Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SSL Configuration

1 view
Skip to first unread message

Wajid

unread,
Apr 29, 2004, 2:54:25 PM4/29/04
to

Server Started Sucessfully!
<Apr 30, 2004 12:18:39 AM IST> <Error> <Security> <090109> <The Server was unable
to find the configured private key on server myserver in the file specified by
the SSL

hi there

I am configuring ssl on weblogic7 I followed following procedure

1) I had used certificate servlet to generate CSR it has also create privatekey
file in der format
2) versign sent me a trail certificate
3) I had used der2pem to convert privatekey file to pem format
4) In config.xml i had specified

private key file name as : pem format file which I had created as above
Certificate key file name: pem format file which i recieved from verrsing

I am getting following exception:


ServerKeyFileName attribute.>
<Apr 30, 2004 12:18:39 AM IST> <Alert> <WebLogicServer> <000297> <Inconsistent
security configuration, java.lang.Exception: The Server was unable to find the
server's private key on server myserver in the file specified by the SSL ServerKeyFileName
attribute.>
java.lang.Exception: The Server was unable to find the server's private key on
server myserver in the file specified by the SSL ServerKeyFileName attribute.
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:419)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:288)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1519)
at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:858)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:294)
at weblogic.Server.main(Server.java:31)

Pavel

unread,
Apr 29, 2004, 4:47:43 PM4/29/04
to

The der2pem utility by default inserts pulic certificate header and footer into
the pem file, unless you pass it the header and footer file names as parameters.
You can do that, or open your private key pem file in the notepad and replace
the BEGIN/END CERTIFICATE with:

-----BEGIN ENCRYPTED PRIVATE KEY-----

-----END ENCRYPTED PRIVATE KEY-----

The file based SSL configuration has been deprecated in 7.0, but if you want to
keep your certs, key in the flat files you'll need to specify the private key
password on the command line in weblogic.management.pkpassword property. If you
decide to use keystores, you'll need to import your key and certificate into a
keystore, and configure the server to use it. Search documentation for utils.ImportPrivateKey,
which is the tool for importing the private key. The CA certificates can be imported
with the Sun keytool.

Pavel.

Wajid

unread,
Apr 30, 2004, 1:27:55 AM4/30/04
to


I did as you said above only to get following error

<Apr 30, 2004 10:58:15 AM IST> <Alert> <WebLogicServer> <000297> <Inconsistent
s
ecurity configuration, java.security.KeyManagementException: ASN.1: Unxpected
AS
N.1 tag>
java.security.KeyManagementException: ASN.1: Unxpected ASN.1 tag
at com.certicom.security.cert.internal.x509.SSLPlusSupport.getLocalIdent
ityPartial(Unknown Source)
at com.certicom.net.ssl.CerticomContextWrapper.inputPrivateKey(Unknown
S
ource)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:425)


at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:288)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1519)
at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:858)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:294)
at weblogic.Server.main(Server.java:31)

<Apr 30, 2004 10:58:15 AM IST> <Emergency> <Security> <090034> <Not listening
fo
r SSL, java.io.IOException: Inconsistent security configuration, java.security.K

Pavel

unread,
Apr 30, 2004, 10:37:08 AM4/30/04
to

This might be caused by an invalid key password, or a corrupted key. You do not
really need to convert the key to pem, the der file in PKCS8 format should work
too. Try importing the original key and the cert with utils.ImportPrivateKey.
See if you get an error.

Pavel.

0 new messages