SSL in Weblogic 7 - Weblogic

This is a discussion on SSL in Weblogic 7 - Weblogic ; Hey all, I'm trying to get 2 way SSL set up on Weblogic 7.0.2. At this stage I'm keeping it simple, and just having a standalone test case that makes an https call to weblogic so that I can view ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: SSL in Weblogic 7

  1. SSL in Weblogic 7


    Hey all,

    I'm trying to get 2 way SSL set up on Weblogic 7.0.2. At this stage I'm keeping
    it simple, and just having a standalone test case that makes an https call to
    weblogic so that I can view the certificate in the server. However, I'm not able
    to see any certificates in my servlet (I get zero length arrays). Here's my test
    case:

    System.setProperty("weblogic.security.TrustKeyStore", "DemoTrust");

    URL wlsUrl = new URL("https://GraemeHarris:7502/ibus-gatekeeper/info");
    HttpsURLConnection conn = new HttpsURLConnection(wlsUrl);

    InputStream[] ins = new InputStream[2];
    ins[0] = new FileInputStream("C:\\dev\\wlsdomains\\devDomain\\democert.pem");
    ins[1] = new FileInputStream("C:\\dev\\wlsdomains\\devDomain\\demokey.pem");
    String pwd = "password";
    conn.loadLocalIdentity(ins[0], ins[1], pwd.toCharArray());

    conn.connect();
    InputStream is = conn.getInputStream();

    int read;
    byte[] buf = new byte[4096];
    read = is.read(buf);
    while (read > 0)
    {
    System.out.write(buf, 0, read);
    read = is.read(buf);
    }

    and my servlet is getting zero length arrays for the following properties:

    javax.servlet.request.X509Certificate
    javax.net.ssl.peer_certificates
    javax.servlet.request.X509Certificate

    So far I've

    1) Used CertGen to create new keys.
    2) Imported them into my wlDefaultKeyStore
    3) Enabled SSL on the server and set the "request client cert" flag to true

    Half my problem here is this is the first time that I've done anything with client
    certificates and I'm not really sure of the whole config. Can anyone point me
    to something that would enable me to test one end of my set up, rather than having
    my test (that I'm not 100% sure about) testing my servlet (that I'm also not
    100% sure about).

    thanks in advance for any help.

    cheers
    dim


  2. Re: SSL in Weblogic 7

    try turning on SSL debug in the client and the server, that should give some
    indication of
    whether the server asked for and got the certificates from the client:

    -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true

    Tony


    "Dmitri Colebatch" wrote in message
    news:3f0bcec2@newsgroups.bea.com...
    >
    > Hey all,
    >
    > I'm trying to get 2 way SSL set up on Weblogic 7.0.2. At this stage I'm

    keeping
    > it simple, and just having a standalone test case that makes an https call

    to
    > weblogic so that I can view the certificate in the server. However, I'm

    not able
    > to see any certificates in my servlet (I get zero length arrays). Here's

    my test
    > case:
    >
    > System.setProperty("weblogic.security.TrustKeyStore",

    "DemoTrust");
    >
    > URL wlsUrl = new

    URL("https://GraemeHarris:7502/ibus-gatekeeper/info");
    > HttpsURLConnection conn = new HttpsURLConnection(wlsUrl);
    >
    > InputStream[] ins = new InputStream[2];
    > ins[0] = new

    FileInputStream("C:\\dev\\wlsdomains\\devDomain\\democert.pem");
    > ins[1] = new

    FileInputStream("C:\\dev\\wlsdomains\\devDomain\\demokey.pem");
    > String pwd = "password";
    > conn.loadLocalIdentity(ins[0], ins[1], pwd.toCharArray());
    >
    > conn.connect();
    > InputStream is = conn.getInputStream();
    >
    > int read;
    > byte[] buf = new byte[4096];
    > read = is.read(buf);
    > while (read > 0)
    > {
    > System.out.write(buf, 0, read);
    > read = is.read(buf);
    > }
    >
    > and my servlet is getting zero length arrays for the following properties:
    >
    > javax.servlet.request.X509Certificate
    > javax.net.ssl.peer_certificates
    > javax.servlet.request.X509Certificate
    >
    > So far I've
    >
    > 1) Used CertGen to create new keys.
    > 2) Imported them into my wlDefaultKeyStore
    > 3) Enabled SSL on the server and set the "request client cert" flag to

    true
    >
    > Half my problem here is this is the first time that I've done anything

    with client
    > certificates and I'm not really sure of the whole config. Can anyone

    point me
    > to something that would enable me to test one end of my set up, rather

    than having
    > my test (that I'm not 100% sure about) testing my servlet (that I'm also

    not
    > 100% sure about).
    >
    > thanks in advance for any help.
    >
    > cheers
    > dim
    >




+ Reply to Thread