This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
SSL Handshake when connecting to the weblogic server
The SSL handshake process is failing with your client. This is probably because your certificate is self signed.
1. Extract the certificate to a .cer file.
2. Import the certificate to a keystore.
3. Tell your java client to use this keystore (can be done using some system properties).
4. The SSL handshake should go through.
You should be able to do this whether or no the app server runs in Unix. As for the system property, mmm... wait a minute. You need to set the system property only when you need 2 way SSL authentication or a custom keystore. So do this instead of setting the property
1. Extract the certificate and put it into the cacerts default keystore that comes with your client JDK/JRE.
2. Run the client. It will work
Joined: Oct 08, 2008
Since the implementation is for production and we were looking for some solid solution.
Can I map the key and cert in the context object by editing the existing java code. if possible please assist us with some code samples.
No that should be it. An additional piece of information if you hit a road block
Your handshake may still fail if the host verification fails. That is, if the certificate is issued for the common name 184.108.40.206 and you request http://dns-name instead of http://220.127.116.11, verification at the java client will fail. You can either issue a new and valid certificate or you can override host name verification in the client to ignore this problem (not recommended) or yet still, you can request for the correct name in the t3s url.
Yes first we are going to try this in DEV. But I guess I have to search for an alternative solution for Production. Because I guess they will not allow these things in Prod.
Please suggest me for an alternative solution if any.
Anything else I need to add in the cert.txt. Otherthan
Why would they not allow this in production and who are "they". If you do not want to do this in production you can get yourself a valid SSL certificate. A certificate valid for one year costs as little as 20$.
You do not need to add anything in cert.txt other than what the extracted cert contains. It is best not to touch anything without the use of a tool
Joined: Oct 08, 2008
Am not sure, they were weblogic admin persons and I have to check with them.
If I add the certificate in the keystore then all java clients which are running in the JVM instance will trusted by default rite.
Even i am facing same issue in weblogic ssl Dertificate. i have imported certificate in appropiate way on linux server,i have attached error with this issue.
below is the error
weblogic.wsee.jaxrpc.soapfault.WLSOAPFaultException: Failed to receive message javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from slo-qnt-ca2.ifw.hedani.net - 18.104.22.168 --> cssnowbuild.service-now.com was not trusted causing SSL handshake failure.
-> [Security:090477]Certificate chain received from slo-qnt-ca2.ifw.hedani.net - 22.214.171.124 --> cssnowbuild.service-now.com was not trusted causing SSL handshake failure.