Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Certificate Manager Software compatible with BEA?

1 view
Skip to first unread message

Luis Muniz

unread,
Oct 25, 2001, 10:21:53 AM10/25/01
to
Hi,

We want to use 2-way SSL certification, and create client certificates for
our clients.
I tried using Netscape CMS, but the WL documentation says it is
incompatible.

Of course, we want to be an isolated CA to make sure that no client
authenticated by
other CAs has access.

Has anyone used a certificate server compatible with BEA weblogic?

Is there a way to convert the output of Netscape CSM to a compatible format
(PEM or DER) ?

Thanks in advance,

Luis Muniz


Gilbert W. Pilz Jr.

unread,
Oct 25, 2001, 2:13:41 PM10/25/01
to
In article <3bd8...@newsgroups.bea.com>, luis....@b2boost.com says...

> Hi,
>
> We want to use 2-way SSL certification, and create client certificates for
> our clients.
> I tried using Netscape CMS, but the WL documentation says it is
> incompatible.
>
> Of course, we want to be an isolated CA to make sure that no client
> authenticated by
> other CAs has access.
>
> Has anyone used a certificate server compatible with BEA weblogic?

Have you tried OpenSSL?

- gil

Luis Muniz

unread,
Oct 26, 2001, 6:32:06 AM10/26/01
to
Hi,

I tried openSSL, here are my results:
I created a self-signed demoCA.
I created a certificate signed by this CA.
i have following files:

newkey.pem (512 bits RSA private key)
newcert.pem (certificate)

but when I start WL 61, i still get the error:

<Oct 26, 2001 12:25:49 PM CEST> <Alert> <WebLogicServer> <Security
configuration
problem with certificate file certifs/newkey.pem, java.io.IOException:
Length i
s too big: takes 108 bytes>
java.io.IOException: Length is too big: takes 108 bytes
at
weblogic.security.ASN1.ASN1Header.inputLength(ASN1Header.java:148)
at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:120)
at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:111)
at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:397)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1045)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:480)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)

Any idea?

Thanks

"Gilbert W. Pilz Jr." <gilber...@e2open.com> wrote in message
news:MPG.1641f6303...@west.usenetserver.com...

Luis Muniz

unread,
Oct 26, 2001, 7:40:13 AM10/26/01
to
Hi all,

I finally managed. Somehow creating the request with openSSL doesn't work.
You have to create the certificate request with the certificate request
servlet.

Now I'm going to try to create some client certificates.

"Luis Muniz" <luis....@b2boost.com> wrote in message
news:3bd9...@newsgroups.bea.com...

Gilbert W. Pilz Jr.

unread,
Oct 26, 2001, 12:21:38 PM10/26/01
to
In article <3bd94d8b$2...@newsgroups.bea.com>, luis....@b2boost.com
says...

> Hi all,
>
> I finally managed. Somehow creating the request with openSSL doesn't work.
> You have to create the certificate request with the certificate request
> servlet.

It might be a matter of where the private keys are stored. If you create
the cert request with OpenSSL you need to make sure that the private
half of the public/private pair that gets created is imported into
WebLogic and gets associated with the cert that contains its
corresponding public key. When you use the certificate request servlet,
WebLogic probably takes care of this automatically.

On the other hand, it could be something else entirely . . .

- gil

0 new messages