0 Replies Latest reply on Apr 20, 2007 6:48 AM by 666705

    Self Sign Certificate in WebLogic 7.0 SP2 using Sun KeyTool

    666705
      Hi,

      we are trying to configure SSL on WebLogic 7.0 SP2.

      We are using the Sun "KeyTool" Utility, to create the Keystore & Self Sign it.

      We performed the Following Steps :

      Step1: Generating the KeyStore
      keytool -genkey -alias medplexuswebportalalias -dname "CN=192.168.1.10,OU=MedPlexus, O=MedPlexus Inc, L=SanataClara, S=California, C=US" -keyalg RSA -keypass medplexuswebportalkeypass -storepass medplexuswebportalkeypass -keystore medplexuswebportal.keystore

      Step2 : SelfSigning
      keytool -selfcert -alias medplexuswebportalalias -validity 100000 -keypass medplexuswebportalkeypass -keystore medplexuswebportal.keystore

      Step3 : Exporting the Certificate
      keytool -export -alias medplexuswebportalalias -keystore medplexuswebportal.keystore -file medplexuswebportalalias.pem

      Now we performed the following steps to configure the SSL on WebLogic.

      Step1: Configuring the KeyStroe
      In the WebLogic Server Administration Console, expanded the Security-->Realms nodes.

      Click the name of the realm you are configuring (for example, myrealm).

      Expand the Providers node. Click Key Stores.
      The Keystore tab appears. This tab displays the name keystore configured for the security realm. By default, the WebLogic Keystore provider is configured.

      Note: The WebLogic Server Administration Console refers to the WebLogic Keystore provider as the DefaultKeystore.

      Click DefaultKeystore. On the General tab, entered the Private Key Store Location & Private Key Store Pass Phrase. Clicked on Apply Button.

      Step2 : SSL Configuration

      Expand the Server node.
      Select the Connections-->SSL Tab
      Given the following values:
      Server Private Key Alias : medplexusalias
      Server Private Key Passphrase : medplexuswebportalkeypass
      Server Certificate File Name : C:\\medplexuswebportalalias.cer

      Clicked on Apply Button.

      Step 3: Changes in "startWebLogic.cmd".

      set JAVA_OPTIONS=-Dweblogic.management.pkpassword=medplexuswebportalkeypass -Dweblogic.security.SSL.trustedCAKeyStore=C:\\medplexuswebportal.keystore

      Step4 : Started the Server.

      Then we are getting the following exception/error :

      <Apr 20, 2007 11:46:44 AM IST> <Error> <Security> <090158> <The Server was unable to find the private key with alias medplexusalias at location c:\\medplexuswebportal.keystore on server myserver, realm myrealm. Make sure the KeyStore exists and contains the key entry under the specified alias.>

      <Apr 20, 2007 11:46:44 AM IST> <Alert> <WebLogicServer> <000297> <Inconsistent security configuration, java.lang.Exception: Cannot find the private key with alias medplexusalias in the KeyStore at location c:\\medplexuswebportal.keystore>

      java.lang.Exception: Cannot find the private key with alias medplexusalias in the KeyStore at location c:\\medplexuswebportal.keystore

      at weblogic.security.service.SSLManager.getServerPrivateKey(SSLManager.java:401)
      at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:153)
      at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:122)
      at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1548)
      at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:891)
      at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:300)
      at weblogic.Server.main(Server.java:32)

      <Apr 20, 2007 11:46:44 AM IST> <Emergency> <Security> <090034> <Not listening for SSL, java.io.IOException: Inconsistent security configuration, Cannot find the private key with alias medplexusalias in the KeyStore at location c:\\medplexuswebportal.keystore.>

      Please help us to solve this issue.

      Thanks in advance
      KM