Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SSL on WL 7.0

6 views
Skip to first unread message

Kevin Kress

unread,
Oct 14, 2002, 3:11:10 PM10/14/02
to
I used the Certificate Request Generator Servlet to create a CSR which a
submitted to verisign for a trial cert. I recieved it back in PEM
format and stored it in a file called, "verisign.test.pem"

I configured my config.xml to use that cert, the key generated by the
CSR servelet and verisgned trusted CA pem file.

I did them same for the ImportPrivateKey util. In both instances I get
the following error (using a private key in either pem or der format
makes no difference).

Any help would be appreciated.

--Kevin Kress

ImportPrivateKey :
java -classpath ../../weblogic700/server/lib/weblogic.jar
utils.ImportPrivateKey mykeystore kmk mykey mykeypass newcerts.pem
meme_webassociates_com-key.der
Keystore file not found, creating it
java.security.KeyManagementException: ASN.1: Unxpected ASN.1 tag
at
com.certicom.security.cert.internal.x509.SSLPlusSupport.getLocalIdentityPartial(Unknown
Source)
at
com.certicom.net.ssl.CerticomContextWrapper.inputPrivateKey(Unknown Source)
at utils.ImportPrivateKey.importKey(ImportPrivateKey.java:57)
at utils.ImportPrivateKey.main(ImportPrivateKey.java:24)


startWeblogic:
<Oct 14, 2002 11:47:34 AM PDT> <Alert> <WebLogicServer> <000297>
<Inconsistent security configuration,
java.security.KeyManagementException: ASN.1: Unxpected ASN.1 tag>
java.security.KeyManagementException: ASN.1: Unxpected ASN.1 tag
at
com.certicom.security.cert.internal.x509.SSLPlusSupport.getLocalIdentityPartial(Unknown
Source)
at
com.certicom.net.ssl.CerticomContextWrapper.inputPrivateKey(Unknown Source)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:425)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:288)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1519)
at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:858)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:294)
at weblogic.Server.main(Server.java:31)
<Oct 14, 2002 11:47:34 AM PDT> <Emergency> <Security> <090034> <Not
listening for SSL, java.io.IOException: Inconsistent security
configuration, java.security.KeyManagementException: ASN.1: Unxpected
ASN.1 tag.>

Jan Bruun Andersen

unread,
Nov 25, 2002, 4:53:27 PM11/25/02
to

Kevin Kress <kkr...@webassociates.com> wrote:

>startWeblogic:
> <Oct 14, 2002 11:47:34 AM PDT> <Alert> <WebLogicServer> <000297>
>
><Inconsistent security configuration,
>java.security.KeyManagementException: ASN.1: Unxpected ASN.1 tag>
>java.security.KeyManagementException: ASN.1: Unxpected ASN.1 tag
> at

If anyone can shed some light on this problem, I would be very interested. I tried
the same thing (I think - creating a Cert-request, getting a test-cert from VeriSign,
for use in Admin <=> Node Manager comms) and I got the same error message about
an unexpected ASN.1 tag. My guess is that the certificate from Veri is intended
for web-servers only, not for app-servers?? Until I get the time to figure it
out, I just use the demo-certs.

--
Jan Bruun Andersen

Janne Vuorinen

unread,
Dec 11, 2002, 8:05:45 AM12/11/02
to
Any ideas? I've got exactly same problem.

- Janne

"Jan Bruun Andersen" <AMIPAS...@spammotel.com> wrote in message news:<3de2...@newsgroups.bea.com>...

Chris Swan

unread,
Dec 19, 2002, 7:23:13 AM12/19/02
to
I've just tried this for myself, and I think the problem may be with
using newcerts.pem (which I assume is the server-cert.pem concatenated
with a pem conversion of CertGenCA.der).

The process should work if you simply use the server-cert.pem on its
own.

--
Chris Swan

0 new messages