FRAGE
Nachdem ich die benutzerdefinierten Trust- und Identitäts-Keystores in WebLogic 10.3 konfiguriert habe, weiß jemand, warum WebLogic 10.3 immer noch darauf besteht, den Demo-Keystore und den JDK-Truststore zu laden?
BESCHREIBUNG
Ich starte WebLogic, gehe zuhttps://mysite.com/consoleund melden Sie sich an, navigieren Sie zu Umgebungen->Server->Admin-Server->Keystores und konfigurieren Sie die Keystores und legen Sie die Identitäts- und Vertrauens-Keystores fest (beides ist derselbe Keystore).
Ich stoppe WebLogic und ändere es, ${DOMAIN_HOME}/bin/startWebLogic.shsodass es die folgende Zeile einfügt:
JAVA_OPTIONS="${JAVA_OPTIONS} -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true "
Ich starte WebLogic erneut:
nohup ${DOMAIN_HOME}/startWebLogic.sh &
tail -f nohup.out
und die folgende Zeile ist Teil der Ausgabe:
...Loading trusted certificates from the jks keystore file /opt/bea/wlserver_10.3/server/lib/DemoTrust.jks.>
...Loading trusted certificates from the jks keystore file /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts.>
ZUSÄTZLICHE INFORMATION
Dieses WebLogic wurde durch Klonen einer VM installiert, aber nach dem Klonen habe ich die Domäne gepackt und entpackt, sodass der Hostname der Domäne auf dem neuesten Stand ist.
${DOMAIN_HOME}/config/config.xmlDie Entitäten „Key Stores“, „Custom Trust Key Store File Name“ und „Custom Identity Key Store File Name“ der Datei haben die richtigen Werte.
Einige der Server, die von derselben VM wie diese geklont wurden, funktionieren wie erwartet, d. h. sie laden beim Start den richtigen Schlüsselspeicher. Dabei handelt es sich um die verteilte Authentifizierung und die OpenSSO-Server. Der Server mit dem Problem ist der Identity Manager-Server mit installiertem OpenSSO-Richtlinienagent.
PROTOKOLL
Ein Auszug aus AdminServer.log, der zeigt, dass die beiden Standardschlüssel- und Vertrauensspeicher vor den benutzerdefinierten Schlüssel- und Vertrauensspeichern geladen werden: Hinweis: JAVA_OPTIONS hat -verbose:class und -Dssl.debug=true gesetzt
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE KeyAgreement: SunPKCS11-Solaris version 1.6 for algorithm DiffieHellman>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default KeyAgreement for algorithm DiffieHellman>
[Loaded com.certicom.ecc.scheme.DH from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default KeyAgreement for algorithm ECDH>
[Loaded com.certicom.ecc.scheme.KeyAgreement from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
[Loaded com.certicom.ecc.scheme.ECDH from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
[Loaded com.certicom.ecc.scheme.KDF from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
[Loaded com.certicom.tls.provider.Cipher from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.NullCipher from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.ECCpresso_RC4 from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.des.ECCpresso_DESCBCNoPad from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.ECCpresso_AESCBCNoPad from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.JSAFE_RSA from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.ECCpresso_RSACipher from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.jce.WLCipher from file:/opt/bea/wlserver_10.3/server/lib/wlcipher.jar]
[Loaded sun.security.pkcs11.P11Cipher from file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar]
[Loaded sun.security.pkcs11.P11Cipher$Padding from file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede>
[Loaded com.certicom.ecc.scheme.DES from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DES/CBC/NoPadding>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DES>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm AES/CBC/NoPadding>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm AES>
[Loaded com.certicom.ecc.scheme.AES from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm RC4>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm RC4>
[Loaded com.certicom.ecc.scheme.ARC4 from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
[Loaded com.sun.crypto.provider.RSACipher from file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunjce_provider.jar]
[Loaded javax.crypto.spec.PSource from /usr/jdk/instances/jdk1.6.0/jre/lib/jce.jar]
[Loaded javax.crypto.spec.PSource$PSpecified from /usr/jdk/instances/jdk1.6.0/jre/lib/jce.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
[Loaded java.util.regex.Pattern$BranchConn from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.util.regex.Pattern$Branch from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
[Loaded com.certicom.tls.interfaceimpl.CertificateSupport from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded java.security.cert.CertificateParsingException from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.security.cert.CertificateNotYetValidException from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.security.cert.CertificateExpiredException from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded com.certicom.security.cert.internal.x509.X509V3CertImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.KeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.net.ssl.TrustManager from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.net.ssl.impl.TrustManagerImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.interfaceimpl.SessionDBImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSL Session TTL :90000>
[Loaded com.certicom.tls.interfaceimpl.ProtocolVersions from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.interfaceimpl.ProtocolVersion from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.SSLTrustValidator from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded java.security.cert.CertificateEncodingException from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded weblogic.security.SSL.CertPathTrustManager from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.SSLWLSHostnameVerifier from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.SSLWLSHostnameVerifier$NullHostnameVerifier from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.SSLWLSHostnameVerifier$DefaultHostnameVerifier from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <DefaultHostnameVerifier: allowReverseDNS=false>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: using pre-mbean command line configuration for SSL trust>
[Loaded weblogic.security.utils.KeyStoreConfigurationHelper from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.PreMBeanKeyStoreConfiguration from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.KeyStoreInfo from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.KeyStoreConstants from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.SSLContextManager from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
<Jan 26, 2010 4:00:26 PM EST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/bea/wlserver_10.3/server/lib/DemoTrust.jks.>
[Loaded weblogic.jndi.ClientEnvironment from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.jndi.Environment from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.KeyStoreUtils from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded java.security.KeyStoreSpi from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.provider.JavaKeyStore from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.provider.JavaKeyStore$JKS from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.security.DigestInputStream from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.provider.JavaKeyStore$TrustedCertEntry from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded weblogic.security.utils.SSLCertUtility from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded javax.security.cert.CertificateException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded javax.security.cert.CertificateEncodingException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded javax.net.ssl.SSLException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded javax.net.ssl.SSLPeerUnverifiedException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loaded 5 trusted CAs from /opt/bea/wlserver_10.3/server/lib/DemoTrust.jks>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US; Issuer: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US>
... The Certs ....
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US; Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US>
<Jan 26, 2010 4:00:26 PM EST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts.>
[Loaded sun.security.x509.CRLDistributionPointsExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.DistributionPoint from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.URIName from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.DNSName from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.CertificatePoliciesExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.PolicyInformation from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.CertificatePolicyId from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.security.cert.PolicyQualifierInfo from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.PrivateKeyUsageExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.reflect.GeneratedConstructorAccessor9 from __JVM_DefineClass__]
[Loaded sun.reflect.GeneratedConstructorAccessor10 from __JVM_DefineClass__]
[Loaded sun.security.x509.ExtendedKeyUsageExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.reflect.GeneratedConstructorAccessor11 from __JVM_DefineClass__]
[Loaded sun.reflect.GeneratedConstructorAccessor12 from __JVM_DefineClass__]
[Loaded sun.security.x509.IssuerAlternativeNameExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.AuthorityInfoAccessExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.security.x509.AccessDescription from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
<Jan 26, 2010 4:00:27 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loaded 76 trusted CAs from /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts>
... The 76 Certs ...
[Loaded sun.nio.cs.ISO_8859_1$Decoder from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
<Jan 26, 2010 4:00:27 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US; Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
[Loaded com.certicom.security.asn1.ASN1ParsingException from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Type from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Structured from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Sequence from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1SequenceOf from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Extensions from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.SubjectPublicKeyInfo from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1InputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Certificate from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1EncodingException from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1OutputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.TBSCertificate from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Tag from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Primitive from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Integer from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.AlgorithmIdentifier from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Null from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkcs.pkcs1.DSSParams from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1OID from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkcs.pkcs5.PBEParameter from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Choice from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Name from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.RDNSequence from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.AttributeTypeAndValue from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1SetOf from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.RelativeDistinguishedName from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1String from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1SimpleString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1PrintableString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1TeletextString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1IA5String from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.UTF8String from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1BMPString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Validity from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Time from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1BitString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DERInputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DERDefiniteLengthInputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Time from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Set from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1OctetString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Boolean from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DERInputStream$Header from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1UTCTime from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Extension from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DEROutputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DERByteArrayOutputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DEROutputSizer from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.kf.ECCpresso_ECKeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.kf.JSAFE_RSAKeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.kf.ECCpresso_RSAKeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.kf.DSAKeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded sun.reflect.GeneratedConstructorAccessor13 from __JVM_DefineClass__]
[Loaded sun.reflect.GeneratedConstructorAccessor14 from __JVM_DefineClass__]
[Loaded sun.reflect.GeneratedConstructorAccessor15 from __JVM_DefineClass__]
[Loaded com.certicom.locale.Resources from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.locale.jSSLPlusResources from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.locale.jSSLPlusResources_en from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.bea.logging.ThrowableWrapper from file:/opt/bea/modules/com.bea.core.logging_1.4.0.0.jar]
[Loaded weblogic.logging.ThrowableInfo from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
<Jan 26, 2010 4:00:27 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Failure loading trusted CA list
java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.CertificateSupport.addTrustedCertificate(Unknown Source)
at com.certicom.net.ssl.SSLContext.addTrustedCertificate(Unknown Source)
at com.bea.sslplus.CerticomSSLContext.addTrustedCA(Unknown Source)
at weblogic.security.utils.SSLContextWrapper.addTrustedCA(SSLContextWrapper.java:62)
at weblogic.security.utils.SSLSetup.getSSLContext(SSLSetup.java:320)
at weblogic.security.SSL.SSLClientInfo.getSSLSocketFactory(SSLClientInfo.java:101)
at weblogic.security.SSL.SSLSocketFactory.setSSLClientInfo(SSLSocketFactory.java:218)
at weblogic.security.SSL.SSLSocketFactory.<init>(SSLSocketFactory.java:36)
at weblogic.security.SSL.SSLSocketFactory.getInstance(SSLSocketFactory.java:68)
at weblogic.net.http.HttpsClient.New(HttpsClient.java:561)
at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:242)
at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:237)
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:191)
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:93)
at com.iplanet.services.naming.WebtopNaming.getNamingTable(WebtopNaming.java:1038)
at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:1074)
at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:991)
at com.iplanet.services.naming.WebtopNaming.access$000(WebtopNaming.java:74)
at com.iplanet.services.naming.WebtopNaming$SiteMonitor.<clinit>(WebtopNaming.java:1386)
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:145)
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:93)
at com.iplanet.services.naming.WebtopNaming.getNamingTable(WebtopNaming.java:1038)
at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:1074)
at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:991)
at com.iplanet.services.naming.WebtopNaming.getServiceAllURLs(WebtopNaming.java:466)
at com.sun.identity.authentication.AuthContext.login(AuthContext.java:575)
at com.sun.identity.authentication.AuthContext.login(AuthContext.java:521)
at com.sun.identity.authentication.AuthContext.login(AuthContext.java:381)
at com.sun.identity.agents.common.ApplicationSSOTokenProvider.getApplicationSSOToken(ApplicationSSOTokenProvider.java:63)
at com.sun.identity.agents.arch.AgentConfiguration.setAppSSOToken(AgentConfiguration.java:541)
at com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:646)
at com.sun.identity.agents.arch.AgentConfiguration.initializeConfiguration(AgentConfiguration.java:1054)
at com.sun.identity.agents.arch.AgentConfiguration.<clinit>(AgentConfiguration.java:1498)
at com.sun.identity.agents.arch.Manager.<clinit>(Manager.java:643)
at com.sun.identity.agents.weblogic.v10.AmWLAuthProvider.initialize(AmWLAuthProvider.java:57)
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:65)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(Unknown Source)
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(Unknown Source)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
[Loaded javax.net.ssl.impl.SSLSocketImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded java.net.SocksConsts from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.net.PlainSocketImpl from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.net.SocksSocketImpl from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.net.SocksSocketImpl$5 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.net.ProxySelector from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.net.spi.DefaultProxySelector from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.net.spi.DefaultProxySelector$1 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.net.NetProperties from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.net.NetProperties$1 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded sun.net.spi.DefaultProxySelector$3 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.net.Socket$2 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.net.SocketInputStream from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.net.Socket$3 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded java.net.SocketOutputStream from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded javax.net.ssl.impl.StringID from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.event.HandshakeWouldBlockException from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded javax.net.ssl.SSLProtocolException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded javax.net.ssl.SSLHandshakeException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded javax.net.ssl.SSLKeyException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded com.certicom.tls.record.Message from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.InputSSLIO from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.OutputSSLIO from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.bea.sslplus.TwoWaySSLHandshakeStageSocketException from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.TLSSession from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.OutputSSLIOStreamWrapper from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.InputSSLIOStreamWrapper from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.InputSSLIOStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.OutputSSLIOStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.alert.AlertHandler from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.HandshakeHandler from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.alert.Alert from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.HandshakeInputBuffer from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.interfaceimpl.TLSSessionImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.CryptoRecordState from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.HandshakeTypes from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.HandshakeState from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.ClientStateSentHello from file:/opt/bea/wlserver_10.
Antwort1
Erstellen Sie die Datei boot.properties:
${DOMAIN_HOME}/servers/AdminServer/security/boot.properties
Bearbeiten Sie den Inhalt, um Folgendes hinzuzufügen:
username=weblogicAdminUsername
password=weblogicAdminUnencryptedPassword
TrustKeyStore=CustomTrust
CustomTrustKeyStoreFileName=/path/to/custom/keystore
CustomTrustKeyStorePassPhrase=keystoreUnencryptedPassword
Starten Sie den WebLogic-Server.
Beachten Sie nach dem Start, dass der Inhalt der Datei boot.properties jetzt verschlüsselt ist.
Sie können dies alternativ auch folgendermaßen tun:
JAVA_OPTIONS="${JAVA_OPTIONS} -Dweblogic.security.TrustKeyStore=CustomTrust "
JAVA_OPTIONS="${JAVA_OPTIONS} -Dweblogic.security.CustomTrustKeyStorePassPhrase=customKeystorePassword "
JAVA_OPTIONS="${JAVA_OPTIONS} -Dweblogic.security.CustomTrustKeyStoreFileName=/my/custom/keystore.jks "
Fügen Sie die obigen Zeilen an die Datei bin/setDomainEnv.sh der Domäne an. Passen Sie die letzten beiden an.