SSL in WLS 7.0 SP2 Where to input keystore password? - Weblogic

This is a discussion on SSL in WLS 7.0 SP2 Where to input keystore password? - Weblogic ; I'm trying to use JKS for the keys in a customer's WLS since the ordinary PEM keys caused a NoSuchElementException without any real explanation and now I've come to a grinding halt. I've created a keystore mykey.keystore which contains the ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: SSL in WLS 7.0 SP2 Where to input keystore password?

  1. SSL in WLS 7.0 SP2 Where to input keystore password?

    I'm trying to use JKS for the keys in a customer's WLS since the
    ordinary PEM keys caused a NoSuchElementException without any real
    explanation and now I've come to a grinding halt.

    I've created a keystore mykey.keystore which contains the server key
    under the alias 'mykey' and with password secret. The whole keystore
    also has the password secret. Now I want WLS 7.0 to use that one. I've
    opened the SSL tab in the console and specified the keystore file name
    and the alias along with the key password but nowhere can I find a place
    the keystore password.

    I found one document that suggested that I should specify the keystore
    password in the Private Keystore Pass Phrase attribute (
    http://edocs.bea.com/wls/docs70/secm...l.html#1167546 ) but I
    doesn't have that field. If I enter Security -> Realms
    myRealm/CompatibilityRealm -> Providers -> Key Stores -> myKeyStore
    there are only "Private Key Store Location" and "Root CAKey Store
    Location" to enter.

    I tried anyway but that just gave me this error in the weblogic.log file:

    ####<2003-jul-30 16:21:31 CEST>
    <> <000000>

    ####<2003-jul-30 16:21:31 CEST>
    <> <000000> getting server private key>
    ####<2003-jul-30 16:21:31 CEST>
    <> <000000> getServerPrivateKey(); key alias: mykey>
    ####<2003-jul-30 16:21:31 CEST>
    <> <000000> getServerPrivateKey(); key passphrase: >
    ####<2003-jul-30 16:21:31 CEST>
    <> <000000>

    ####<2003-jul-30 16:21:31 CEST>
    <> <000000> getServerPrivateKey(); getting KeyStore >
    ####<2003-jul-30 16:21:31 CEST>
    <> <000000> alias: mykey>
    ####<2003-jul-30 16:21:31 CEST>
    <> <000000> >
    ####<2003-jul-30 16:21:31 CEST>
    <> <000000> configuration for SSL Server PrivateKey>
    ####<2003-jul-30 16:21:31 CEST>
    <>
    <090109> server dnareg_server in the file specified by the SSL ServerKeyFileName
    attribute.>
    ####<2003-jul-30 16:21:31 CEST>
    <>
    <000297> Server was unable to find the server's private key on server
    dnareg_server in the file specified by the SSL ServerKeyFileName
    attribute.>
    ####<2003-jul-30 16:21:31 CEST>
    <>
    <090034> security configuration, java.lang.Exception: The Server was unable to
    find the server's private key on server dnareg_server in the file
    specified by the SSL ServerKeyFileName attribute..>



  2. Re: SSL in WLS 7.0 SP2 Where to input keystore password?

    I don't know if 7.0 SP2 let you specify a keystore password. I believe it
    only supported
    JKS stores, and it assumed that for readonly access it didn't need to use a
    passphrase
    there (the passphrase was used like a CRC check for validation of the store,
    not for
    gaining access to it). I believe the ability to set a keystore passphrase
    was added in
    8.1, as some keystores do require the passphrase for allowing read access.

    That message can show up if the wrong password was used to unlock the
    private key,
    it decrypted the key using a bad password, resulting in garbage, then the
    ASN.1 parsing
    detected that as bad ASN.1. Double check that the private key passphrase is
    correct.

    Tony

    "Daniel Bratell" wrote in message
    news:3f28aaa0$1@newsgroups.bea.com...
    > I've progressed somewhat. Turned out that you should have the same
    > password for both the key and the keystore. Now I get this instead:
    >
    > <2003-jul-31 07:27:44 CEST> <140005> > configuration /opt/i4/kiruna/c3-daniel/weblogic/config.xml>
    > java.security.KeyManagementException: ASN.1: Lengths longer than 32 bits
    > are not supported
    > at
    >

    com.certicom.security.cert.internal.x509.SSLPlusSu pport.getLocalIdentityPart
    ial(Unknown
    > Source)
    > at
    > com.certicom.net.ssl.CerticomContextWrapper.inputP rivateKey(Unknown

    Source)
    > at
    > weblogic.t3.srvr.SSLListenThread.(SSLListenThread.java:425)
    > at
    > weblogic.t3.srvr.SSLListenThread.(SSLListenThread.java:288)
    > at
    > weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3 Srvr.java:1518)
    > at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:858)
    > at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:294)
    > at weblogic.Server.main(Server.java:31)
    >
    > ####<2003-jul-31 07:28:26 CEST>
    >
    <>
    > <000297> > java.security.KeyManagementException: ASN.1: Lengths longer than 32 bits
    > are not supported>
    > ####<2003-jul-31 07:28:26 CEST>
    >
    <>
    > <090034> > security configuration, java.security.KeyManagementException: ASN.1:
    > Lengths longer than 32 bits are not supported.>
    >
    >
    > Has anyone else seen this and figured out what it really means?
    >
    > /Daniel
    >




+ Reply to Thread