Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

how WLS 8.1 supports SSL certificate chains ?

0 views
Skip to first unread message

ol...@pbpolsoft.com.pl

unread,
Apr 27, 2004, 10:22:25 AM4/27/04
to
Hello !

I try to configure the proper SSL certificate handling in WebLogic 8.1
SP2. I have a server certificate issued by local CA that needs four
additional certificates to consist the proper certification path to
GlobalSign Root CA installed in a browser.

Following WLS 8.1 Guidelines at :
http://e-docs.bea.com/wls/docs81/secmanage/ssl.html#1178523

I created a totalcert.pem file and dropped into it all the
certificates that consist together the certification path.

When I start WebLogic and connect to some test application over SSL I
can see my Internet Explorer warning that the certificate the server
uses is not trusted by any root CA installed in a browser. Saying it
another way I think WebLogic does not provide Explorer with the
complete certification path that I entered in totalcert.pem file.

I also tried to use keystore configuration importing all the
certificates and private key into it. Without success.

I can see the following exceptions when I switch

set JAVA_OPTIONS=-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
-Dssl.debugEaten=true

which exception seems to have something to do with my problems.

java.lang.ArrayIndexOutOfBoundsException: 0 >= 0
at java.util.Vector.elementAt(Vector.java:427)
at com.certicom.tls.interfaceimpl.CertificateSupport.getAuthChain(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSSystem.resetAuthenticatedCipherSuiteSupport(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSSystem.resetCipherSuiteSupport(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSSystem.setCertificateSupport(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSSystem.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSSystem.<init>(Unknown Source)
at com.certicom.net.ssl.SSLContext.<init>(Unknown Source)
at com.certicom.net.ssl.CerticomContextWrapper.<init>(Unknown Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at java.lang.Class.newInstance0(Class.java:306)
at java.lang.Class.newInstance(Class.java:259)
at weblogic.security.utils.SSLContextWrapper.getInstance(SSLContextWrapper.java:25)
at weblogic.t3.srvr.SSLListenThread.initSSLContext(SSLListenThread.java:151)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:139)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:125)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1613)
at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:1020)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:359)
at weblogic.Server.main(Server.java:32)

Has anybody configured a certification path in WebLogic 8.1, either
with depreciated files method or with keystore ?

sincerely Olek

0 new messages