weblogic.Admin Custom Trust - Weblogic

This is a discussion on weblogic.Admin Custom Trust - Weblogic ; Forwarding it to the security newsgroup for any suggestions. thanks, -satya -------- Original Message -------- Subject: weblogic.Admin Custom Trust Date: 17 Jun 2004 06:54:25 -0700 From: Nathan Reply-To: Nathan Newsgroups: weblogic.developer.interest.management I'm trying to connect weblogic.Admin to my Admin server ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: weblogic.Admin Custom Trust

  1. weblogic.Admin Custom Trust

    Forwarding it to the security newsgroup for any suggestions.

    thanks,
    -satya

    -------- Original Message --------
    Subject: weblogic.Admin Custom Trust
    Date: 17 Jun 2004 06:54:25 -0700
    From: Nathan
    Reply-To: Nathan
    Newsgroups: weblogic.developer.interest.management


    I'm trying to connect weblogic.Admin to my Admin server and having no
    luck. weblogic.Admin
    does not seem to recognize my Custom Trust file. The error I get is:

    Failed to connect to https://myadminserver:myport: Destination
    unreachable; nested
    exception is:
    javax.net.ssl.SSLKeyException: [Security:090543]Certificate
    chain received
    from myadminserver - 0.0.0.0 was incomplete. Check the peer certificate
    chain
    to determine if it should be trusted or not. If it should be trust
    ed, then update the client trusted CA configuration to trust the CA that
    signed
    the certificate chain. If the chain was
    incomplete, correct the chain..... yadayadayada

    The command I am using is (specifics changed to protect the innocent):

    java -Dweblogic.security.CustomTrustKeyStoreFileName=D:\ trustedcerts.jks
    -Dweblogic.security.TrustKeystoreType=jks
    -Dweblogic.security.CustomTrustKeystorePassPhrase=f oobar
    -Dweblogic.security.SSL.ignoreHostnameVerification= true
    weblogic.Admin -adminurl https://myadminserver:myport -username weblogic
    -password
    pass GETSTATE ServerName

    I also tried -Dweblogic.security.TrustKeystoreType=CustomTrust since
    this seems
    to be ambiguous in the docs. My custom trust file works fine in other
    spots (Server
    Config and NodeManager) Any ideas?

    Thanks,
    - Nathan


  2. Re: weblogic.Admin Custom Trust


    Looks like there is an error in the docs for 8.1. The new properties for the custom
    keystore would be:

    -Dweblogic.security.TrustKeyStore=CustomTrust
    -Dweblogic.security.CustomTrustKeyStoreFileName=D:\ trustedcerts.jks
    -Dweblogic.security.CustomTrustKeyStorePassPhrase=p assword

    The password in case of jks keystore is used for keystore verification and is
    not required for keystore access.
    The ks type is already jks by default, so you do not need to set this one:
    -Dweblogic.security.CustomTrustKeyStoreType=jks

    Pavel.

    Satya Ghattu wrote:
    >Forwarding it to the security newsgroup for any suggestions.
    >
    >thanks,
    >-satya
    >
    >-------- Original Message --------
    >Subject: weblogic.Admin Custom Trust
    >Date: 17 Jun 2004 06:54:25 -0700
    >From: Nathan
    >Reply-To: Nathan
    >Newsgroups: weblogic.developer.interest.management
    >
    >
    >I'm trying to connect weblogic.Admin to my Admin server and having no
    >
    >luck. weblogic.Admin
    >does not seem to recognize my Custom Trust file. The error I get is:
    >
    >Failed to connect to https://myadminserver:myport: Destination
    >unreachable; nested
    >exception is:
    > javax.net.ssl.SSLKeyException: [Security:090543]Certificate
    >
    >chain received
    >from myadminserver - 0.0.0.0 was incomplete. Check the peer certificate
    >
    >chain
    >to determine if it should be trusted or not. If it should be trust
    >ed, then update the client trusted CA configuration to trust the CA that
    >
    >signed
    >the certificate chain. If the chain was
    >incomplete, correct the chain..... yadayadayada
    >
    >The command I am using is (specifics changed to protect the innocent):
    >
    >java -Dweblogic.security.CustomTrustKeyStoreFileName=D:\ trustedcerts.jks
    >
    >-Dweblogic.security.TrustKeystoreType=jks
    >-Dweblogic.security.CustomTrustKeystorePassPhrase=f oobar
    >-Dweblogic.security.SSL.ignoreHostnameVerification= true
    >weblogic.Admin -adminurl https://myadminserver:myport -username weblogic
    >
    >-password
    >pass GETSTATE ServerName
    >
    >I also tried -Dweblogic.security.TrustKeystoreType=CustomTrust since
    >
    >this seems
    >to be ambiguous in the docs. My custom trust file works fine in other
    >
    >spots (Server
    >Config and NodeManager) Any ideas?
    >
    >Thanks,
    >- Nathan
    >



  3. Re: weblogic.Admin Custom Trust


    This worked like a charm, thanks.

    - Nathan

    "Pavel" wrote:
    >
    >Looks like there is an error in the docs for 8.1. The new properties
    >for the custom
    >keystore would be:
    >
    >-Dweblogic.security.TrustKeyStore=CustomTrust
    >-Dweblogic.security.CustomTrustKeyStoreFileName=D:\ trustedcerts.jks
    >-Dweblogic.security.CustomTrustKeyStorePassPhrase=p assword
    >
    >The password in case of jks keystore is used for keystore verification
    >and is
    >not required for keystore access.
    >The ks type is already jks by default, so you do not need to set this
    >one:
    >-Dweblogic.security.CustomTrustKeyStoreType=jks
    >
    >Pavel.
    >
    >Satya Ghattu wrote:
    >>Forwarding it to the security newsgroup for any suggestions.
    >>
    >>thanks,
    >>-satya
    >>
    >>-------- Original Message --------
    >>Subject: weblogic.Admin Custom Trust
    >>Date: 17 Jun 2004 06:54:25 -0700
    >>From: Nathan
    >>Reply-To: Nathan
    >>Newsgroups: weblogic.developer.interest.management
    >>
    >>
    >>I'm trying to connect weblogic.Admin to my Admin server and having no
    >>
    >>luck. weblogic.Admin
    >>does not seem to recognize my Custom Trust file. The error I get is:
    >>
    >>Failed to connect to https://myadminserver:myport: Destination
    >>unreachable; nested
    >>exception is:
    >> javax.net.ssl.SSLKeyException: [Security:090543]Certificate
    >>
    >>chain received
    >>from myadminserver - 0.0.0.0 was incomplete. Check the peer certificate
    >>
    >>chain
    >>to determine if it should be trusted or not. If it should be trust
    >>ed, then update the client trusted CA configuration to trust the CA

    >that
    >>
    >>signed
    >>the certificate chain. If the chain was
    >>incomplete, correct the chain..... yadayadayada
    >>
    >>The command I am using is (specifics changed to protect the innocent):
    >>
    >>java -Dweblogic.security.CustomTrustKeyStoreFileName=D:\ trustedcerts.jks
    >>
    >>-Dweblogic.security.TrustKeystoreType=jks
    >>-Dweblogic.security.CustomTrustKeystorePassPhrase=f oobar
    >>-Dweblogic.security.SSL.ignoreHostnameVerification= true
    >>weblogic.Admin -adminurl https://myadminserver:myport -username weblogic
    >>
    >>-password
    >>pass GETSTATE ServerName
    >>
    >>I also tried -Dweblogic.security.TrustKeystoreType=CustomTrust since
    >>
    >>this seems
    >>to be ambiguous in the docs. My custom trust file works fine in other
    >>
    >>spots (Server
    >>Config and NodeManager) Any ideas?
    >>
    >>Thanks,
    >>- Nathan
    >>

    >



+ Reply to Thread