| Author |
weblogic 8.1 SSL configuration.
|
Sagar Kale
Ranch Hand
Joined: May 02, 2008
Posts: 188
|
|
Hi All,
I am learning how to configure SSL on weblogic server 8.1 sp1.
I do not have much knowledge on SSL. I just read one small tutorial and did following.
1) keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks -keysize 512
2) keytool -export -alias server-alias -storepass changeit -file server.cer -keystore keystore.jks
Then on weblogic server configuration tab
I enetered following
Keystores: Custom Identity and java standard trust
Custom Identity Keystore :\key1\keystore.jks
Type: jks
Java Standard Trust Keystore:JAVA_HOME\jre\lib\security\cacerts
Type:JKS
Private Key:from Custom Identity Keystore
Private Key Alias: server-alias
Certificate:from Custom Identity Keystore
Trusted Certificate Authorities:from Java Standard Trust Keystore
This works fine on IE when I visit a page on web application using https://localhost:7002/Testpage.jsp.
But when I visit same page using FireFox, it gives me following exceptions.
<Jun 28, 2008 11:47:26 AM GMT+05:30> <Debug> <TLS> <000000> <Exception during ha
ndshake, stack trace follows
java.security.NoSuchAlgorithmException
at com.certicom.tls.record.handshake.ServerStateNoHandshake.matchCipherS
uites(Unknown Source)
at com.certicom.tls.record.handshake.ServerStateNoHandshake.handle(Unkno
wn Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleVersion2Hand
shakeMessages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedS
ocket(Unknown Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
>
<Jun 28, 2008 11:47:26 AM GMT+05:30> <Debug> <TLS> <000000> <NEW ALERT: com.cert
icom.tls.record.alert.Alert@114af16 Severity: 2 Type: 40
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
atcom.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleVersion2Hand
shakeMessages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedS
ocket(Unknown Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
>
<Jun 28, 2008 11:47:26 AM GMT+05:30> <Debug> <TLS> <000000> <write ALERT offset
= 0 length = 2>
<Jun 28, 2008 11:47:26 AM GMT+05:30> <Debug> <TLS> <000000> <close(): 15022412>
<Jun 28, 2008 11:47:26 AM GMT+05:30> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 8939961>
Please help me.
|
 |
Karthik Rajendiran
Ranch Hand
Joined: Aug 13, 2004
Posts: 209
|
|
SSL Creation involves
1. Download and Install SSL Impl [ Normally j2se comes with one ]
1. a create keystore
Create the keystore with the following Command.
2. Create CSR
Create CSR [Certificate Service Request]
To Order SSL Certificate from Certificate Authority, we need send CSR to them, containing, our publickey, private key information.
Note: -certreq option to inform keytool to generate CSR.
-file output csr file name.
At the end of this successful execution of the command, we get the CSR file.
3. Order for Trial SSL Certificate
Navigate to Verisign or Thwate Website and follow the steps mentioned there to get trial ssl certificate.
After registration, they will ask for the CSR created in the step2.
After Sending the CSR file to CA�s, we will be sent trial Certificate and Chain Certificate. Chain certificate is also called Root Certificate.
We would be getting links for 3 certificates
1. Root Certificate [Root CA}
2. Intermediate CA
3. Trial SSL Certificate [This is the one we ordered].
Prior Installing the trial SSL Certificate, we need to register Root , Intermediate Certificates with tomcat.
4.Install Root Certificate in Browser.
check vendor site, verisign or thwate
5. Installing the SSL Certificate in KeyStore.
Step 5.a
Import the Root CA with command.
5.b Import the Intermediate CA.
Step 5.c
Import the Trial SSL Certificate.
6. Here check with weblogic manual where to change the ssl settings for the domain.
I have given for tomcat
Step 6.a Copy the KeyStore file to Webapps directory in tomcat folder
Step 6.b Edit the server.xml to contain the following entries.
Step 7 Modify the web.xml of your webapp with following Tag
Check in JSP if request.isSecure returns true,
|
SCJP 1.4 SCWCD 1.4 SCDJWS 1.4
|
|
Karthik Rajendiran
Ranch Hand
Joined: Aug 13, 2004
Posts: 209
|
|
If you are getting no algorithm
Check you java.security.policy file whether the proper provider are configured.
|
|
Sagar Kale
Ranch Hand
Joined: May 02, 2008
Posts: 188
|
|
Hi Karthik,
Thanks a lot for help.
Regards
Sagar
|
|
 |
|
|
subject: weblogic 8.1 SSL configuration.
|
|
|
0
