We want to use 2-way SSL certification, and create client certificates for
our clients.
I tried using Netscape CMS, but the WL documentation says it is
incompatible.
Of course, we want to be an isolated CA to make sure that no client
authenticated by
other CAs has access.
Has anyone used a certificate server compatible with BEA weblogic?
Is there a way to convert the output of Netscape CSM to a compatible format
(PEM or DER) ?
Thanks in advance,
Luis Muniz
Have you tried OpenSSL?
- gil
I tried openSSL, here are my results:
I created a self-signed demoCA.
I created a certificate signed by this CA.
i have following files:
newkey.pem (512 bits RSA private key)
newcert.pem (certificate)
but when I start WL 61, i still get the error:
<Oct 26, 2001 12:25:49 PM CEST> <Alert> <WebLogicServer> <Security
configuration
problem with certificate file certifs/newkey.pem, java.io.IOException:
Length i
s too big: takes 108 bytes>
java.io.IOException: Length is too big: takes 108 bytes
at
weblogic.security.ASN1.ASN1Header.inputLength(ASN1Header.java:148)
at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:120)
at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:111)
at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:397)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1045)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:480)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)
Any idea?
Thanks
"Gilbert W. Pilz Jr." <gilber...@e2open.com> wrote in message
news:MPG.1641f6303...@west.usenetserver.com...
I finally managed. Somehow creating the request with openSSL doesn't work.
You have to create the certificate request with the certificate request
servlet.
Now I'm going to try to create some client certificates.
"Luis Muniz" <luis....@b2boost.com> wrote in message
news:3bd9...@newsgroups.bea.com...
It might be a matter of where the private keys are stored. If you create
the cert request with OpenSSL you need to make sure that the private
half of the public/private pair that gets created is imported into
WebLogic and gets associated with the cert that contains its
corresponding public key. When you use the certificate request servlet,
WebLogic probably takes care of this automatically.
On the other hand, it could be something else entirely . . .
- gil