CLIENT-CERT SSL requirements causing no prompt from browser - can't connect in two-way ssl

[QQuatro]

Hi,

I can't get two-way SSL to force my client browser to prompt for a
certificate to send to weblogic.

The browser either returns a "can't connect" or nothing. It's as if the SSL
ports refuse incoming connections
all together if I "enforce client certifciates". The same happens if I have
two-way SSL configured with the administration conosle on administration
port - impossible to get to the console.

My web application has the usual login-config and roles setup. One-way SSL
works fine. Two-way SSL and all the SSL ports clam up. After switching on
SSL debugging, I get the trace below when trying to connect.

I have a certificate in my browser (both IE and mozilla) - but have yet to
see any action.

Anybody got this to work? WL 7 SP 2 on W2K. I'm using democert/key on
server.

Thanks
Q

Here is some of my config.xml
<SSL ClientCertificateEnforced="false" Enabled="true"
HostnameVerificationIgnored="true" ListenPort="8002"
Name="adm" ServerCertificateChainFileName="ca.pem"
ServerCertificateFileName="democert.pem"
ServerKeyFileName="demokey.pem"
ServerPrivateKeyAlias="myalias"
ServerPrivateKeyPassPhrase="{3DES}RDRimcCbQTJBLGCLxRl9YQ=="
TwoWaySSLEnabled="true"/>
<ServerDebug Name="adm"/>

<21-May-2003 18:03:17 BST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<21-May-2003 18:03:17 BST> <Debug> <TLS> <000000>
<SSLIOContextTable.addContext(ctx): 15689116>
<21-May-2003 18:03:17 BST> <Debug> <TLS> <000000> <SSLSocket will be Muxing>
<21-May-2003 18:03:17 BST> <Debug> <TLS> <000000>
<SSLIOContextTable.findContext(is): 16249230>
<21-May-2003 18:03:18 BST> <Info> <WebLogicServer> <000213> <Adding address:
10.0.10.10 to licensed client lis
t>
<21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <SSLFilter.isActivated:
false>
<21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <SSLFilter.isActivated:
false>
<21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <22124570 readRecord()>
<21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <22124570 received
SSL_20_RECORD>
<21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE:
ClientHelloV2>
<21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <write HANDSHAKE offset =
0 length = 58>
<21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <write HANDSHAKE offset =
0 length = 499>
<21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <Exception during
handshake, stack trace follows
java.lang.ArrayStoreException
at java.lang.System.arraycopy(Native Method)
at java.util.Vector.copyInto(Vector.java:162)
at
com.certicom.tls.record.handshake.ServerStateNoHandshake.handle(Unknown
Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
known Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleVersion2HandshakeMe
ssages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at
com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(U
nknown Source)
at
weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:399)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
>
<21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <NEW ALERT:
com.certicom.tls.record.alert.Alert@159b25b Seve
rity: 2 Type: 40
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:245)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
known Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleVersion2HandshakeMe
ssages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at
com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(U
nknown Source)
at
weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:399)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
>
<21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <write ALERT offset = 0
length = 2>
<21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <close(): 22124570>
<21-May-2003 18:03:18 BST> <Debug> <TLS> <000000>
<SSLIOContextTable.removeContext(ctx): 15689116>

[Jon Mountjoy]

You are probably using JDK 1.4. Use JDK 1.3 and the problem will go away.
Jon