• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

weblogic 8.1 SSL configuration.

 
Ranch Hand
Posts: 188
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,




I am learning how to configure SSL on weblogic server 8.1 sp1.


I do not have much knowledge on SSL. I just read one small tutorial and did following.


1) keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks -keysize 512

2) keytool -export -alias server-alias -storepass changeit -file server.cer -keystore keystore.jks



Then on weblogic server configuration tab






I enetered following


Keystores: Custom Identity and java standard trust


Custom Identity Keystore:D:\key1\keystore.jks
Type: jks
Java Standard Trust Keystore:JAVA_HOME\jre\lib\security\cacerts
Type:JKS


Private Key:from Custom Identity Keystore
Private Key Alias: server-alias

Certificate:from Custom Identity Keystore
Trusted Certificate Authorities:from Java Standard Trust Keystore




This works fine on IE when I visit a page on web application using https://localhost:7002/Testpage.jsp.


But when I visit same page using FireFox, it gives me following exceptions.



<Jun 28, 2008 11:47:26 AM GMT+05:30> <Debug> <TLS> <000000> <Exception during ha
ndshake, stack trace follows
java.security.NoSuchAlgorithmException
at com.certicom.tls.record.handshake.ServerStateNoHandshake.matchCipherS
uites(Unknown Source)
at com.certicom.tls.record.handshake.ServerStateNoHandshake.handle(Unkno
wn Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleVersion2Hand
shakeMessages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedS
ocket(Unknown Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
>
<Jun 28, 2008 11:47:26 AM GMT+05:30> <Debug> <TLS> <000000> <NEW ALERT: com.cert
icom.tls.record.alert.Alert@114af16 Severity: 2 Type: 40
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
atcom.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleVersion2Hand
shakeMessages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedS
ocket(Unknown Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
>
<Jun 28, 2008 11:47:26 AM GMT+05:30> <Debug> <TLS> <000000> <write ALERT offset
= 0 length = 2>
<Jun 28, 2008 11:47:26 AM GMT+05:30> <Debug> <TLS> <000000> <close(): 15022412>

<Jun 28, 2008 11:47:26 AM GMT+05:30> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 8939961>



Please help me.
 
Ranch Hand
Posts: 228
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
SSL Creation involves

1. Download and Install SSL Impl [ Normally j2se comes with one ]
1. a create keystore
Create the keystore with the following Command.



2. Create CSR
Create CSR [Certificate Service Request]
To Order SSL Certificate from Certificate Authority, we need send CSR to them, containing, our publickey, private key information.



Note: -certreq option to inform keytool to generate CSR.
-file output csr file name.
At the end of this successful execution of the command, we get the CSR file.

3. Order for Trial SSL Certificate
Navigate to Verisign or Thwate Website and follow the steps mentioned there to get trial ssl certificate.
After registration, they will ask for the CSR created in the step2.

After Sending the CSR file to CA�s, we will be sent trial Certificate and Chain Certificate. Chain certificate is also called Root Certificate.
We would be getting links for 3 certificates
1. Root Certificate [Root CA}
2. Intermediate CA
3. Trial SSL Certificate [This is the one we ordered].

Prior Installing the trial SSL Certificate, we need to register Root , Intermediate Certificates with tomcat.


4.Install Root Certificate in Browser.
check vendor site, verisign or thwate

5. Installing the SSL Certificate in KeyStore.
Step 5.a
Import the Root CA with command.


5.b Import the Intermediate CA.


Step 5.c
Import the Trial SSL Certificate.


6. Here check with weblogic manual where to change the ssl settings for the domain.
I have given for tomcat

Step 6.a Copy the KeyStore file to Webapps directory in tomcat folder

Step 6.b Edit the server.xml to contain the following entries.


Step 7 Modify the web.xml of your webapp with following Tag



Check in JSP if request.isSecure returns true,
 
Karthik Rajendiran
Ranch Hand
Posts: 228
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you are getting no algorithm
Check you java.security.policy file whether the proper provider are configured.
 
Sagar Kale
Ranch Hand
Posts: 188
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Karthik,

Thanks a lot for help.


Regards

Sagar
 
reply
    Bookmark Topic Watch Topic
  • New Topic