Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Configuring SSL in Weblogic 7.0

0 views
Skip to first unread message

Mitali

unread,
Aug 3, 2002, 6:49:04 AM8/3/02
to

Hi !
We are trying to configure SSL with Weblogic 7.0. We generated a CSR using the
certificate application(certificate.war). This created a Private Key file and
a request file in the domain directory. We submitted this request to VeriSign
and obtained a trial certificate . We then copied this certificate in the domain
directory. Then in the Administration console we specified the Private Key file
as the Key File generated by the CSR and the Server Certicate file as the file
sent by Verisig. We then rebstarted the server. The server started but gave the
following error :

Inconsistent security configuration, java.security.KeyMa
nagementException: ASN.1: Unxpected ASN.1 tag>
java.security.KeyManagementException: ASN.1: Unxpected ASN.1 tag
at com.certicom.security.cert.internal.x509.SSLPlusSupport.getLocalIdentityPartial(Unknown
Source)
at com.certicom.net.ssl.CerticomContextWrapper.inputPrivateKey(Unknown
Source)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:425)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:288)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1519)
at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:858)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:294)


Can anyone please help in this matter ??

../..

unread,
Aug 3, 2002, 10:04:39 AM8/3/02
to
Wow... I am waiting for someone to reply back to me too.... I would like to
know how to configure SSL certifcates properly..in Weblogic 7..

So far I have received over 2 errors (java exceptions)


"Mitali" <mitali...@in.pwcglobal.com> wrote in message
news:3d4b...@newsgroups.bea.com...

Janice Pang

unread,
Aug 5, 2002, 2:34:14 AM8/5/02
to

I did the following to set up SSL for WLS7.0. My test server cert is generated
using Microsoft Cert Server.

1. Generate key pair and cert req. Apply for server cert using the req.

2. Convert the server cert to pem using java utils.der2pem servercert.der

3. Specify serverkey.der as server key file.

4. Convert server private key file to pem format using java utils.der2pem serverkey.der
headerfile footerfile where
headerfile =
"-----BEGIN RSA PRIVATE KEY-----" for an unencrypted private key.

"-----BEGIN ENCRYPTED PRIVATE KEY-----" for an encrypted private key.
plus new line at the end of the line

footerfile =
"-----END RSA PRIVATE KEY-----" for an unencrypted private key.

"-----END ENCRYPTED PRIVATE KEY-----" for an encrypted private key.
plus new line at the end of the line

5. Put private key in private key store using java utils.ImportPrivateKey mykeystore
mypasswd mykey mykeypass servercert.pem serverkey.pem

6. Configure default keystore, private key key store as mykeystore

7. Convert trusted root CA certificates to pem using java utils.der2pem. Append
multiple CA certs (PEM) if multiple roots are trusted. Specify the final output
as trusted CA.


Rgds,
Janice Pang

0 new messages