Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

problem using Two-Way SSL Authentication JNDI Client

30 views
Skip to first unread message

Xiaohong Yuan

unread,
Jan 6, 2004, 9:33:56 PM1/6/04
to

Running into the following problem when trying to run the sample JNDI client program
to authenticate to weblogic8.1 server, the server was configured to use the Demo
identity and trust stores and it was up and listening on port 7002:

Exception in thread "main" javax.naming.CommunicationException. Root exception
is java.net.ConnectException: t3s://localhost:7002: Destination unreachable; nes
ted exception is:
java.net.SocketException: [Security:090464]Problem accessing private key
; No available router to destination
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:199)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLIni
tialContextFactoryDelegate.java:291)
at weblogic.jndi.Environment.getContext(Environment.java:164)
at weblogic.jndi.Environment.getInitialContext(Environment.java:143)
at SSLJNDIClient.main(SSLJNDIClient.java:32)

the JNDI client program is as follow:

import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import weblogic.jndi.Environment;
import weblogic.security.PEMInputStream;
import java.io.InputStream;
import java.io.FileInputStream;

public class SSLJNDIClient
{
public static void main(String[] args) throws Exception
{
Context context = null;
try
{
Environment env = new Environment();
// set connection parameters
env.setProviderUrl("t3s://localhost:7002");
// The next two set methodes are optional if you are using
// a UserNameMapper interface.
env.setSecurityPrincipal("epsecure");
env.setSecurityCredentials("sybmultbuf");
InputStream key = new FileInputStream("/tmp/testkey.der");
InputStream cert = new FileInputStream("/tmp/testcert.der");
// wrap input streams if key/cert are in pem files
//key = new PEMInputStream(key);
//cert = new PEMInputStream(cert);
env.setSSLClientCertificate(new InputStream[] { key, cert});
env.setInitialContextFactory(Environment.DEFAULT_INITIAL_CONTEXT_FACTORY);

context = env.getInitialContext();

Object myEJB = (Object) context.lookup("myEJB");

}
finally
{
if (context != null) context.close();
}
}
}

testkey.der and testcert.der were generated by the weblogic CertGen utility, what
am I missing here? please help.

thanks, xiaohong

Pavel

unread,
Jan 7, 2004, 10:06:39 AM1/7/04
to

You did not set the key password:
env.setSSLClientKeyPassword("mypassword");

Pavel.

mezz

unread,
Jan 8, 2004, 2:44:24 PM1/8/04
to

If a client attempts to login and use an expired certificate the system returns
a standard Internet Explorer message, "The page cannot be displayed". A meaningful
error message would save confusion and OBE investigation time.

Peter

unread,
Jan 12, 2004, 9:47:26 AM1/12/04
to

"mezz" <me...@citglobal.com> wrote in message
news:3ffdb318$1...@newsgroups.bea.com...

>
> If a client attempts to login and use an expired certificate the system
returns
> a standard Internet Explorer message, "The page cannot be displayed". A
meaningful
> error message would save confusion and OBE investigation time.
>
From a previous reply to your other post.
----

Change request CR133267 has been filed on this issue.

- Neil


0 new messages