Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
Bartenders:
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

Wildcard Certificate with WebLogic 12cR2  RSS feed

 
Saloon Keeper
Posts: 2580
323
Android Angular Framework Eclipse IDE Java Linux MySQL Database Redhat TypeScript
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am trying to enable SSL on WebLogic 12cR2 using a wildcard certificate.  The certificate was signed by a trusted CA (I changed the domain name for this post) and the DNS infrastructure resolves the host names to the actual IPs.

Even though I have configured managed server to use the wildcard verfier (SSLWLSWildcardHostnameVerifier) using the the Admin Service GUI (and it is reflected in the config.xml), and on the command line when starting the managed server, the managed server does not seem to be using it, and declares that the verficiation failed because:
   Certificate contained *.test.example.com but check expected moos-wls-1.test.example.com

I see in the startup output, that it is not using the wildcard verifier:
   Using the default WebLogic SSL Hostname Verifier implementation

HTTPS access to the Web interfaces for both the Admin Server and the managed server work fine.


Is there some more I need to do to use a wildcard certificate?





 
Ranch Hand
Posts: 352
2
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One way is to implement a own hostname verifier.

By default wildcards are not allowed.
 
Ron McLeod
Saloon Keeper
Posts: 2580
323
Android Angular Framework Eclipse IDE Java Linux MySQL Database Redhat TypeScript
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I guess I could write my own, but shouldn't Oracle's Wildcarded Host Name Verifier work?

From what I see in the startup output, the wildcard verifier is not being used, even though I have configured to use it in multiple places.
 
German Gonzalez-Morris
Ranch Hand
Posts: 352
2
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, it should work that "Wildcarded Host Name Verifier".
 
Ron McLeod
Saloon Keeper
Posts: 2580
323
Android Angular Framework Eclipse IDE Java Linux MySQL Database Redhat TypeScript
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I still haven't sorted this out, but as a work-around, I have disabled host name verification for when WebLogic acts as a client by adding the following to the setDomainEnv.sh script:
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Same scenario and same problem. I was able to fix it by adding this to the setDomainEnv.cmd script:

On the next startup of the managed server the output changed from
   Using the default WebLogic SSL Hostname Verifier implementation
to
   Using the configured custom SSL Hostname Verifier implementation: weblogic.security.utils.SSLWLSWildcardHostnameVerifier.

Before the change I had this problem as well:
   <BEA-141151> <The Administration Server could not be reached at https://xxx:9501.>;
   <BEA-150018> <This server is being started in Managed Server independence mode in the absence of the Administration Server.>


I hope this will help someone, most topics and official support notes I have found on this just talk about disabling the hostname verification.
 
I found a beautiful pie. And a tiny ad:
how do I do my own kindle-like thing - without amazon
https://coderanch.com/t/711421/engineering/kindle-amazon
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!