Much thanks!
http://e-docs.bea.com/wls/docs81/secmanage/ssl.html#1166878
The link above lists the steps. If you have suggestions on improving
it, post a reply and we will get them into the docs.
I am also using a proxy plugin and I have searched all of bea site with no
luck.
it works with what is configured by default but not with my cert from verisign
that needs the intermediate CA
so .. any help on that front would really help !
Prem
With which of these steps do you need help?
Pavel.
Trusted certificates can be imported using keytool command:
keytool -import -trustcacerts ...
If you are using a Weblogic client, you can specify the trusted CA keystore with
this command line option:
-Dweblogic.security.SSL.trustedCAKeyStore=keystorefile
Or look at "Specify Trust for weblogic.Admin" at
http://e-docs.bea.com/wls/docs81/secmanage/ssl.html#1191603
for more command line options.
Pavel.
Also, do I need to specify the private key
password in import command?
Another question, how can you tell a keystore was generated properly by
reading the stdout of keytool -list ....
cmd?
Thanks.
-kl
ps. Suggest to add detailed steps in ssl.html to include an example
of importing CA from Verisign or openSSL
with detailed steps. So customer can simply
cut and paste those cmds and worked.
Run keytool -list on each keystore and check that entries are there and have the
correct type.
Pavel.
-------------------------
####<Oct 10, 2003 9:57:39 AM MDT> <Info> <WebLogicServer>
<gregmur2ksv> <portalServer> <main> <<WLS Kernel>> <> <BEA-000307>
<Exportable key maximum lifespan set to 500 uses.>
####<Oct 10, 2003 9:57:39 AM MDT> <Error> <WebLogicServer>
<gregmur2ksv> <portalServer> <main> <<WLS Kernel>> <> <BEA-000297>
<Inconsistent security configuration, java.lang.NullPointerException>
####<Oct 10, 2003 9:57:39 AM MDT> <Debug> <TLS> <gregmur2ksv>
<portalServer> <main> <<WLS Kernel>> <> <000000> <SSLListenThread:
inconsistent configuration
java.lang.NullPointerException
at weblogic.security.RSAKey.toString(RSAKey.java:212)
at java.lang.String.valueOf(String.java:2177)
at java.lang.StringBuffer.append(StringBuffer.java:361)
at weblogic.security.X509.toString(X509.java:287)
at java.lang.String.valueOf(String.java:2177)
at java.lang.StringBuffer.append(StringBuffer.java:361)
at weblogic.security.SSL.SSLCertificate.toString(SSLCertificate.java:436)
at weblogic.t3.srvr.SSLListenThread.initSSLContext(SSLListenThread.java:199)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:139)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:125)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1613)
at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:1020)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:359)
at weblogic.Server.main(Server.java:32)
>
####<Oct 10, 2003 9:57:39 AM MDT> <Emergency> <Security> <gregmur2ksv>
<portalServer> <main> <<WLS Kernel>> <> <BEA-090034> <Not listening
for SSL, java.io.IOException: Inconsistent security configuration,
null.>
-------------------------
Interestingly, the X509 class and the SSLCertificate classes were
deprecated in WLS 7.0. A successful startup using the demo keys
produces:
-------------------------
####<Oct 10, 2003 9:39:34 AM MDT> <Info> <WebLogicServer>
<gregmur2ksv> <portalServer> <main> <<WLS Kernel>> <> <BEA-000307>
<Exportable key maximum lifespan set to 500 uses.>
####<Oct 10, 2003 9:39:35 AM MDT> <Info> <WebLogicServer>
<gregmur2ksv> <portalServer> <main> <<WLS Kernel>> <> <BEA-000300>
<Certificate contents: 1 certificate(s):
fingerprint = a25c6c96fa2617b5fa0a3771aae4e755, not before = Tue Jul
22 12:10:23 MDT 2003, not after = Mon Jul 23 12:10:23 MDT 2018, holder
= C=US SP=MyState L=MyTown O=MyOrganization OU=FOR TESTING ONLY
CN=gregmur2ksv , issuer = C=US SP=MyState L=MyTown O=MyOrganization
OU=FOR TESTING ONLY CN=CertGenCAB , key = modulus length=65 exponent
length=3
>
-------------------------
I'm not sure what I'm missing, but I'm guessing it's something to do
with my identity cert - I just don't know what. Any ideas?
Thanks!
GM