SSL between Apache and Weblogic - Weblogic

This is a discussion on SSL between Apache and Weblogic - Weblogic ; Hi , i am trying to make SSL work between Apache ( 2.0.46 on Linux Redhat 8.0) and Weblogic ( 7 sp2 on Windows 2000). I have created a private key ( 512 bits RSA) and created a CSR using ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: SSL between Apache and Weblogic

  1. SSL between Apache and Weblogic

    Hi , i am trying to make SSL work between Apache ( 2.0.46 on Linux
    Redhat 8.0) and Weblogic ( 7 sp2 on Windows 2000).
    I have created a private key ( 512 bits RSA) and created a CSR
    using OpenSSL. I have signed the CSR with my own CA private key and
    certificate.

    I have installed the private key, certificate and certificate of my CA
    on Weblogic. SSL on Weblogic works, i have tested a connection on 7002
    and there's no error. Here 's my configuration:
    ListenPort="7002" Name="bengali"
    ServerCertificateChainFileName="ca.crt"
    ServerCertificateFileName="bengali_crt.pem"
    ServerKeyFileName="bengali_key.pem"
    TrustedCAFileName="ca.crt"/>

    I have configured Apache to connect to Weblogic on SSL port:


    SetHandler weblogic-handler
    WebLogicHost bengali.pacific
    WebLogicPort 7002
    SecureProxy on
    TrustedCAFile /tmp/ca.crt
    RequireSSLHostMatch false
    Debug on
    DebugConfigInfo ALL


    The problem is that the Weblogic module doesn't seem to bea able to
    load my CA certificate file. I get this error:
    ================New Request: [GET / HTTP/1.1] =================
    Sun Jul 27 16:06:42 2003 INFO: SSL is configured
    Sun Jul 27 16:06:42 2003 INFO: Initializing SSL library
    Sun Jul 27 16:06:42 2003 ERROR: Failed to load trusted CA
    file(/tmp/ca.crt). err = 3009 loaded = 0
    Sun Jul 27 16:06:42 2003 ERROR: SSL initialization failed

    The /tmp/ca.crt exists ( when it 's not there the error code returned
    is -6992 instead of 3009).
    I guess that my CA certificate file is not correct but i get the exact
    same error with the sample CA certificate provided by Weblogic.

    Any idea or advice to make SSL work between Weblogic and Apache ?

    Thanx,
    bengali


  2. Re: SSL between Apache and Weblogic

    hello:
    I also wanted solution for this problem,anybody have any idea

    regards

    Boney Jose

    bengali wrote:

    > Hi , i am trying to make SSL work between Apache ( 2.0.46 on Linux
    > Redhat 8.0) and Weblogic ( 7 sp2 on Windows 2000).
    > I have created a private key ( 512 bits RSA) and created a CSR
    > using OpenSSL. I have signed the CSR with my own CA private key and
    > certificate.
    >
    > I have installed the private key, certificate and certificate of my CA
    > on Weblogic. SSL on Weblogic works, i have tested a connection on 7002
    > and there's no error. Here 's my configuration:
    > > ListenPort="7002" Name="bengali"
    > ServerCertificateChainFileName="ca.crt"
    > ServerCertificateFileName="bengali_crt.pem"
    > ServerKeyFileName="bengali_key.pem"
    > TrustedCAFileName="ca.crt"/>
    >
    > I have configured Apache to connect to Weblogic on SSL port:
    >
    >
    > SetHandler weblogic-handler
    > WebLogicHost bengali.pacific
    > WebLogicPort 7002
    > SecureProxy on
    > TrustedCAFile /tmp/ca.crt
    > RequireSSLHostMatch false
    > Debug on
    > DebugConfigInfo ALL
    >

    >
    > The problem is that the Weblogic module doesn't seem to bea able to
    > load my CA certificate file. I get this error:
    > ================New Request: [GET / HTTP/1.1] =================
    > Sun Jul 27 16:06:42 2003 INFO: SSL is configured
    > Sun Jul 27 16:06:42 2003 INFO: Initializing SSL library
    > Sun Jul 27 16:06:42 2003 ERROR: Failed to load trusted CA
    > file(/tmp/ca.crt). err = 3009 loaded = 0
    > Sun Jul 27 16:06:42 2003 ERROR: SSL initialization failed
    >
    > The /tmp/ca.crt exists ( when it 's not there the error code returned
    > is -6992 instead of 3009).
    > I guess that my CA certificate file is not correct but i get the exact
    > same error with the sample CA certificate provided by Weblogic.
    >
    > Any idea or advice to make SSL work between Weblogic and Apache ?
    >
    > Thanx,
    > bengali
    >



  3. Re: SSL between Apache and Weblogic

    Error 3009 is an error that occurs during ASN.1 parsing of the certificates
    and it indicates an
    unknown OID was found.

    Double check the contents of CA.crt, just in case something else caused the
    parsing to get confused:

    - Is it binary or PEM encoded? If binary, try PEM.

    - If it is PEM encoded, remove any extra whitespace before/after the
    certificates in the file including
    any empty lines after the last certificate.

    If those weren't the problem, look at the Certificate itself to see what
    kinds of extensions are
    being used, and try generating certs without them to see if that works. If
    you find the extension that
    is causing the problem see if you can use the certificates without it.

    Tony

    "Boney Jose" wrote in message
    news:3f8ea912@newsgroups.bea.com...
    > hello:
    > I also wanted solution for this problem,anybody have any idea
    >
    > regards
    >
    > Boney Jose
    >
    > bengali wrote:
    >
    > > Hi , i am trying to make SSL work between Apache ( 2.0.46 on Linux
    > > Redhat 8.0) and Weblogic ( 7 sp2 on Windows 2000).
    > > I have created a private key ( 512 bits RSA) and created a CSR
    > > using OpenSSL. I have signed the CSR with my own CA private key and
    > > certificate.
    > >
    > > I have installed the private key, certificate and certificate of my CA
    > > on Weblogic. SSL on Weblogic works, i have tested a connection on 7002
    > > and there's no error. Here 's my configuration:
    > > > > ListenPort="7002" Name="bengali"
    > > ServerCertificateChainFileName="ca.crt"
    > > ServerCertificateFileName="bengali_crt.pem"
    > > ServerKeyFileName="bengali_key.pem"
    > > TrustedCAFileName="ca.crt"/>
    > >
    > > I have configured Apache to connect to Weblogic on SSL port:
    > >
    > >
    > > SetHandler weblogic-handler
    > > WebLogicHost bengali.pacific
    > > WebLogicPort 7002
    > > SecureProxy on
    > > TrustedCAFile /tmp/ca.crt
    > > RequireSSLHostMatch false
    > > Debug on
    > > DebugConfigInfo ALL
    > >

    > >
    > > The problem is that the Weblogic module doesn't seem to bea able to
    > > load my CA certificate file. I get this error:
    > > ================New Request: [GET / HTTP/1.1] =================
    > > Sun Jul 27 16:06:42 2003 INFO: SSL is configured
    > > Sun Jul 27 16:06:42 2003 INFO: Initializing SSL library
    > > Sun Jul 27 16:06:42 2003 ERROR: Failed to load trusted CA
    > > file(/tmp/ca.crt). err = 3009 loaded = 0
    > > Sun Jul 27 16:06:42 2003 ERROR: SSL initialization failed
    > >
    > > The /tmp/ca.crt exists ( when it 's not there the error code returned
    > > is -6992 instead of 3009).
    > > I guess that my CA certificate file is not correct but i get the exact
    > > same error with the sample CA certificate provided by Weblogic.
    > >
    > > Any idea or advice to make SSL work between Weblogic and Apache ?
    > >
    > > Thanx,
    > > bengali
    > >

    >




+ Reply to Thread