Connecting to admin via weblogic.Admin via SSL - Weblogic

This is a discussion on Connecting to admin via weblogic.Admin via SSL - Weblogic ; When I try to connect to the configured SSL port via a browser all is well. When I try to connect via the Admin class I get exceptions. I'm running wl 7.0 sp4. Here is the call: java -cp weblogic.jar ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Connecting to admin via weblogic.Admin via SSL

  1. Connecting to admin via weblogic.Admin via SSL


    When I try to connect to the configured SSL port via a browser all is well. When
    I try to connect via the Admin class I get exceptions. I'm running wl 7.0 sp4.
    Here is the call:

    java -cp weblogic.jar weblogic.Admin -url https://server.domain.com:7001 -username
    weblogic -password weblogic GETSTATE $i`


    And the exception:

    Failed to connect to https://server.domain.com:7001 due to:[javax.naming.CommunicationException
    [Root exception is java.net.ConnectException: https://server.domain.com:7001:
    Destination unreachable; nested exception is:
    java.io.IOException: Alert: fatal handshake_failure; No available router
    to destination]]

    What am I doing wrong?




  2. Re: Connecting to admin via weblogic.Admin via SSL


    You need to configure the client's trust. By default Admin will trust the CA certs
    from the jdk cacerts keystore, but you can specify another keystore on the command
    line with this property:
    -Dweblogic.security.SSL.trustedCAKeyStore=
    Also if the cn field in the server identity certificate does not match its hostname
    you can disable the hostname verification check with this property:
    -Dweblogic.security.SSL.ignoreHostnameVerify=true

    Pavel.

    "Fred Bloggs" wrote:
    >
    >When I try to connect to the configured SSL port via a browser all is
    >well. When
    >I try to connect via the Admin class I get exceptions. I'm running wl
    >7.0 sp4.
    > Here is the call:
    >
    >java -cp weblogic.jar weblogic.Admin -url https://server.domain.com:7001
    >-username
    >weblogic -password weblogic GETSTATE $i`
    >
    >
    >And the exception:
    >
    >Failed to connect to https://server.domain.com:7001 due to:[javax.naming.CommunicationException
    >[Root exception is java.net.ConnectException: https://server.domain.com:7001:
    >Destination unreachable; nested exception is:
    > java.io.IOException: Alert: fatal handshake_failure; No available
    >router
    >to destination]]
    >
    >What am I doing wrong?
    >
    >
    >



  3. Re: Connecting to admin via weblogic.Admin via SSL


    Pavel,

    Sorry its taken me so long to get back. I dont see any indication that these
    options work with the 7.0 weblogic.Admin client. I've used them with webservice
    clients but cant get Admin to recognize any of the typical parameters. I've tried
    to set ssl.debug and verbose, etc but without success. Have you actually gotten
    this to work with Admin?

    Thanks

    "Pavel" wrote:
    >
    >You need to configure the client's trust. By default Admin will trust
    >the CA certs
    >from the jdk cacerts keystore, but you can specify another keystore on
    >the command
    >line with this property:
    >-Dweblogic.security.SSL.trustedCAKeyStore=
    >Also if the cn field in the server identity certificate does not match
    >its hostname
    >you can disable the hostname verification check with this property:
    >-Dweblogic.security.SSL.ignoreHostnameVerify=true
    >
    >Pavel.
    >
    >"Fred Bloggs" wrote:
    >>
    >>When I try to connect to the configured SSL port via a browser all is
    >>well. When
    >>I try to connect via the Admin class I get exceptions. I'm running

    >wl
    >>7.0 sp4.
    >> Here is the call:
    >>
    >>java -cp weblogic.jar weblogic.Admin -url https://server.domain.com:7001
    >>-username
    >>weblogic -password weblogic GETSTATE $i`
    >>
    >>
    >>And the exception:
    >>
    >>Failed to connect to https://server.domain.com:7001 due to:[javax.naming.CommunicationException
    >>[Root exception is java.net.ConnectException: https://server.domain.com:7001:
    >>Destination unreachable; nested exception is:
    >> java.io.IOException: Alert: fatal handshake_failure; No available
    >>router
    >>to destination]]
    >>
    >>What am I doing wrong?
    >>
    >>
    >>

    >



  4. Re: Connecting to admin via weblogic.Admin via SSL


    Yes, these properties should work. Are you sure you were using the same properties
    with webservice clients? I believe they support different ssl properties. In any
    case, try setting ssl debug on with:

    -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true

    This should output some info about the reason of the handshake failure.

    Pavel.

    "Fred Bloggs" wrote:
    >
    >Pavel,
    >
    >Sorry its taken me so long to get back. I dont see any indication that
    >these
    >options work with the 7.0 weblogic.Admin client. I've used them with
    >webservice
    >clients but cant get Admin to recognize any of the typical parameters.
    > I've tried
    >to set ssl.debug and verbose, etc but without success. Have you actually
    >gotten
    >this to work with Admin?
    >
    >Thanks
    >
    >"Pavel" wrote:
    >>
    >>You need to configure the client's trust. By default Admin will trust
    >>the CA certs
    >>from the jdk cacerts keystore, but you can specify another keystore

    >on
    >>the command
    >>line with this property:
    >>-Dweblogic.security.SSL.trustedCAKeyStore=
    >>Also if the cn field in the server identity certificate does not match
    >>its hostname
    >>you can disable the hostname verification check with this property:
    >>-Dweblogic.security.SSL.ignoreHostnameVerify=true
    >>
    >>Pavel.
    >>
    >>"Fred Bloggs" wrote:
    >>>
    >>>When I try to connect to the configured SSL port via a browser all

    >is
    >>>well. When
    >>>I try to connect via the Admin class I get exceptions. I'm running

    >>wl
    >>>7.0 sp4.
    >>> Here is the call:
    >>>
    >>>java -cp weblogic.jar weblogic.Admin -url https://server.domain.com:7001
    >>>-username
    >>>weblogic -password weblogic GETSTATE $i`
    >>>
    >>>
    >>>And the exception:
    >>>
    >>>Failed to connect to https://server.domain.com:7001 due to:[javax.naming.CommunicationException
    >>>[Root exception is java.net.ConnectException: https://server.domain.com:7001:
    >>>Destination unreachable; nested exception is:
    >>> java.io.IOException: Alert: fatal handshake_failure; No available
    >>>router
    >>>to destination]]
    >>>
    >>>What am I doing wrong?
    >>>
    >>>
    >>>

    >>

    >



+ Reply to Thread