WebLogic 10.3의 사용자 정의 신뢰 및 사용자 정의 ID 키 저장소

WebLogic 10.3의 사용자 정의 신뢰 및 사용자 정의 ID 키 저장소

질문

WebLogic 10.3에서 사용자 정의 신뢰 및 사용자 정의 ID 키 저장소를 구성한 후에도 WebLogic 10.3이 계속해서 데모 키 저장소와 JDK 신뢰 저장소를 로드하는 이유를 아는 사람이 있습니까?

설명

WebLogic을 시작하고https://mysite.com/console로그인하고 환경->서버->관리 서버->키 저장소로 이동하여 키 저장소를 구성하고 ID 및 신뢰 키 저장소를 설정합니다(둘 다 동일한 키 저장소임).

WebLogic을 중지하고 ${DOMAIN_HOME}/bin/startWebLogic.sh다음 줄을 포함하도록 수정합니다.

JAVA_OPTIONS="${JAVA_OPTIONS} -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true "

WebLogic을 다시 시작합니다.

nohup ${DOMAIN_HOME}/startWebLogic.sh &

tail -f nohup.out

다음 줄은 출력의 일부입니다.

...Loading trusted certificates from the jks keystore file /opt/bea/wlserver_10.3/server/lib/DemoTrust.jks.>
...Loading trusted certificates from the jks keystore file /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts.>

추가 정보

이 WebLogic은 VM 복제를 통해 설치되었지만 복제 후에 도메인의 호스트 이름이 최신 상태가 되도록 도메인을 압축 및 압축 해제했습니다.

파일 ${DOMAIN_HOME}/config/config.xml의 키 저장소, custom-trust-key-store-file-name 및 custom-identity-key-store-file-name 항목에 올바른 값이 있습니다.

이 서버와 동일한 VM에서 복제된 두 개의 서버가 예상대로 작동합니다. 즉, 시작 시 올바른 키 저장소를 로드합니다. 분산 인증과 OpenSSO 서버가 그것이다. 문제가 있는 서버는 OpenSSO 정책 에이전트가 설치된 Identity Manager 서버입니다.

통나무

두 개의 기본 키 및 신뢰 저장소가 사용자 정의 키 및 신뢰 저장소보다 먼저 로드됨을 보여주는 AdminServer.log에서 발췌: 참고: JAVA_OPTIONS에는 -verbose:class 및 -Dssl.debug=true가 설정되어 있습니다.

  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE KeyAgreement: SunPKCS11-Solaris version 1.6 for algorithm DiffieHellman> 
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default KeyAgreement for algorithm DiffieHellman> 
  [Loaded com.certicom.ecc.scheme.DH from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default KeyAgreement for algorithm ECDH> 
  [Loaded com.certicom.ecc.scheme.KeyAgreement from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
  [Loaded com.certicom.ecc.scheme.ECDH from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
  [Loaded com.certicom.ecc.scheme.KDF from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
  [Loaded com.certicom.tls.provider.Cipher from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.provider.cipher.NullCipher from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.provider.cipher.ECCpresso_RC4 from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.provider.cipher.des.ECCpresso_DESCBCNoPad from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.provider.cipher.ECCpresso_AESCBCNoPad from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.provider.cipher.JSAFE_RSA from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.provider.cipher.ECCpresso_RSACipher from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded weblogic.jce.WLCipher from file:/opt/bea/wlserver_10.3/server/lib/wlcipher.jar]
  [Loaded sun.security.pkcs11.P11Cipher from file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar]
  [Loaded sun.security.pkcs11.P11Cipher$Padding from file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar]
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding> 
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede> 
  [Loaded com.certicom.ecc.scheme.DES from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DES/CBC/NoPadding> 
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DES> 
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm AES/CBC/NoPadding> 
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm AES> 
  [Loaded com.certicom.ecc.scheme.AES from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm RC4> 
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm RC4> 
  [Loaded com.certicom.ecc.scheme.ARC4 from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
  [Loaded com.sun.crypto.provider.RSACipher from file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunjce_provider.jar]
  [Loaded javax.crypto.spec.PSource from /usr/jdk/instances/jdk1.6.0/jre/lib/jce.jar]
  [Loaded javax.crypto.spec.PSource$PSpecified from /usr/jdk/instances/jdk1.6.0/jre/lib/jce.jar]
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA> 
  [Loaded java.util.regex.Pattern$BranchConn from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded java.util.regex.Pattern$Branch from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding> 
  [Loaded com.certicom.tls.interfaceimpl.CertificateSupport from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded java.security.cert.CertificateParsingException from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded java.security.cert.CertificateNotYetValidException from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded java.security.cert.CertificateExpiredException from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded com.certicom.security.cert.internal.x509.X509V3CertImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.provider.KeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.net.ssl.TrustManager from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.net.ssl.impl.TrustManagerImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.interfaceimpl.SessionDBImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSL Session TTL :90000> 
  [Loaded com.certicom.tls.interfaceimpl.ProtocolVersions from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.interfaceimpl.ProtocolVersion from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded weblogic.security.utils.SSLTrustValidator from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded java.security.cert.CertificateEncodingException from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded weblogic.security.SSL.CertPathTrustManager from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded weblogic.security.utils.SSLWLSHostnameVerifier from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded weblogic.security.utils.SSLWLSHostnameVerifier$NullHostnameVerifier from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded weblogic.security.utils.SSLWLSHostnameVerifier$DefaultHostnameVerifier from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <DefaultHostnameVerifier: allowReverseDNS=false> 
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates> 
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: using pre-mbean command line configuration for SSL trust> 
  [Loaded weblogic.security.utils.KeyStoreConfigurationHelper from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded weblogic.security.utils.PreMBeanKeyStoreConfiguration from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded weblogic.security.utils.KeyStoreInfo from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded weblogic.security.utils.KeyStoreConstants from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded weblogic.security.utils.SSLContextManager from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  <Jan 26, 2010 4:00:26 PM EST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/bea/wlserver_10.3/server/lib/DemoTrust.jks.> 
  [Loaded weblogic.jndi.ClientEnvironment from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded weblogic.jndi.Environment from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded weblogic.security.utils.KeyStoreUtils from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded java.security.KeyStoreSpi from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.security.provider.JavaKeyStore from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.security.provider.JavaKeyStore$JKS from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded java.security.DigestInputStream from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.security.provider.JavaKeyStore$TrustedCertEntry from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded weblogic.security.utils.SSLCertUtility from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded javax.security.cert.CertificateException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
  [Loaded javax.security.cert.CertificateEncodingException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
  [Loaded javax.net.ssl.SSLException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
  [Loaded javax.net.ssl.SSLPeerUnverifiedException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loaded 5 trusted CAs from /opt/bea/wlserver_10.3/server/lib/DemoTrust.jks> 
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US; Issuer: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US> 
  ... The Certs ....  
  <Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US; Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US> 
  <Jan 26, 2010 4:00:26 PM EST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts.> 
  [Loaded sun.security.x509.CRLDistributionPointsExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.security.x509.DistributionPoint from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.security.x509.URIName from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.security.x509.DNSName from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.security.x509.CertificatePoliciesExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.security.x509.PolicyInformation from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.security.x509.CertificatePolicyId from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded java.security.cert.PolicyQualifierInfo from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.security.x509.PrivateKeyUsageExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.reflect.GeneratedConstructorAccessor9 from __JVM_DefineClass__]
  [Loaded sun.reflect.GeneratedConstructorAccessor10 from __JVM_DefineClass__]
  [Loaded sun.security.x509.ExtendedKeyUsageExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.reflect.GeneratedConstructorAccessor11 from __JVM_DefineClass__]
  [Loaded sun.reflect.GeneratedConstructorAccessor12 from __JVM_DefineClass__]
  [Loaded sun.security.x509.IssuerAlternativeNameExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.security.x509.AuthorityInfoAccessExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.security.x509.AccessDescription from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  <Jan 26, 2010 4:00:27 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loaded 76 trusted CAs from /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts>
  ... The 76 Certs ... 
  [Loaded sun.nio.cs.ISO_8859_1$Decoder from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar] 
  <Jan 26, 2010 4:00:27 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US; Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US> 
  [Loaded com.certicom.security.asn1.ASN1ParsingException from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1Type from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1Structured from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1Sequence from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1SequenceOf from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.pkix.Extensions from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.pkix.SubjectPublicKeyInfo from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1InputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.pkix.Certificate from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1EncodingException from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1OutputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.pkix.TBSCertificate from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1Tag from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1Primitive from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1Integer from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.pkix.AlgorithmIdentifier from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1Null from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.pkcs.pkcs1.DSSParams from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1OID from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.pkcs.pkcs5.PBEParameter from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1Choice from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.pkix.Name from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.pkix.RDNSequence from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.pkix.AttributeTypeAndValue from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1SetOf from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.pkix.RelativeDistinguishedName from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1String from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1SimpleString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1PrintableString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1TeletextString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1IA5String from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.UTF8String from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1BMPString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.pkix.Validity from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.pkix.Time from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1BitString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.DERInputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.DERDefiniteLengthInputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1Time from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1Set from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1OctetString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1Boolean from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.DERInputStream$Header from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.ASN1UTCTime from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.pkix.Extension from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.DEROutputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.DERByteArrayOutputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.security.asn1.DEROutputSizer from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.provider.kf.ECCpresso_ECKeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.provider.kf.JSAFE_RSAKeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.provider.kf.ECCpresso_RSAKeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.provider.kf.DSAKeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded sun.reflect.GeneratedConstructorAccessor13 from __JVM_DefineClass__]
  [Loaded sun.reflect.GeneratedConstructorAccessor14 from __JVM_DefineClass__]
  [Loaded sun.reflect.GeneratedConstructorAccessor15 from __JVM_DefineClass__]
  [Loaded com.certicom.locale.Resources from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.locale.jSSLPlusResources from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.locale.jSSLPlusResources_en from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.bea.logging.ThrowableWrapper from file:/opt/bea/modules/com.bea.core.logging_1.4.0.0.jar]
  [Loaded weblogic.logging.ThrowableInfo from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  <Jan 26, 2010 4:00:27 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Failure loading trusted CA list
  java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11
    at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
    at com.certicom.tls.interfaceimpl.CertificateSupport.addTrustedCertificate(Unknown Source)
    at com.certicom.net.ssl.SSLContext.addTrustedCertificate(Unknown Source)
    at com.bea.sslplus.CerticomSSLContext.addTrustedCA(Unknown Source)
    at weblogic.security.utils.SSLContextWrapper.addTrustedCA(SSLContextWrapper.java:62)
    at weblogic.security.utils.SSLSetup.getSSLContext(SSLSetup.java:320)
    at weblogic.security.SSL.SSLClientInfo.getSSLSocketFactory(SSLClientInfo.java:101)
    at weblogic.security.SSL.SSLSocketFactory.setSSLClientInfo(SSLSocketFactory.java:218)
    at weblogic.security.SSL.SSLSocketFactory.<init>(SSLSocketFactory.java:36)
    at weblogic.security.SSL.SSLSocketFactory.getInstance(SSLSocketFactory.java:68)
    at weblogic.net.http.HttpsClient.New(HttpsClient.java:561)
    at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:242)
    at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:237)
    at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:191)
    at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:93)
    at com.iplanet.services.naming.WebtopNaming.getNamingTable(WebtopNaming.java:1038)
    at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:1074)
    at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:991)
    at com.iplanet.services.naming.WebtopNaming.access$000(WebtopNaming.java:74)
    at com.iplanet.services.naming.WebtopNaming$SiteMonitor.<clinit>(WebtopNaming.java:1386)
    at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:145)
    at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:93)
    at com.iplanet.services.naming.WebtopNaming.getNamingTable(WebtopNaming.java:1038)
    at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:1074)
    at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:991)
    at com.iplanet.services.naming.WebtopNaming.getServiceAllURLs(WebtopNaming.java:466)
    at com.sun.identity.authentication.AuthContext.login(AuthContext.java:575)
    at com.sun.identity.authentication.AuthContext.login(AuthContext.java:521)
    at com.sun.identity.authentication.AuthContext.login(AuthContext.java:381)
    at com.sun.identity.agents.common.ApplicationSSOTokenProvider.getApplicationSSOToken(ApplicationSSOTokenProvider.java:63)
    at com.sun.identity.agents.arch.AgentConfiguration.setAppSSOToken(AgentConfiguration.java:541)
    at com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:646)
    at com.sun.identity.agents.arch.AgentConfiguration.initializeConfiguration(AgentConfiguration.java:1054)
    at com.sun.identity.agents.arch.AgentConfiguration.<clinit>(AgentConfiguration.java:1498)
    at com.sun.identity.agents.arch.Manager.<clinit>(Manager.java:643)
    at com.sun.identity.agents.weblogic.v10.AmWLAuthProvider.initialize(AmWLAuthProvider.java:57)
    at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:65)
    at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
    at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
    at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
    at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
    at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(Unknown Source)
    at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(Unknown Source)
    at weblogic.security.service.CSSWLSDelegateImpl.initialize(Unknown Source)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(Unknown Source)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(Unknown Source)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(Unknown Source)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(Unknown Source)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
    at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
    at weblogic.security.SecurityService.start(SecurityService.java:141)
    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  > 
  [Loaded javax.net.ssl.impl.SSLSocketImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded java.net.SocksConsts from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded java.net.PlainSocketImpl from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded java.net.SocksSocketImpl from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded java.net.SocksSocketImpl$5 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded java.net.ProxySelector from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.net.spi.DefaultProxySelector from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.net.spi.DefaultProxySelector$1 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.net.NetProperties from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.net.NetProperties$1 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded sun.net.spi.DefaultProxySelector$3 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded java.net.Socket$2 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded java.net.SocketInputStream from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded java.net.Socket$3 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded java.net.SocketOutputStream from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
  [Loaded javax.net.ssl.impl.StringID from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.event.HandshakeWouldBlockException from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded javax.net.ssl.SSLProtocolException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
  [Loaded javax.net.ssl.SSLHandshakeException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
  [Loaded javax.net.ssl.SSLKeyException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
  [Loaded com.certicom.tls.record.Message from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.io.InputSSLIO from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.io.OutputSSLIO from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.bea.sslplus.TwoWaySSLHandshakeStageSocketException from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.TLSSession from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.io.OutputSSLIOStreamWrapper from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.io.InputSSLIOStreamWrapper from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.io.InputSSLIOStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.io.OutputSSLIOStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.record.alert.AlertHandler from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.record.handshake.HandshakeHandler from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.record.alert.Alert from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.record.handshake.HandshakeInputBuffer from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.interfaceimpl.TLSSessionImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.record.CryptoRecordState from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.record.handshake.HandshakeTypes from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.record.handshake.HandshakeState from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
  [Loaded com.certicom.tls.record.handshake.ClientStateSentHello from file:/opt/bea/wlserver_10.

답변1

boot.properties 파일을 생성합니다:

${DOMAIN_HOME}/servers/AdminServer/security/boot.properties

내용을 편집하여 다음을 추가하십시오.

username=weblogicAdminUsername
password=weblogicAdminUnencryptedPassword
TrustKeyStore=CustomTrust
CustomTrustKeyStoreFileName=/path/to/custom/keystore
CustomTrustKeyStorePassPhrase=keystoreUnencryptedPassword

WebLogic 서버를 시작하십시오.

시작 후 이제 boot.properties 파일의 내용이 암호화됩니다.

이를 수행하는 다른 방법은 다음과 같습니다.

JAVA_OPTIONS="${JAVA_OPTIONS} -Dweblogic.security.TrustKeyStore=CustomTrust "
JAVA_OPTIONS="${JAVA_OPTIONS} -Dweblogic.security.CustomTrustKeyStorePassPhrase=customKeystorePassword "
JAVA_OPTIONS="${JAVA_OPTIONS} -Dweblogic.security.CustomTrustKeyStoreFileName=/my/custom/keystore.jks "

위 줄을 도메인의 bin/setDomainEnv.sh 파일에 추가합니다. 마지막 두 개를 맞춤설정하세요.

관련 정보