Google 網路論壇不再支援新的 Usenet 貼文或訂閱項目,但過往內容仍可供查看。
Dismiss

Error adding other root certs to Weblogic

瀏覽次數:1 次
跳到第一則未讀訊息

David Ruana

未讀,
2001年4月25日 上午11:39:592001/4/25
收件者:

I am using the trial 30-day version. I wonder whether it has any restrictions which
prevent from adding new root certificates to the ca.pem file. If this is not the
case, I will expose my problem.

I have added a new self-signed root certificate after the one that was contained
in the ca.pem, so there are now two root certificates:

********************** begin of the ca.pem file
-----BEGIN CERTIFICATE-----
MIICQzCCAe2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xFTAT
BgNVBAoTDEJFQSBXZWJMb2dpYzERMA8GA1UECxMIU2VjdXJpdHkxIzAhBgNVBAMT
GkRlbW8gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9zdXBw
b3J0QGJlYS5jb20wHhcNMDAwNTMwMjEzNzQ0WhcNMDQwNTE0MjEzNzQ0WjCBqTEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
cmFuY2lzY28xFTATBgNVBAoTDEJFQSBXZWJMb2dpYzERMA8GA1UECxMIU2VjdXJp
dHkxIzAhBgNVBAMTGkRlbW8gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYJKoZI
hvcNAQkBFg9zdXBwb3J0QGJlYS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
3VEoD2Q2ln4PyilUNUyPa9yQxS6YqJk7xwWlAHZ5AAhq7dkosZDCNZYYYTZihpOx
GcgLwqY6gYZCN7pwlk+h/QIDAQABMA0GCSqGSIb3DQEBBAUAA0EAAFsKZZ9dc1na
5lHpO8EL85EPDPRyCJ9lTRw3bPMEqItyBuEAXh8woRgGN5j9KinDoWsmFCBO5MFy
qN5p4APL4w==
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIB6zCCAZWgAwIBAgIBATANBgkqhkiG9w0BAQQFADB+MQswCQYDVQQGEwJlczES
MBAGA1UEBxMJQmFyY2Vsb25hMRIwEAYDVQQKEwlTYWZlbGF5ZXIxEjAQBgNVBAsT
CURldmVsb3BlcjENMAsGA1UEAxMEcm9vdDEkMCIGCSqGSIb3DQEJARYVc3VwcG9y
dEBzYWZlbGF5ZXIuY29tMB4XDTk5MTIzMTIzMDAwMFoXDTE5MTIzMTIzMDAwMFow
fjELMAkGA1UEBhMCZXMxEjAQBgNVBAcTCUJhcmNlbG9uYTESMBAGA1UEChMJU2Fm
ZWxheWVyMRIwEAYDVQQLEwlEZXZlbG9wZXIxDTALBgNVBAMTBHJvb3QxJDAiBgkq
hkiG9w0BCQEWFXN1cHBvcnRAc2FmZWxheWVyLmNvbTBcMA0GCSqGSIb3DQEBAQUA
A0sAMEgCQQCg+E0qVGLgZWSjcae1FHMap/8SBlbhQc3GbaL3NxbBDZGeaKZqzlTv
ZhGeWf3zEB17tbHE18hAxro6TA2i8MhVAgMBAAEwDQYJKoZIhvcNAQEEBQADQQAS
E2U64E9eu0dgJYktTK37YcTpyspwSabyeaziAktu99cCOQbCTYXGojouRekbkKAv
u8J28DSM62Me7W5zsPV2
-----END CERTIFICATE-----
********************** end of the ca.pem file

I did not modify the democert.pem or the demokey.pem files, as I want my weblogic
server to continue using the same SSLserver certificate than it was using before.

Then when I try to start the Weblogic server, I got the following error on the
console:

Starting WebLogic Server ....
<24-abr-01 16:21:33 CEST> <Notice> <Management> <Loading configuration file .\co
nfig\examples\config.xml ...>
log file: C:\bea\wlserver6.0sp1\.\config\examples\logs\weblogic.log
<24-abr-01 16:21:37 CEST> <Info> <Logging> <Only log messages of severity "Error
" or worse will be displayed in this window. This can be changed at Admin Consol
e> examples> Servers> examplesServer> Logging> General> Stdout severity threshol
d>
weblogic.security.CipherException: Incorrect encrypted block
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:208)
at weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:243)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<24-abr-01 16:21:41 CEST> <Alert> <WebLogicServer> <Inconsistent security config
uration, weblogic.security.AuthenticationException: Incorrect encrypted block
po
ssibly incorrect SSLServerCertificateChainFileName set for this server certifica
te>
weblogic.security.AuthenticationException: Incorrect encrypted block possibly
in
correct SSLServerCertificateChainFileName set for this server certificate
at weblogic.security.X509.verifySignature(X509.java:251)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<24-abr-01 16:21:59 CEST> <Notice> <WebLogicServer> <WebLogic Server started>
<24-abr-01 16:21:59 CEST> <Notice> <WebLogicServer> <ListenThread listening on
p
ort 7001>

I would appreciate any help on this issue. I want to add the new root certificate
because I own a SSLclient certificate in my browser which I want the Weblogic
server to authenticate.

Thank you very much, David.

David Ruana

未讀,
2001年4月26日 清晨7:33:442001/4/26
收件者:

OK, I finally was able to understand what the error was. The new root certificate
cannot be added to the ca.pem file. You'd better create a new file called ca2.pem
with the new root certificate. Then you have go to SSL configuration section and
edit the 'Trusted CAFile Name' field to point to the ca2.pem file.

Easy but I had trouble to understand it from the documentation.

0 則新訊息