This discussion is archived
3 Replies Latest reply: Mar 15, 2013 5:34 AM by Kalyan Pasupuleti-Oracle RSS

Where can I get SSLWLSWildcardHostnameVerifier .class file

996836 Newbie
Currently Being Moderated
Hi, I am currently facing issues due to wildcard hostname in SSL certificate. Every site gives the information about how to configure a Custom host name verifier in Weblogic console, but the .class file is neither present in weblogic.jar of 10g or 11g Weblogic server versions. Just this configuration change does not fix this problem. Any idea where can I find the .class file to include in my server classpath.

Exception received when invoking the webservice from my java source code:
Cannot create instance of Hostname Verifier weblogic.security.utils.SSLWLSWildcardHostnameVerifier

Any help would be greatly appreciated.
  • 1. Re: Where can I get SSLWLSWildcardHostnameVerifier .class file
    Kalyan Pasupuleti-Oracle Expert
    Currently Being Moderated
    Hi,

    In WLS releases before WLS 11.1.1.5 (WLS 10.3.5), WebLogic Server's hostname verification code did not support wildcard certificates. Thus as per a product enhancement, we have created a separate hostname verification code, which allows wildcard certificates.

    Thus in order to have this functionality on WLS 10.3.5 and below, we have Patch 10215257 for WLS 10.3.0, 10.3.4, and 10.3.5.
    NOTE: This wildcard implementation is embedded in the binaries of WLS 10.3.6 and 12.1.1.0, thus there is no requirement for a patch on those versions and higher.

    Once we apply the apprropriate patch we need to do the following:

    Add the server start-up parameter (in the java_options):
    -Dweblogic.security.SSL.hostnameVerifier=weblogic.security.utils.SSLWLSWildcardHostnameVerifier,/div>
    Navigate to Admin Console -> server_name -> SSL -> Advanced. Check the checkbox Use JSSE.

    This has to be done on all the servers where we are planning to use the wild card certificate. If you are using WLS 10.3.6+ or WLS 12.1.1.0+, do the following:

    Enable "Use JSSE."
    Navigate to Admin console -> server_name -> SSL -> Advanced ->. Check the checkbox Use JSSE.
    Select the value "weblogic.security.utils.SSLWLSWildcardHostnameVerifier" from the dropdown list of "Hostname verfication" parameters.



    Note:

    Weblogic server by default implements certicom SSL. In release WLS 10.3.4 the JSSE is implemented and certcom deprecated. As mentioned above.

    But wth previous version i.e. 10.3 which hasn't got this option available in the console, we can implement the following parameters to enable Sun SSL implementation instead of certicom:

    -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
    -Dssl.SocketFactory.provider=com.sun.net.ssl.internal.SSLSocketFactoryImpl
    -DUseSunHttpHandler=true
    -Dweblogic.wsee.client.ssl.usejdk=true (for webservice clients)



    Regards,
    Kal
  • 2. Re: Where can I get SSLWLSWildcardHostnameVerifier .class file
    996836 Newbie
    Currently Being Moderated
    Hi Kal,

    We are using weblogic 10.0.0.0
    So, I believe we need to install the patch first before doing any configuration changes.

    How can we get the patch?

    Thanks,
    Sonal.
  • 3. Re: Where can I get SSLWLSWildcardHostnameVerifier .class file
    Kalyan Pasupuleti-Oracle Expert
    Currently Being Moderated
    Hi Sonal,

    Open a ticket with Oracle WLS support team or you can search in MOS to download the patch.

    Regards,
    Kal

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points