5 Replies Latest reply on Mar 19, 2013 5:35 AM by terry wang - oracle

    SSL configuration error: Cannot convert identity certificate

      I have a problem using Custom Identity Keystore in Weblogic 10.3.5 installed under RedHat.

      I have received a pfx/p12 certificate. Successfully extracted PEM server certificate and keys and installed them in Apache for mod_ssl configuration (using XCA for extracting PEM for certificates and key).
      I am trying to use the same certificate and key for configuring WebLogic SSL.

      Using the PEM certificate and keys that are used for Apache configuration, created a JKS store using WebLogic utility:

      java utils.ImportPrivateKey -keystore CUSTOM_STORE.jks -storepass STOREPWD -storetype JKS -keypass KEYPWD -alias KEYALIAS -certfile server.crt -keyfile server.key -keyfilepass KEYPWD

      Configured Weblogic using administration console, setting a Custom Identity and Java Standard Trust that references my keystore in Keystores tab. Then modified the Private Key Alias and passphrase in SSL tab. All this settings for Administration Server.

      SSL in WebLogic does not start correctly with the following error:

      *<23-mar-2012 10.55.45 CET> <Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, java.lang.RuntimeException: Cannot convert identity certificate>*
      *<23-mar-2012 10.55.45 CET> <Error> <Server> <BEA-002618> <An invalid attempt was made to configure a channel for unconfigured protocol "Cannot convert identity certificate".>*

      I have successfully configured WebLogic SSL using an auto signed certificate, inserting the certificate in a custom JKS store.

      Does anyone have suggestions for understanding WebLogic error?
      Is there a different way of importing a pfx/p12 certificate in a Java Key Store for using in WebLogic server?

      Thanks in advance,