We need to make a SSL connection to https://www.emortgagelogic.com/ If
you look at the
CA chain in IE, you will notice that it is a Class 1 Verisign CA that
uses a 1000 bit public key. We get the exception:
weblogic.security.CipherException: Incorrect block length 125 (modulus
length 128)
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:167)
at weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
Our WebLogic license is domestic strength (supports 128-bit
incoming/outgoing SSL connections). I tried using IE to
export the Class 1 Verisign CA (attached rsa.pem). I verified that it
is valid
via utils.ValidateCertChain. I copied the rsa.pem file in
$WL_HOME/config/Version2/server-certchain.pem and
$WL_HOME/config/Version2/trusted-ca.pem. The Class 1 Verisign is the
only CA in those files.
However I still cannot make the connection. How can you add a CA to
the trusted chain?
I also noticed that the logs to not show that I am reading those files
for the trusted CA chain. I turned on SSL debug via MBean with the
filtered output below.
config.xml
---------------------------
<SSL Enabled="true" Name="phdcluster01"
ServerCertificateChainFileName="./config/Version2/server-certchain.pem"
TrustedCAFileName="./config/Version2/trusted-ca.pem"/>
What am I doing wrong?
We are not using incoming HTTPS.
Jirawat Uttayaya