I try to configure the proper SSL certificate handling in WebLogic 8.1
SP2. I have a server certificate issued by local CA that needs four
additional certificates to consist the proper certification path to
GlobalSign Root CA installed in a browser.
Following WLS 8.1 Guidelines at :
http://e-docs.bea.com/wls/docs81/secmanage/ssl.html#1178523
I created a totalcert.pem file and dropped into it all the
certificates that consist together the certification path.
When I start WebLogic and connect to some test application over SSL I
can see my Internet Explorer warning that the certificate the server
uses is not trusted by any root CA installed in a browser. Saying it
another way I think WebLogic does not provide Explorer with the
complete certification path that I entered in totalcert.pem file.
I also tried to use keystore configuration importing all the
certificates and private key into it. Without success.
I can see the following exceptions when I switch
set JAVA_OPTIONS=-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
-Dssl.debugEaten=true
which exception seems to have something to do with my problems.
java.lang.ArrayIndexOutOfBoundsException: 0 >= 0
at java.util.Vector.elementAt(Vector.java:427)
at com.certicom.tls.interfaceimpl.CertificateSupport.getAuthChain(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSSystem.resetAuthenticatedCipherSuiteSupport(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSSystem.resetCipherSuiteSupport(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSSystem.setCertificateSupport(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSSystem.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSSystem.<init>(Unknown Source)
at com.certicom.net.ssl.SSLContext.<init>(Unknown Source)
at com.certicom.net.ssl.CerticomContextWrapper.<init>(Unknown Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at java.lang.Class.newInstance0(Class.java:306)
at java.lang.Class.newInstance(Class.java:259)
at weblogic.security.utils.SSLContextWrapper.getInstance(SSLContextWrapper.java:25)
at weblogic.t3.srvr.SSLListenThread.initSSLContext(SSLListenThread.java:151)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:139)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:125)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1613)
at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:1020)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:359)
at weblogic.Server.main(Server.java:32)
Has anybody configured a certification path in WebLogic 8.1, either
with depreciated files method or with keystore ?
sincerely Olek