We will start this example from the very beginning.
We'll create a certificate, a keystore and will perform all the different steps needed to get us started (using Keytool & OpenSSL)
Then we'll configure WebLogic to use that keystore.
Once a browser is able to access WebLogic, we will configure Apache to use SSL with WebLogic.
1 - Create a CSR & a keystore
In order to create these components, the tool used is Keytool from Sun. You have it in any JVM install :
For me it's : %BEA_HOME%\jdk160_05\bin\keytool.exe
For this example, as I'm lazy sometimes, I'm going to use Keytool UI, which is a graphical version of keytool, as its name tells.
First, let's create a sample and empty JKS. (JKS stands for Java KeyStore)
In this example, the password used is "weblogic".
Then just create a CSR (Certificate Signing Request)
Specify the previously created JKS and the algorithm to use :
Fill in the different fields, as you would with Keytool :
The creation should result in a small popup :
Viewing the content of the keystore
I used the following for the private key :
- alias : privatekey
- password : weblogic
2 - Configure WebLogic to use the previously created keystore
That's the easy part :)
Start your server and check that you have SSL enabled.
Then just change the identity of the server to point towards our keystore.
Here are the different options proposed. In our example, the option that best fits our need is "Custom identity & Java Standard Trust".
"Custom Identity" means we're using our own keystore and "Java Standard Trust" means we use the truststore from the JDK.
(%BEA_HOME%\jdk160_05\jre\lib\security\cacerts)
A truststore is a keystore containing all the trusted certificates.
You may print the truststore, just to see what's inside :
You can see that Verisign, Thawte and many other CA (Certificate Authorities) are listed.
We only have to specify the keystore we created, the type which is JKS and the password.
As for the Trust, just type the default password, which is "changeit".
A quick look in the WLS console shows :
<10 nov. 2008 23 h 47 CET> <Error> <WebLogicServer> <BEA-000297>
<Inconsistent security configuration, weblogic.management.configuration.ConfigurationException:
Cannot retrieve identity certificate and private key on server AdminServer, because the keystore entry alias is not specified.><10 nov. 2008 23 h 47 CET> <Error> <Server> <BEA-002618>
<An invalid attempt was made to configure a channel for unconfigured protocol "Cannot retrieve identity certificate
and private key on server AdminServer, because the keystore entry alias is not specified.".>
It's because we didn't supply the private key alias.
Just type the alias (privatekey) and the password (weblogic) and save.
This time, WLS seems to be happier :
<10 nov. 2008 23 h 52 CET> <Notice> <Security> <BEA-090171>
<Loading the identity certificate and private key stored under the alias privateKey from the JKS keystore
file D:\BEA_ROOT\user_projects\domains\essex\ssl\blog\mbutton.jks.><10 nov. 2008 23 h 52 CET> <Notice> <Security> <BEA-090169>
<Loading trusted certificates from the jks keystore file D:\BEA_ROOT\WLS_10.3\JDK160~1\jre\lib\security\cacerts.><10 nov. 2008 23 h 52 CET> <Notice> <Server> <BEA-002613>
<Channel "DefaultSecure" is now listening on 192.168.1.4:7002 for protocols iiops, t3s,
CLUSTER-BROADCAST-SECURE, ldaps, https.><10 nov. 2008 23 h 52 CET> <Notice> <Server> <BEA-002613>
<Channel "DefaultSecure[1]" is now listening on 127.0.0.1:7002 for protocols iiops, t3s,
CLUSTER-BROADCAST-SECURE, ldaps, https.>
Let's try to access the console using the secure port (7002).
A popup shows up :
Just some warning message saying that the certificate has been emitted by someone I don't trust
and that the certificate name doesn't match the site name.
It works.
3 - Display the certificate presented by WebLogic
To display the certificate, we've got two possibilities :
Click the lock in the browser window and use the built-in functionality to display the certificates.
Or use OpenSSL, which is the method I prefer.
C:\Documents and Settings\mbutton>openssl s_client -connect localhost:7002
Loading 'screen' into random state - done
CONNECTED(00000728)
depth=0 /emailAddress=mbutton@bea.com/C=FR/ST=Hauts-de-seine/L=Courbevoie/O=Oracle-BEA/OU=Consulting/CN=fr.mbutton.blog
verify error:num=18:self signed certificate
verify return:1
depth=0 /emailAddress=mbutton@bea.com/C=FR/ST=Hauts-de-seine/L=Courbevoie/O=Oracle-BEA/OU=Consulting/CN=fr.mbutton.blog
verify return:1
---
Certificate chain
0 s:/emailAddress=mbutton@bea.com/C=FR/ST=Hauts-de-seine/L=Courbevoie/O=Oracle-BEA/OU=Consulting/CN=fr.mbutton.blog
i:/emailAddress=mbutton@bea.com/C=FR/ST=Hauts-de-seine/L=Courbevoie/O=Oracle-BEA/OU=Consulting/CN=fr.mbutton.blog
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICtzCCAiCgAwIBAgIESRixbTANBgkqhkiG9w0BAQUFADCBnzEeMBwGCSqGSIb3
DQEJARYPbWJ1dHRvbkBiZWEuY29tMQswCQYDVQQGEwJGUjEXMBUGA1UECAwOSGF1
dHMtZGUtc2VpbmUxEzARBgNVBAcMCkNvdXJiZXZvaWUxEzARBgNVBAoMCk9yYWNs
ZS1CRUExEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD2ZyLm1idXR0b24u
YmxvZzAeFw0wODExMTAyMjEwNTNaFw0xMTExMTAyMjEwNTNaMIGfMR4wHAYJKoZI
hvcNAQkBFg9tYnV0dG9uQGJlYS5jb20xCzAJBgNVBAYTAkZSMRcwFQYDVQQIDA5I
YXV0cy1kZS1zZWluZTETMBEGA1UEBwwKQ291cmJldm9pZTETMBEGA1UECgwKT3Jh
Y2xlLUJFQTETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPZnIubWJ1dHRv
bi5ibG9nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCE4Eu/kWbTfjFQNWzm
YEGLEO8Mp7SY9R2d4MpZTCAPdS7DSjY1AsJMlTDxomsWAKdU/UaQuf0quyuO4oiM
7IxFMTHXEZ1TgXMUgHGgNYnkQIivcbskUFJuPUoYHW6mR9rlIkkVSkTPUVWaGvzt
gubEQhUvc1ndt8bpQRmnnOkZgQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAEEpAwNF
Fa21wGzoBk7WzQkHuWKfY3D2mCuON+u9GWHxrQoDG+u6i4LyY/5DK9IMrs5tzq7u
9htJAryKJVMpHH05Nb0Bq9ZENylHLb8nIeAZP6A8w1WVb4xfRC1KAz7HLcA3xlBw
9+RanPitwglr9GX6teINf8te3m7hVS1wC3Hg
-----END CERTIFICATE-----
subject=/emailAddress=mbutton@bea.com/C=FR/ST=Hauts-de-seine/L=Courbevoie/O=Oracle-BEA/OU=Consulting/CN=fr.mbutton.blog
issuer=/emailAddress=mbutton@bea.com/C=FR/ST=Hauts-de-seine/L=Courbevoie/O=Oracle-BEA/OU=Consulting/CN=fr.mbutton.blog
---
No client certificate CA names sent
---
SSL handshake has read 829 bytes and written 306 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: 48076FBB49156AD46E8B1DE5C6761319
Session-ID-ctx:
Master-Key: 0FE8F6A1A4A498FBE9832D7BE2FD999C2DA9C697F1311F6DE39A461293AD643E12DB8089828082581352D8FD5FF8E310
Key-Arg : None
Start Time: 1226358012
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
The section in red represents the certificate presented by the server.
ASCII delimited by "-----BEGIN CERTIFICATE-----" & "-----END CERTIFICATE-----" means it's a PEM.
We need to isolate it. Then just copy it in a file and name it "server.pem" for instance.
4 - Configure Apache SSL to access WebLogic
First, copy the apache plugin in the apache modules directory.
%BEA_ROOT%\wlserver_10.3\server\plugin\win\32\mod_wl_22.so
towards %APACHE_HOME%\modules
In your httpd.conf, add the following lines to have a clean and separate configuration for WebLogic.
############## WLS 10 Proxy Plugin
<IfModule !mod_weblogic.c>
LoadModule weblogic_module modules/mod_wl_22.so
</IfModule><IfModule mod_weblogic.c>
# Config file for WebLogic Server that defines the parameters
Include conf/weblogic.conf
</IfModule>
These few lines include the file weblogic.conf.
This file looks like :
<IfModule mod_weblogic.c>
<Location /console>
SetHandler weblogic-handler
WebLogicHost localhost
WebLogicPort 7002# SSL
SecureProxy ON
WLProxySSL ON
RequireSSLHostMatch false
TrustedCAFile D:\BEA_ROOT\user_projects\domains\essex\ssl\blog\server.pem
EnforceBasicConstraints false# DEBUG
WLLogFile D:\BEA_ROOT\user_projects\domains\essex\ssl\blog\wlproxy.log
Debug ALL
DebugConfigInfo ON
</Location>
</IfModule>
As you may have noticed, the "TrustedCAFile" is the full path towards our server certificate (the one we got from OpenSSL !)
For more information about configuring WebLogic plugin, http://edocs.bea.com/wls/docs100/plugins/apache.html
Then accessing the console through the following URL : http://localhost/console shows in the wlproxy.log :
Tue Nov 11 00:08:43 2008 <502412263585231>
================New Request: [GET /console HTTP/1.1] =================
Tue Nov 11 00:08:43 2008 <502412263585231> INFO: SSL is configured
Tue Nov 11 00:08:43 2008 <502412263585231> SSL Main Context not set. Calling InitSSL
Tue Nov 11 00:08:43 2008 <502412263585231> INFO: SSL configured successfully
Tue Nov 11 00:08:43 2008 <502412263585231> Using Uri /console
Tue Nov 11 00:08:43 2008 <502412263585231> After trimming path: '/console'
Tue Nov 11 00:08:43 2008 <502412263585231> The final request string is '/console'
Tue Nov 11 00:08:43 2008 <502412263585231> Host extracted from serverlist is [localhost]
Tue Nov 11 00:08:43 2008 <502412263585231> Initializing lastIndex=0 for a list of length=1
Tue Nov 11 00:08:43 2008 <502412263585231> getListNode: created a new server node: id='localhost:7002' server_name='localhost', port='80'
Tue Nov 11 00:08:43 2008 <502412263585231> attempt #0 out of a max of 5
Tue Nov 11 00:08:43 2008 <502412263585231> Trying a pooled connection for '127.0.0.1/7002/7002'
Tue Nov 11 00:08:43 2008 <502412263585231> getPooledConn: No more connections in the pool for Host[127.0.0.1] Port[7002] SecurePort[7002]
Tue Nov 11 00:08:43 2008 <502412263585231> general list: trying connect to '127.0.0.1'/7002/7002 at line 2619 for '/console'
Tue Nov 11 00:08:43 2008 <502412263585231> New SSL URL: match = 0 oid = 22
Tue Nov 11 00:08:43 2008 <502412263585231> Connect returns -1, and error no set to 10035, msg 'Unknown error'
Tue Nov 11 00:08:43 2008 <502412263585231> EINPROGRESS in connect() - selecting
Tue Nov 11 00:08:43 2008 <502412263585231> Setting peerID for new SSL connection
Tue Nov 11 00:08:43 2008 <502412263585231> 7f00 0001 5a1b 0000 ....Z...
Tue Nov 11 00:08:43 2008 <502412263585231> Local Port of the socket is 1782
Tue Nov 11 00:08:43 2008 <502412263585231> Remote Host 127.0.0.1 Remote Port 7002
Tue Nov 11 00:08:43 2008 <502412263585231> general list: created a new connection to '127.0.0.1'/7002 for '/console', Local port:1782
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from clnt:[Accept]=[image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, ...Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from clnt:[Accept-Language]=[fr]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from clnt:[Accept-Encoding]=[gzip, deflate]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from clnt:[User-Agent]=[Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ...Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from clnt:[Host]=[localhost]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from clnt:[Connection]=[Keep-Alive]
Tue Nov 11 00:08:43 2008 <502412263585231> URL::sendHeaders(): meth='GET' file='/console' protocol='HTTP/1.1'
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[Accept]=[image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, ...Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[Accept-Language]=[fr]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[Accept-Encoding]=[gzip, deflate]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[User-Agent]=[Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ...Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[Host]=[localhost]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[Connection]=[Keep-Alive]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[WL-Proxy-SSL]=[true]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[WL-Proxy-Client-IP]=[127.0.0.1]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[Proxy-Client-IP]=[127.0.0.1]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[X-Forwarded-For]=[127.0.0.1]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[X-WebLogic-KeepAliveSecs]=[30]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
Tue Nov 11 00:08:43 2008 <502412263585231> INFO: Certificate validation succeeded
Tue Nov 11 00:08:43 2008 <502412263585231> INFO: Negotiated to cipher: 3
Tue Nov 11 00:08:43 2008 <502412263585231> SSLWrite sent 782
Tue Nov 11 00:08:43 2008 <502412263585231> SSLWrite completed, sent 782
Tue Nov 11 00:08:43 2008 <502412263585231> Reader::fill() SSLRead success, read: 202
Tue Nov 11 00:08:43 2008 <502412263585231> URL::parseHeaders: CompleteStatusLine set to [HTTP/1.1 302 Moved Temporarily]
Tue Nov 11 00:08:43 2008 <502412263585231> URL::parseHeaders: StatusLine set to [302 Moved Temporarily]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from WLS:[Date]=[Mon, 10 Nov 2008 23:08:43 GMT]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from WLS:[Transfer-Encoding]=[chunked]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from WLS:[Location]=[https://localhost/console/]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from WLS:[X-WebLogic-JVMID]=[-353258681]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from WLS:[X-Powered-By]=[Servlet/2.5 JSP/2.1]
Tue Nov 11 00:08:43 2008 <502412263585231> parsed all headers OK
Tue Nov 11 00:08:43 2008 <502412263585231> sendResponse() : r->status = '302'
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to client (reset):[Date]=[Mon, 10 Nov 2008 23:08:43 GMT]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to client (reset):[Location]=[https://localhost/console/]
Tue Nov 11 00:08:43 2008 <502412263585231> for 127.0.0.1/7002/7002, updated JVMID: -353258681
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to client (reset):[X-Powered-By]=[Servlet/2.5 JSP/2.1]
Tue Nov 11 00:08:43 2008 <502412263585231> Reader::fill() SSLRead success, read: 255
Tue Nov 11 00:08:43 2008 <502412263585231> Reader::fill() SSLRead success, read: 8
Tue Nov 11 00:08:43 2008 <502412263585231> canRecycle: conn=1 status=302 isKA=1 clen=-1 isCTE=1
Tue Nov 11 00:08:43 2008 <502412263585231> closeConn: pooling for '127.0.0.1/7002'
Tue Nov 11 00:08:43 2008 <502412263585231> request [/console] processed sucessfully..................
And if we set a bad certificate name, restart Apache, an access to the same URL shows :
Tue Nov 11 00:09:59 2008 <340812263585991>
================New Request: [GET /console HTTP/1.1] =================
Tue Nov 11 00:09:59 2008 <340812263585991> INFO: SSL is configured
Tue Nov 11 00:09:59 2008 <340812263585991> SSL Main Context not set. Calling InitSSL
Tue Nov 11 00:09:59 2008 <340812263585991> ERROR: SSL initialization failed
So this it ...
Hope it was clear and useful. Anyway, here are just the main lines. Don't go in production with such a configuration :)
(even if it's not worst than using WebLogic DemoTrust & DemoCertificates ...)
19 comments:
Thanks! It is really helpful.
Nice job, but was does this error mean?
Connect returns -1, and error no set to 10035, msg 'Unknown error'
Hi Max,
In WLSProxy log i can see the below :-
Using Uri /console
Tue Nov 11 00:08:43 2008 <502412263585231> After trimming path: '/console'
Tue Nov 11 00:08:43 2008 <502412263585231> The final request string is '/console'
Can u tel me what exactly that message indicates????
Hi, the Path Trim is useful when you want to alter the original URL before hitting the server.
More details :
http://e-docs.bea.com/wls/docs81/plugins/plugin_params.html#1157965
Hurry up, by the end of the month, this link won't be valid anymore and you'll have to search on OTN :)
Hi Max,
I know abt the functionality of pathtrim...but here in the httpd.conf we are not mentioning the pathtrim parameter.So i am confused how the Pathtrim will owrk here ???
IfModule mod_weblogic.c
Location /console
SetHandler weblogic-handler
WebLogicHost localhost
WebLogicPort 7002
Also it will be great if u could tel me the flow of the request how it works when we hit the URL http://localhost/console here with respect to pathtrim.....
The trim function seems to be called on each request, even if you did not configure it.
That's why you can observe that message in your log : it's called but does nothing.
Thx a lot for your clarification MAX.....
RENJAN
hello...
I was testing the steps u mentioned...
After all the configuration whne we try to access the console http://localhost/console it is not giving me the console page(page cannot be displayed) ..but it is logging ssl successful in wlsproxy.log.
Any suggestions....
Regards,
Tony
Is the wa
Tony,
If you are not planning to proxy by path, you don't need the location tag. You only need to use a MatchExpression. See http://download.oracle.com/docs/cd/E13222_01/wls/docs92/plugins/apache.html
Here's what I've used and it works for me. Its a slight variation of what Max has:
?IfModule mod_weblogic.c?
WebLogicHost WL_Server
WebLogicPort 7002
MatchExpression *
# SSL
SecureProxy ON
WLProxySSL ON
RequireSSLHostMatch false
TrustedCAFile C:\PROGRA~1\APACHE~1\Apache2.2\WL_Server_TrustedCA.pem
EnforceBasicConstraints false
?IfModule?
Notice that I don't have the Location tag. Instead I have everything inside the IfModule tags (BTW, I had to replace the XML tags with "?" because blogger does not allow those tags). Also instead of a PathTrim, I use MatchExpression.
Max, correct me if I'm wrong
Max,
I have weird problem. I have two instances(non-clustered) in two domains(port 7001 and 7003). I would like to configure Apache plugin to forward to both applications.
For eg,
Domain 1 has app1 on 7001
Domain 2 has App2 on 7003
In the browser, when i hit
http://localhost/app1 it should go to domain 1(port 7001)
If I hit, http://localhost/app2 it should go to domain 2(port 7003)
But unfortunately, httpd.conf allows only one weblogic host to configure.
Do you have any idea if i can configure two instances which is running in different port?
@Alex : yes there are several possibilities as for the Apache configuration.
Yours is correct but note it will use SSL for each and every call, no matter what the path is.
Dtermining a specified path allows to configure a different behavior for every path (= every application).
Depends on your needs but it could be worth it.
@Ananth : so you tried a configuration like that ?
**********************************
>IfModule mod_weblogic.c<
>Location /app1<
SetHandler weblogic-handler
WebLogicHost localhost
WebLogicPort 7001
# DEBUG
WLLogFile wlproxy.log
Debug ALL
DebugConfigInfo ON
>/Location<
>Location /App2<
SetHandler weblogic-handler
WebLogicHost localhost
WebLogicPort 7003
# DEBUG
WLLogFile wlproxy.log
Debug ALL
DebugConfigInfo ON
>/Location<
>/IfModule<
**********************************
Well, to be honest, I don't see any reason why it wouldn't work. In order to give you a proper answer, could you post a lil part of your httpd.conf ? (or send it to my email@)
Regards.
Hi, I am having some issue when I installed and configured SSL on weblogic 10.3.2. The problem is when I installed it appears that it is installed properly as I can see it installed using keytool command but when i started weblogic to work in SSL mode I am getting this error:
in keystore /.keystore on server AdminServer>
any clues as to why am I getting these?
I am also facing the same issues faced by Tony, I tried whatever Alex has mentioned. Still I am getting page cannot be displayed page
Hi Max,
Can this be apply on Weblogic 8.1? I'm tried to configure the weblogic 8.1 with apache web server 2.0.64 right now but got some problems. My proxy log shows that:
INFO: SSL is configured
SSL Main Context not set. Calling InitSSL
INFO: Initializing SSL library
Loaded 1 trusted CA's
INFO: Successfully initialized SSL
INFO: SSL configured successfully
Using Uri /secureWebAuth/
After trimming path: '/secureWebAuth/'
The final request string is '/secureWebAuth/'
Host extracted from serverlist is [10.122.50.48]
Initializing lastIndex=0 for a list of length=1
getListNode: created a new server node: id='10.122.50.48:7002' server_name='winxp-sgg2', port='443'
general list: trying connect to '10.122.50.48'/7002/7002 at line 2696 for '/secureWebAuth/'
New SSL URL: match = 0 oid = 22
Connect returns -1, and error no set to 10035, msg 'Unknown error'
EINPROGRESS in connect() - selecting
Setting peerID for new SSL connection
0a7a 3230 5a1b 0000 .z20Z...
Local Port of the socket is 1601
Remote Host 10.122.50.48 Remote Port 7002
general list: created a new connection to '10.122.50.48'/7002 for '/secureWebAuth/', Local port:1601
Hdrs from clnt:[Host]=[winxp-sgg2]
Hdrs from clnt:[Connection]=[keep-alive]
Hdrs from clnt:[Cache-Control]=[max-age=0]
Hdrs from clnt:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
Hdrs from clnt:[Accept]=[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Hdrs from clnt:[Accept-Encoding]=[gzip,deflate,sdch]
Hdrs from clnt:[Accept-Language]=[en-US,en;q=0.8]
Hdrs from clnt:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
Hdrs from clnt:[Cookie]=[JSESSIONID=hMQYTx8Gd821vfdvF4z5cqtQVRXyMCCDG7yphrCzKpCpnX3GyCg1!1355456249]
URL::sendHeaders(): meth='GET' file='/secureWebAuth/' protocol='HTTP/1.1'
Hdrs to WLS:[Host]=[winxp-sgg2]
Hdrs to WLS:[Cache-Control]=[max-age=0]
Hdrs to WLS:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
Hdrs to WLS:[Accept]=[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Hdrs to WLS:[Accept-Encoding]=[gzip,deflate,sdch]
Hdrs to WLS:[Accept-Language]=[en-US,en;q=0.8]
Hdrs to WLS:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
Hdrs to WLS:[Cookie]=[JSESSIONID=hMQYTx8Gd821vfdvF4z5cqtQVRXyMCCDG7yphrCzKpCpnX3GyCg1!1355456249]
Hdrs to WLS:[Connection]=[Keep-Alive]
Hdrs to WLS:[WL-Proxy-SSL]=[true]
Hdrs to WLS:[WL-Proxy-Client-IP]=[10.122.50.218]
Hdrs to WLS:[Proxy-Client-IP]=[10.122.50.218]
Hdrs to WLS:[X-Forwarded-For]=[10.122.50.218]
Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
INFO: No session match found
INFO: No CA was trusted, validation failed
INFO: DeleteSessionCallback
ERROR: SSLWrite failed
SEND failed (ret=-1) at 789 of file ../nsapi/URL.cpp
*******Exception type [WRITE_ERROR_TO_SERVER] raised at line 790 of ../nsapi/URL.cpp
Marking 10.122.50.48:7002 as bad
got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 790 of ../nsapi/URL.cpp]: at line 3078
INFO: Closing SSL context
INFO: Error after SSLClose, socket may already have been closed by peer
Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
What should i do to fix this problem?
Thank you Max...Has been trying 2 way ssl ihs7-wl10350 quite some time(embarrassed to say how much)..This worrkkked like charm...first attempt!!!
Thanks a lot!!
regards,
ranjith...
anyone know about this error??
I'm using Thawte Trial Version and I'm hitting the below issue
Hdrs to WLS:[X-WebLogic-Request-ClusterInfo]=[true]
Mon Jul 6 20:02:40 2015 <1587814361841601> INFO: SSL certificate chain validation failed: -6986
Mon Jul 6 20:02:40 2015 <1587814361841601> trusted certs = 1
Mon Jul 6 20:02:40 2015 <1587814361841601> dumping cert chain
Mon Jul 6 20:02:40 2015 <1587814361841601> commonName is thawte Trial Secure Server Root CA
Mon Jul 6 20:02:40 2015 <1587814361841601> commonName is thawte Trial Secure Server CA - G2
Mon Jul 6 20:02:40 2015 <1587814361841601> commonName is testcomp
Mon Jul 6 20:02:40 2015 <1587814361841601> ERROR: SSLWrite failed
Mon Jul 6 20:02:40 2015 <1587814361841601> SEND failed (ret=-1) at 805 of file ../nsapi/URL.cpp
Mon Jul 6 20:02:40 2015 <1587814361841601> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 806 of ../nsapi/URL.cpp
Mon Jul 6 20:02:40 2015 <1587814361841601> Marking 172.16.3.120:7061 as bad
Mon Jul 6 20:02:40 2015 <1587814361841601> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 806 of ../nsapi/URL.cpp]: at line 3152
Mon Jul 6 20:02:40 2015 <1587814361841601> INFO: Closing SSL context
Mon Jul 6 20:02:40 2015 <1587814361841601> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
Elaine,
I am also getting the same error, did you resolve the problem? Please let me know how to fx this.
Thank You
can you tell me, from where you get server.pem file used in httpd.conf
Post a Comment