Re: Hostname Verifier - Weblogic

This is a discussion on Re: Hostname Verifier - Weblogic ; The property in the server configuration applies only to the SSL clients running on server. The command line property for the stand alone clients using WebLogic APIs should be: -Dweblogic.security.SSL.hostnameVerifier=myHostName Verifier Pavel....

+ Reply to Thread
Results 1 to 5 of 5

Thread: Re: Hostname Verifier

  1. Re: Hostname Verifier

    The property in the server configuration applies only to the SSL clients running on server. The command line property for the stand alone clients using WebLogic APIs should be:
    -Dweblogic.security.SSL.hostnameVerifier=myHostName Verifier

    Pavel.

  2. Re: Hostname Verifier

    Thanks Pavel, I have cilent using t3s protocol using 2 way SSL communication.
    The client uses the demokey and democert provided by weblogic 7.0.

    when running my java client(JMS publisher)to connect weblogic server i'm giving the commnad line option Dweblogic.security.SSL.hostnameVerifier=myHostName Verifier
    but i'm getting the following error.

    java.lang.Exception: Stack trace
    at weblogic.security.utils.SSLSetup.debug(SSLSetup.ja va:216)
    at com.certicom.tls.record.alert.Alert.(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler .fireAlert(Unknown Source)
    at com.certicom.tls.record.handshake.ClientStateRecei vedServerHello.handle(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMessage(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMessages(Unknown Source)
    at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Unknown Source)
    at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    at java.io.BufferedOutputStream.flushBuffer(BufferedO utputStream.java:69)
    at java.io.BufferedOutputStream.flush(BufferedOutputS tream.java:127)
    at java.io.DataOutputStream.flush(DataOutputStream.ja va:101)
    at weblogic.rjvm.t3.T3JVMConnection.connect(T3JVMConn ection.java:262)
    at weblogic.rjvm.t3.T3SJVMConnection.createConnection (T3SJVMConnection.java:83)
    at weblogic.rjvm.Protocol.createConnection(Protocol.j ava:231)
    at weblogic.rjvm.ConnectionManager.findOrCreateConnec tion(ConnectionManager.java:1192)
    at weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:347)
    at weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:279)
    at weblogic.rjvm.RJVMManager.findOrCreateRemoteIntern al(RJVMManager.java:217)
    at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager .java:175)
    at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer( RJVMFinder.java:196)
    at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.j ava:162)
    at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL .java:262)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLInitialContextFactoryDelegate.java :323)
    at weblogic.jndi.Environment.getContext(Environment.j ava:154)
    at weblogic.jndi.Environment.getInitialContext(Enviro nment.java:137)
    at TopicSend.getInitialContext(TopicSend.java:217)
    at TopicSend.main(TopicSend.java:126)
    >



    javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.f ireException(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.f ireAlertSent(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler .fireAlert(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler .fireAlert(Unknown Source)
    at com.certicom.tls.record.handshake.ClientStateRecei vedServerHello.handle(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMessage(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMessages(Unknown Source)
    at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Unknown Source)
    at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    at java.io.BufferedOutputStream.flushBuffer(BufferedO utputStream.java:69)
    at java.io.BufferedOutputStream.flush(BufferedOutputS tream.java:127)
    at java.io.DataOutputStream.flush(DataOutputStream.ja va:101)
    at weblogic.rjvm.t3.T3JVMConnection.connect(T3JVMConn ection.java:262)
    at weblogic.rjvm.t3.T3SJVMConnection.createConnection (T3SJVMConnection.java:83)
    at weblogic.rjvm.Protocol.createConnection(Protocol.j ava:231)
    at weblogic.rjvm.ConnectionManager.findOrCreateConnec tion(ConnectionManager.java:1192)
    at weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:347)
    at weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:279)
    at weblogic.rjvm.RJVMManager.findOrCreateRemoteIntern al(RJVMManager.java:217)
    at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager .java:175)
    at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer( RJVMFinder.java:196)
    at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.j ava:162)
    at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL .java:262)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLInitialContextFactoryDelegate.java :323)
    at weblogic.jndi.Environment.getContext(Environment.j ava:154)
    at weblogic.jndi.Environment.getInitialContext(Enviro nment.java:137)
    at TopicSend.getInitialContext(TopicSend.java:217)
    at TopicSend.main(TopicSend.java:126)


    Any inputs to this????

    Thanks
    shiv

  3. Re: Hostname Verifier

    In 7.0 hostname verification is performed before the trust validation. Do you see the debug messages from your hostname verifier in the client output? Does your hostname verifier hostnameValidationCallback() method return true?
    Make sure you configured the server and the client to trust each other's identity certs. Try disabling hostname verification with
    -Dweblogic.security.SSL.ignoreHostnameVerify=true
    and see if your connection works without it.
    Run with ssl debug on: -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
    The log messages before the failure might provide more information.

    Pavel.

  4. Re: Hostname Verifier

    Yes. the implementation of verify() method in myHostnameVerifier returns true.

    The java client work perfectly with -Dweblogic.security.SSL.ignoreHostnameVerify=true.

    It is failing when performing hostname validation.

    I tried with the following command too.
    java -cp C:\bea\weblogic700\server\lib\weblogic.jar -Dweblogic.security.SSL.HostnameVerifier=myHostName Verifier -Dweblogic.security.SSL.trustedCAKeyStore=C:\bea\we blogic700\server\lib\cacerts -Dweblogic.security.TrustKey
    Store=DemoTrust -Dssl.debug=true -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=
    true weblogic.Admin -url t3s://nt20884:7002 -username system -password weblogic PING 5

    But the error in the both the case ( Java Client and PING )are same

    Here I'm attaching the Traces (Partial )

    <000000>
    <000000>
    <000000>
    <000000>
    <000000>
    <000000>
    <000000>
    <000000>
    <000000>
    <000000>
    <000000>
    <000000>
    <000000>
    <000000> <2550265 readRecord()>
    <000000> <2550265 received HANDSHAKE>
    <000000>
    <000000>
    <000000>
    <000000>
    <000000> <2550265 readRecord()>
    <000000> <2550265 received HANDSHAKE>
    <000000>
    <000000>
    <000000>
    <000000> java.lang.Exception: Stack trace
    at weblogic.security.utils.SSLSetup.debug(SSLSetup.ja va:216)
    at com.certicom.tls.record.alert.Alert.(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler .fireAlert(Unknown Source)
    at com.certicom.tls.record.handshake.ClientStateRecei vedServerHello.handle(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMessage(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMessages(Unknown Source)
    at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Unknown Source)
    at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    at java.io.BufferedOutputStream.flushBuffer(BufferedO utputStream.java:69)
    at java.io.BufferedOutputStream.flush(BufferedOutputS tream.java:127)
    at java.io.DataOutputStream.flush(DataOutputStream.ja va:101)
    at weblogic.rjvm.t3.T3JVMConnection.connect(T3JVMConn ection.java:262)
    at weblogic.rjvm.t3.T3SJVMConnection.createConnection (T3SJVMConnection.java:83)
    at weblogic.rjvm.Protocol.createConnection(Protocol.j ava:231)
    at weblogic.rjvm.ConnectionManager.findOrCreateConnec tion(ConnectionManager.java:1192)
    at weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:347)
    at weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:279)
    at weblogic.rjvm.RJVMManager.findOrCreateRemoteIntern al(RJVMManager.java:217)
    at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager .java:175)
    at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer( RJVMFinder.java:196)
    at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.j ava:162)
    at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL .java:262)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLInitialContextFactoryDelegate.java :323)
    at weblogic.jndi.Environment.getContext(Environment.j ava:154)
    at weblogic.jndi.Environment.getInitialContext(Enviro nment.java:137)
    at TopicSend.getInitialContext(TopicSend.java:217)
    at TopicSend.main(TopicSend.java:126)
    >


    Thanks
    Shiv

  5. Re: Hostname Verifier

    The property for setting hostname verifier should be exactly: weblogic.security.SSL.hostnameVerifier
    You have it with the capital h in "hostnameVerifier".
    Also make sure your class has a public constructor with no parameters, and is in the classpath - in the command below you only include weblogic.jar.

    Pavel.

+ Reply to Thread