5 Replies Latest reply on Dec 10, 2014 12:06 PM by René van Wijk

    HTTPS not working after enabling SSL port

    ChrisJunior

      Hello,

       

      This is my first time trying to use HTTPS with any weblogic apps and I'm having some trouble.. We have a web application that's deployed on one of my WebLogic servers. Inside this application is a call to a webservice hosted by a seperate application. Recently they made this other application HTTPS, so we've had to change our webservice call to point to the new HTTPS address. For some reason in the logs we're getting the below error:

       

      <Dec 3, 2014 9:40:00 AM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from [URL] - [URL IP] was not trusted causing SSL handshake failure.>

       

      I read an article somewhere saying that we need to enable HTTPS on the Weblogic server that's hostign the app.. Doesn't make sense to me, but I decided to try it anyways. I enabled the SSL ports on the managed server, restarted it, and tried to access it. Nothing. I get an "Internet Cannot Display this webpage" error. If I change the address back to http and use the non-ssl port it's working.. I'm just trying to test this out so I'm using the Demo certs and stuff that's included by default.

       

      Anyone have any idea what I could be doing wrong? Do I need to even anable the SSL ports to talk to an external applicatin that's using HTTPS?

        • 1. Re: HTTPS not working after enabling SSL port
          ChrisJunior

          I did some more digging in the logs and found this <Notice> farther up in the logs:

           

          The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the
          AlgorithmIdentifier object

           

          What on earth does this even mean?

          • 2. Re: HTTPS not working after enabling SSL port
            AnatoliAtanasov

            Hi Chris,

             

            as your application (managed server) acts as a web service client, you

            have to import the web service's server certificate in your managed

            server jks or in the trusted key store of the JRE running the managed

            server.

             

            Your first issue may be a result of difference in the ws server name and

            the cn in the certificate. Make sure if those are equal.

             

            For more details, you can follow this thread

            https://community.oracle.com/thread/1102486?tstart=0 where similar issue

            is commented.

             

            The other way around would be to user Oracle Web Services Manager and

            use policy based security when invoking the web service. The security

            will be managed declaratively and your code should deal as it would be a

            non-secured web service.

             

            Hope that helps,

            Anatoli

            • 3. Re: HTTPS not working after enabling SSL port
              Igoroshka

              Please try to add

              -Dweblogic.ssl.JSSEEnabled=true

              -Dweblogic.security.SSL.enableJSSE=true

               

              to your JVM start options in the start WebLogic script.

              • 4. Re: HTTPS not working after enabling SSL port
                Faisal WebLogic Wonders

                You can ignore this exception as quite likely its not related to the ssl handshake failure.

                You can find details to get rid of this exception here

                 

                 

                 

                http://weblogic-wonders.com/weblogic/2010/01/28/troubleshooting-ssl-issues/

                 

                Are you able to access the WSDL of the service? Download the certificate from the browser and import in weblogic truststore.

                 

                Let me know if you need help , you can add me on skype

                faiz6692

                 

                Thanks,
                Faisal

                • 5. Re: HTTPS not working after enabling SSL port
                  René van Wijk

                  "Do I need to even anable the SSL ports to talk to an external applicatin that's using HTTPS?"

                   

                  No, from your explaination, I understand that you are the client in the set-up (you just call the web service, you do not host it in the WebLogic Server). In this case you do not need to enable https ports in WebLogic (only when you are hosting the web service).

                   

                  In some cases the client calls a secured services by presenting a public key (certificate) - the server hosting the service has two-way-ssl configured. In this case you must identify yourself to the server when calling the web service, you can do this by using something like (after which you can call the web service)

                   

                  public void makeHttpsConnection(String fileLocatie, String instance, String password) {

                          InputStream inputStream = null;

                          try {

                              inputStream = new FileInputStream(new File(fileLocatie));

                              KeyStore keystore = KeyStore.getInstance(instance);

                              keystore.load(inputStream, password.toCharArray());

                              KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

                              keyManagerFactory.init(keystore, password.toCharArray());

                              SSLContext sslContext = SSLContext.getInstance("SSLv3");

                              sslContext.init(keyManagerFactory.getKeyManagers(), null, null);

                              HTTPConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());

                          } catch (Exception e) {

                              e.printStackTrace();

                          }

                          finally {

                              if (inputStream != null) {

                                  try {

                                      inputStream.close();

                                  } catch (IOException e) {

                                      e.printStackTrace();

                                  }

                              }

                          }

                  }

                   

                  Note that the SSLContext uses SSLv3 (this probably has to be something securer, for example TLSv1 - SSLContext (Java Platform SE 7 ) - do not know what the server on the other side has configured).

                   

                  You can obtain their public key by accessing the WSDL on there site, and then download the certificate (can be done by using a browser or openssl, for example, openssl s_client -connect {HOSTNAME}:{PORT} -showcerts).

                   

                  More information on SSL can be found here (Middleware Snippets: Playing with SSL) and the references therein.