST TEST CN=Thawte Test CA Root , key = modulus length=129 exponent
length=3

Thur Mar 01 16:30:24 GMT+08:00 2001:<I> <SSLListenThread> Using
exportable st
rength SSL.
7) https://localhost:7002/
Thur Mar 01 16:35:38 GMT+08:00 2001:<W> <SSLListenThread> Connection
rejected
: 'Login timed out after: '25000' ms on socket:
'Socket[addr=localhost/127.0.0.1
,port=2020,localport=7002}''

Can you help me? You can send email to me (an...@sparkice.com.cn). Thanks.

-- Andy

[chis...@finance.ch]

"rerez" <ro...@trivnet.com> wrote:
.. (deleted)

>>Can you help me? You can send email to me (an...@sparkice.com.cn).
>Thanks.
>
>-- Andy
>

Yes. the examples.security.Altclient uses Streams of
type Java.io.FileinputStream for DER encoded keys & certificates.

These Streams don't support mark/reset. You will have to use
your own Streams like this:

InputStream isf = new FileInputStream(file);
byte[] bbuf = new byte[8192];
int k = isf.read(bbuf,0,8192);
System.out.println("read: " + k + " elements");
InputStream is = new ByteArrayInputStream(bbuf, 0, k);

Of course this isn't the only bug in BEA/Weblogic SSL....

Rory Chisholm