Comments on: Configuring two way SSL between Client and Weblogic server with Apache proxying the request. http://weblogic-wonders.com/weblogic/2009/10/12/configuring-two-way-ssl-between-client-and-weblogic-server-with-apache-proxying-the-request/ A place for all middleware solutions!! Fri, 17 May 2013 05:35:26 +0000 hourly 1 http://wordpress.org/?v=3.1 By: Faisal http://weblogic-wonders.com/weblogic/2009/10/12/configuring-two-way-ssl-between-client-and-weblogic-server-with-apache-proxying-the-request/#comment-44190 Faisal Fri, 13 Jul 2012 11:44:21 +0000 http://weblogic-wonders.com/weblogic/2009/10/12/configuring-two-way-ssl-between-client-and-weblogic-server-with-apache-proxying-the-request/#comment-44190 remove password from the server.key to overcome the error below. SSLPassPhraseDialog builtin is not supported on Win32 openssl rsa -in server.key.bak -out server.key remove password from the server.key to overcome the error below.

SSLPassPhraseDialog builtin is not supported on Win32

openssl rsa -in server.key.bak -out server.key

]]> By: admin http://weblogic-wonders.com/weblogic/2009/10/12/configuring-two-way-ssl-between-client-and-weblogic-server-with-apache-proxying-the-request/#comment-385 admin Wed, 16 Jun 2010 04:32:46 +0000 http://weblogic-wonders.com/weblogic/2009/10/12/configuring-two-way-ssl-between-client-and-weblogic-server-with-apache-proxying-the-request/#comment-385 U can give multiple TrustedCAFile parameter in the httpd.conf file. Each TrustedCAFile pointing to the managed server certificate in PEM format. Thanks for posting -Faisal U can give multiple TrustedCAFile parameter in the httpd.conf file. Each TrustedCAFile pointing to the managed server certificate in PEM format.

Thanks for posting
-Faisal

]]> By: Vinod Sharma http://weblogic-wonders.com/weblogic/2009/10/12/configuring-two-way-ssl-between-client-and-weblogic-server-with-apache-proxying-the-request/#comment-384 Vinod Sharma Tue, 15 Jun 2010 17:31:53 +0000 http://weblogic-wonders.com/weblogic/2009/10/12/configuring-two-way-ssl-between-client-and-weblogic-server-with-apache-proxying-the-request/#comment-384 Hi Faisal, I am facing some issues with on way SSL from iPlanet (Sun web Server 7) to WebLogic Cluster. The architecture is 4 WLS Managed Servers, 1 iPlanet web Server. There are 4 self signed certs on 4 managed servers. So to have secure connection between wl proxy plugin and backend Managed Servers, I tried to use Trust keystore as a TrustedCAFile parameter to the wl proxy plugin, but it doesn't work. If I use the Public key of one of the Self-signed cert in PEM format it works. Is there any way to make wl proxy config in such a way that, it should trust all the self signed certs on all managed servers at a time. Your help in this regard is highly appreciated. Best regards, Vin Hi Faisal,

I am facing some issues with on way SSL from iPlanet (Sun web Server 7) to WebLogic Cluster.

The architecture is 4 WLS Managed Servers, 1 iPlanet web Server.

There are 4 self signed certs on 4 managed servers.
So to have secure connection between wl proxy plugin and backend Managed Servers, I tried to use Trust keystore as a TrustedCAFile parameter to the wl proxy plugin, but it doesn’t work.
If I use the Public key of one of the Self-signed cert in PEM format it works.

Is there any way to make wl proxy config in such a way that, it should trust all the self signed certs on all managed servers at a time.

Your help in this regard is highly appreciated.

Best regards,
Vin

]]> By: admin http://weblogic-wonders.com/weblogic/2009/10/12/configuring-two-way-ssl-between-client-and-weblogic-server-with-apache-proxying-the-request/#comment-383 admin Thu, 03 Jun 2010 15:10:55 +0000 http://weblogic-wonders.com/weblogic/2009/10/12/configuring-two-way-ssl-between-client-and-weblogic-server-with-apache-proxying-the-request/#comment-383 Hi Hari convert the der file to pem file using the following command line and then use it as a trustedCA file java utils.der2pem .der This will create a pem file in the same directory. Try it and let me know. Hi Hari

convert the der file to pem file using the following command line and then use it as a trustedCA file

java utils.der2pem .der

This will create a pem file in the same directory.

Try it and let me know.

]]> By: hsamudra http://weblogic-wonders.com/weblogic/2009/10/12/configuring-two-way-ssl-between-client-and-weblogic-server-with-apache-proxying-the-request/#comment-382 hsamudra Thu, 03 Jun 2010 14:56:54 +0000 http://weblogic-wonders.com/weblogic/2009/10/12/configuring-two-way-ssl-between-client-and-weblogic-server-with-apache-proxying-the-request/#comment-382 Hi Faizal, I am trying to configure Apache as SSL I am getting the following error Thu Jun 03 20:18:24 2010 ERROR: Failed to load trusted CA file(D:\hk\certificates\rootCA.der). err = 0 loaded = 0 Thu Jun 03 20:18:24 2010 ERROR: SSL initialization failed I am not able to access the console however this is working fine with http WLS 10.3 and Apache 2.2 Hi Faizal,

I am trying to configure Apache as SSL

I am getting the following error

Thu Jun 03 20:18:24 2010 ERROR: Failed to load trusted CA file(D:\hk\certificates\rootCA.der). err = 0 loaded = 0
Thu Jun 03 20:18:24 2010 ERROR: SSL initialization failed

I am not able to access the console however this is working fine with http

WLS 10.3 and Apache 2.2

]]> By: Faisal Khan http://weblogic-wonders.com/weblogic/2009/10/12/configuring-two-way-ssl-between-client-and-weblogic-server-with-apache-proxying-the-request/#comment-43 Faisal Khan Tue, 23 Mar 2010 06:53:19 +0000 http://weblogic-wonders.com/weblogic/2009/10/12/configuring-two-way-ssl-between-client-and-weblogic-server-with-apache-proxying-the-request/#comment-43 can you mail me your complete server log file at khan.faysal06@gmail.com<br /><br />And explain me ur architechture, when exactly are u getting these exceptions? can you mail me your complete server log file at khan.faysal06@gmail.com

And explain me ur architechture, when exactly are u getting these exceptions?

]]> By: Sharma Jampani http://weblogic-wonders.com/weblogic/2009/10/12/configuring-two-way-ssl-between-client-and-weblogic-server-with-apache-proxying-the-request/#comment-42 Sharma Jampani Mon, 22 Mar 2010 19:36:15 +0000 http://weblogic-wonders.com/weblogic/2009/10/12/configuring-two-way-ssl-between-client-and-weblogic-server-with-apache-proxying-the-request/#comment-42 Hi Faisal, <br /><br />Got stucked with SSL, previously it was working and now it is throwing eating exception by saying that Algorithm MD5 not available<br /><br />(self-tuning)'> <> <> <> <1269284150344> <........... Eating Exception ..........<br />java.security.NoSuchAlgorithmException: Algorithm MD5 not available<br /> at javax.crypto.Mac.getInstance(DashoA13*..)<br /> at com.certicom.tls.provider.Mac.getInstance(Unknown Source)<br /> at com.certicom.tls.ciphersuite.SecurityParameters.makeKeys(Unknown Source)<br /> at com.certicom.tls.ciphersuite.SecurityParameters.deriveKeys(Unknown Source)<br /> at com.certicom.tls.ciphersuite.SecurityParameters.(Unknown Source)<br /> at com.certicom.tls.record.handshake.HandshakeHandler.generateSecurityParameters(Unknown Source)<br /> at com.certicom.tls.record.handshake.ServerStateNoHandshake.resumeSession(Unknown Source)<br /> at com.certicom.tls.record.handshake.ServerStateNoHandshake.handle(Unknown Source)<br /> at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)<br /> at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)<br /> at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)<br /> at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)<br /> at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)<br /> at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)<br /> at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)<br /> at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)<br /> at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)<br /> at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)<br /> at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)<br /> at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)<br />> <br /><br />please help Hi Faisal,

Got stucked with SSL, previously it was working and now it is throwing eating exception by saying that Algorithm MD5 not available

(self-tuning)'> <> <> <> <1269284150344> <……….. Eating Exception ……….
java.security.NoSuchAlgorithmException: Algorithm MD5 not available
at javax.crypto.Mac.getInstance(DashoA13*..)
at com.certicom.tls.provider.Mac.getInstance(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.makeKeys(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.deriveKeys(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.generateSecurityParameters(Unknown Source)
at com.certicom.tls.record.handshake.ServerStateNoHandshake.resumeSession(Unknown Source)
at com.certicom.tls.record.handshake.ServerStateNoHandshake.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>

please help

]]> By: Jazz_in http://weblogic-wonders.com/weblogic/2009/10/12/configuring-two-way-ssl-between-client-and-weblogic-server-with-apache-proxying-the-request/#comment-20 Jazz_in Wed, 25 Nov 2009 12:17:01 +0000 http://weblogic-wonders.com/weblogic/2009/10/12/configuring-two-way-ssl-between-client-and-weblogic-server-with-apache-proxying-the-request/#comment-20 good.. good..

]]>