I have a problem using Custom Identity Keystore in Weblogic 10.3.5 installed under RedHat.
I have received a pfx/p12 certificate. Successfully extracted PEM server certificate and keys and installed them in Apache for mod_ssl configuration (using XCA for extracting PEM for certificates and key).
I am trying to use the same certificate and key for configuring WebLogic SSL.
Using the PEM certificate and keys that are used for Apache configuration, created a JKS store using WebLogic utility: java utils.ImportPrivateKey -keystore CUSTOM_STORE.jks -storepass STOREPWD -storetype JKS -keypass KEYPWD -alias KEYALIAS -certfile server.crt -keyfile server.key -keyfilepass KEYPWD
Configured Weblogic using administration console, setting a Custom Identity and Java Standard Trust that references my keystore in Keystores tab. Then modified the Private Key Alias and passphrase in SSL tab. All this settings for Administration Server.
SSL in WebLogic does not start correctly with the following error:
*<23-mar-2012 10.55.45 CET> <Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, java.lang.RuntimeException: Cannot convert identity certificate>*
*<23-mar-2012 10.55.45 CET> <Error> <Server> <BEA-002618> <An invalid attempt was made to configure a channel for unconfigured protocol "Cannot convert identity certificate".>*
I have successfully configured WebLogic SSL using an auto signed certificate, inserting the certificate in a custom JKS store.
Does anyone have suggestions for understanding WebLogic error?
Is there a different way of importing a pfx/p12 certificate in a Java Key Store for using in WebLogic server?
Thanks in advance,
I have identified the problem enabling debug information on Weblogic.
The problem was related to the certificate:
java.security.NoSuchAlgorithmException: ECDSA Signature not available and
java.security.NoSuchAlgorithmException: Algorithm ECDH not available
After enabling the use of JSSE SSL inside Weblogic, the problem was resolved.
I was facing the similar problem while configuring my Verisign SSL ceritificate. And this resolution of enabling the JSSE SSL option on the Managed server really worked out for me
Thanks for the resolution
Hit the same problem.
Self signed Certificate used to work well for WLS 10.3.5.x on JDK 6, recently did the same configuration for WLS 10.3.6.x on JDK 7 and SSL won't start.
Checking the logs, the same error.
Checking "Use JSSE SSL" does fix the problem easily.