I have added a new self-signed root certificate after the one that was contained
in the ca.pem, so there are now two root certificates:
********************** begin of the ca.pem file
-----BEGIN CERTIFICATE-----
MIICQzCCAe2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xFTAT
BgNVBAoTDEJFQSBXZWJMb2dpYzERMA8GA1UECxMIU2VjdXJpdHkxIzAhBgNVBAMT
GkRlbW8gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9zdXBw
b3J0QGJlYS5jb20wHhcNMDAwNTMwMjEzNzQ0WhcNMDQwNTE0MjEzNzQ0WjCBqTEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
cmFuY2lzY28xFTATBgNVBAoTDEJFQSBXZWJMb2dpYzERMA8GA1UECxMIU2VjdXJp
dHkxIzAhBgNVBAMTGkRlbW8gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYJKoZI
hvcNAQkBFg9zdXBwb3J0QGJlYS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
3VEoD2Q2ln4PyilUNUyPa9yQxS6YqJk7xwWlAHZ5AAhq7dkosZDCNZYYYTZihpOx
GcgLwqY6gYZCN7pwlk+h/QIDAQABMA0GCSqGSIb3DQEBBAUAA0EAAFsKZZ9dc1na
5lHpO8EL85EPDPRyCJ9lTRw3bPMEqItyBuEAXh8woRgGN5j9KinDoWsmFCBO5MFy
qN5p4APL4w==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB6zCCAZWgAwIBAgIBATANBgkqhkiG9w0BAQQFADB+MQswCQYDVQQGEwJlczES
MBAGA1UEBxMJQmFyY2Vsb25hMRIwEAYDVQQKEwlTYWZlbGF5ZXIxEjAQBgNVBAsT
CURldmVsb3BlcjENMAsGA1UEAxMEcm9vdDEkMCIGCSqGSIb3DQEJARYVc3VwcG9y
dEBzYWZlbGF5ZXIuY29tMB4XDTk5MTIzMTIzMDAwMFoXDTE5MTIzMTIzMDAwMFow
fjELMAkGA1UEBhMCZXMxEjAQBgNVBAcTCUJhcmNlbG9uYTESMBAGA1UEChMJU2Fm
ZWxheWVyMRIwEAYDVQQLEwlEZXZlbG9wZXIxDTALBgNVBAMTBHJvb3QxJDAiBgkq
hkiG9w0BCQEWFXN1cHBvcnRAc2FmZWxheWVyLmNvbTBcMA0GCSqGSIb3DQEBAQUA
A0sAMEgCQQCg+E0qVGLgZWSjcae1FHMap/8SBlbhQc3GbaL3NxbBDZGeaKZqzlTv
ZhGeWf3zEB17tbHE18hAxro6TA2i8MhVAgMBAAEwDQYJKoZIhvcNAQEEBQADQQAS
E2U64E9eu0dgJYktTK37YcTpyspwSabyeaziAktu99cCOQbCTYXGojouRekbkKAv
u8J28DSM62Me7W5zsPV2
-----END CERTIFICATE-----
********************** end of the ca.pem file
I did not modify the democert.pem or the demokey.pem files, as I want my weblogic
server to continue using the same SSLserver certificate than it was using before.
Then when I try to start the Weblogic server, I got the following error on the
console:
Starting WebLogic Server ....
<24-abr-01 16:21:33 CEST> <Notice> <Management> <Loading configuration file .\co
nfig\examples\config.xml ...>
log file: C:\bea\wlserver6.0sp1\.\config\examples\logs\weblogic.log
<24-abr-01 16:21:37 CEST> <Info> <Logging> <Only log messages of severity "Error
" or worse will be displayed in this window. This can be changed at Admin Consol
e> examples> Servers> examplesServer> Logging> General> Stdout severity threshol
d>
weblogic.security.CipherException: Incorrect encrypted block
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:208)
at weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:243)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<24-abr-01 16:21:41 CEST> <Alert> <WebLogicServer> <Inconsistent security config
uration, weblogic.security.AuthenticationException: Incorrect encrypted block
po
ssibly incorrect SSLServerCertificateChainFileName set for this server certifica
te>
weblogic.security.AuthenticationException: Incorrect encrypted block possibly
in
correct SSLServerCertificateChainFileName set for this server certificate
at weblogic.security.X509.verifySignature(X509.java:251)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<24-abr-01 16:21:59 CEST> <Notice> <WebLogicServer> <WebLogic Server started>
<24-abr-01 16:21:59 CEST> <Notice> <WebLogicServer> <ListenThread listening on
p
ort 7001>
I would appreciate any help on this issue. I want to add the new root certificate
because I own a SSLclient certificate in my browser which I want the Weblogic
server to authenticate.
Thank you very much, David.
Easy but I had trouble to understand it from the documentation.