aspose file tools*
The moose likes Security and the fly likes weblogic 8.1 SSL configuration. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "weblogic 8.1 SSL configuration." Watch "weblogic 8.1 SSL configuration." New topic
Author

weblogic 8.1 SSL configuration.

Sagar Kale
Ranch Hand

Joined: May 02, 2008
Posts: 188
Hi All,




I am learning how to configure SSL on weblogic server 8.1 sp1.


I do not have much knowledge on SSL. I just read one small tutorial and did following.


1) keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks -keysize 512

2) keytool -export -alias server-alias -storepass changeit -file server.cer -keystore keystore.jks



Then on weblogic server configuration tab






I enetered following


Keystores: Custom Identity and java standard trust


Custom Identity Keystore:\key1\keystore.jks
Type: jks
Java Standard Trust Keystore:JAVA_HOME\jre\lib\security\cacerts
Type:JKS


Private Key:from Custom Identity Keystore
Private Key Alias: server-alias

Certificate:from Custom Identity Keystore
Trusted Certificate Authorities:from Java Standard Trust Keystore




This works fine on IE when I visit a page on web application using https://localhost:7002/Testpage.jsp.


But when I visit same page using FireFox, it gives me following exceptions.



<Jun 28, 2008 11:47:26 AM GMT+05:30> <Debug> <TLS> <000000> <Exception during ha
ndshake, stack trace follows
java.security.NoSuchAlgorithmException
at com.certicom.tls.record.handshake.ServerStateNoHandshake.matchCipherS
uites(Unknown Source)
at com.certicom.tls.record.handshake.ServerStateNoHandshake.handle(Unkno
wn Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleVersion2Hand
shakeMessages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedS
ocket(Unknown Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
>
<Jun 28, 2008 11:47:26 AM GMT+05:30> <Debug> <TLS> <000000> <NEW ALERT: com.cert
icom.tls.record.alert.Alert@114af16 Severity: 2 Type: 40
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
atcom.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleVersion2Hand
shakeMessages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedS
ocket(Unknown Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
>
<Jun 28, 2008 11:47:26 AM GMT+05:30> <Debug> <TLS> <000000> <write ALERT offset
= 0 length = 2>
<Jun 28, 2008 11:47:26 AM GMT+05:30> <Debug> <TLS> <000000> <close(): 15022412>

<Jun 28, 2008 11:47:26 AM GMT+05:30> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 8939961>



Please help me.
Karthik Rajendiran
Ranch Hand

Joined: Aug 13, 2004
Posts: 211
SSL Creation involves

1. Download and Install SSL Impl [ Normally j2se comes with one ]
1. a create keystore
Create the keystore with the following Command.



2. Create CSR
Create CSR [Certificate Service Request]
To Order SSL Certificate from Certificate Authority, we need send CSR to them, containing, our publickey, private key information.



Note: -certreq option to inform keytool to generate CSR.
-file output csr file name.
At the end of this successful execution of the command, we get the CSR file.

3. Order for Trial SSL Certificate
Navigate to Verisign or Thwate Website and follow the steps mentioned there to get trial ssl certificate.
After registration, they will ask for the CSR created in the step2.

After Sending the CSR file to CA�s, we will be sent trial Certificate and Chain Certificate. Chain certificate is also called Root Certificate.
We would be getting links for 3 certificates
1. Root Certificate [Root CA}
2. Intermediate CA
3. Trial SSL Certificate [This is the one we ordered].

Prior Installing the trial SSL Certificate, we need to register Root , Intermediate Certificates with tomcat.


4.Install Root Certificate in Browser.
check vendor site, verisign or thwate

5. Installing the SSL Certificate in KeyStore.
Step 5.a
Import the Root CA with command.


5.b Import the Intermediate CA.


Step 5.c
Import the Trial SSL Certificate.


6. Here check with weblogic manual where to change the ssl settings for the domain.
I have given for tomcat

Step 6.a Copy the KeyStore file to Webapps directory in tomcat folder

Step 6.b Edit the server.xml to contain the following entries.


Step 7 Modify the web.xml of your webapp with following Tag



Check in JSP if request.isSecure returns true,


SCJP 1.4 SCWCD 1.4 SCDJWS 1.4
Karthik Rajendiran
Ranch Hand

Joined: Aug 13, 2004
Posts: 211
If you are getting no algorithm
Check you java.security.policy file whether the proper provider are configured.
Sagar Kale
Ranch Hand

Joined: May 02, 2008
Posts: 188
Hi Karthik,

Thanks a lot for help.


Regards

Sagar
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: weblogic 8.1 SSL configuration.