Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Does WLS 5.1 support private key passwords like WLS 6 does ?

0 views
Skip to first unread message

Dave Javu

unread,
Jul 19, 2001, 7:38:52 PM7/19/01
to

WebLogic 6.0 supports private key passwords as described here http://e-docs.bea.com/wls/docs60/adminguide/cnfgsec.html#1053139,
summarized here;
"When using PKCS-8 encrypted private keys, you need to enable the Use Encrytped
Keys field on the SSL tab of the Server window in the Administration Console.",
plus you need to use this diraective -Dweblogic.management.pkpassword=

I can't find any support for this in WLS 5.1. Does 5.1 support this additional
level of security ?

Thanks.

David Barrett

unread,
Jul 24, 2001, 11:13:06 AM7/24/01
to
Hello Dave,

Dave here.

I'm having some problems with the Weblogic SSL installation also. I
was able to set the weblogic.management.pkpassword, but I am recieving
the following error when attempting to start the server.

Jul 23, 2001 1:44:53 PM EDT> <Info> <Logging> <Only log messages of
severity "Error" or worse will be displayed in this window. This can
be changed at Admin Console> myserver> Servers> myserverpass> Logging>
General> Stdout severity threshold>
<Jul 23, 2001 1:44:57 PM EDT> <Alert> <WebLogicServer> <Security
configuration problem with certificate file config/myserver/mykey.der,
java.lang.NullPointerException>
java.lang.NullPointerException
at weblogic.security.PKCS5.setPassword(PKCS5.java:173)
at weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:124)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:387)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)


Please let me know if you know of any way to fix this issue.

Best,
David

"Dave Javu" <dave...@excite.com> wrote in message news:<3b57617c$1...@newsgroups.bea.com>...

Paul Ferwerda

unread,
Jul 26, 2001, 4:57:07 PM7/26/01
to
Nope, it first showed up in 6.0.

Paul

Paul Ferwerda

unread,
Jul 26, 2001, 5:02:25 PM7/26/01
to
In order to have the weblogic.mangement.pkpassword stuff work two other things need to have happened first:

1) you generated a protected private key rather than just a "regular" private key. In the Certificate Servlet this is done by typing characters into the password field of the form to generate the key and
then later passing those characters to the weblogic.management.pkpassword commandline attribute.
2) you set the KeyEncrypted attribute in the SSL page in the console

You can use protected/encrypted private keys or not but you need to make sure that you actually generated an encrypted private key and you've set SSL to use an encrypted private key and told the
server to start up with an encrypted private key.

Paul

0 new messages