3 Replies Latest reply on Oct 3, 2005 11:24 AM by 666705

    Can anyone help me out why java.lang.IllegalStateException is coming?

    666705
      I am getting this exception when i am trying to access a servlet which is deployed on the weblogic 7.0 sp4 server

      <Exception during handshake, stack trace follows
      java.lang.IllegalStateException
      at com.certicom.tls.provider.cipher.JSAFE_RSA.doFinal(Unknown Source)
      at com.certicom.tls.record.handshake.ServerStateSentHelloDone.handle(Unknown Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
      at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
      at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown Source)
      at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:399)
      at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
      at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
      >
      <Sep 29, 2005 4:06:51 PM GMT+05:30> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls.record.alert.Alert@17b327 Severity: 2 Type: 40
      java.lang.Throwable: Stack trace
      at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:241)
      at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
      at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
      at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown Source)
      at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:399)
      at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
      at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
      >
      <Sep 29, 2005 4:06:51 PM GMT+05:30> <Debug> <TLS> <000000> <write ALERT offset = 0 length = 2>
      <Sep 29, 2005 4:06:51 PM GMT+05:30> <Debug> <TLS> <000000> <close(): 5810903>
      <Sep 29, 2005 4:06:51 PM GMT+05:30> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 7436447>

      <b>Please help me out in figuring out why this exception is coming on the server side. I am using a trial SSL certificate from Verisign for testing purposes. </b>

      Any kind of help will be highly appreciated.

      Thanks
        • 1. Re: Can anyone help me out why java.lang.IllegalStateException is coming?
          666705
          Hi,

          Generally this kind of exception occurs when the Signals that a method has been invoked at an illegal or inappropriate time. In other words, the Java environment or Java application is not in an appropriate state for the requested operation.

          Regards
          Anilkumar kari
          • 2. Re: Can anyone help me out why java.lang.IllegalStateException is coming?
            666705
            Thanks Anil for your kind response.
            But can you elaborate a bit on this.

            Actually when we are trying to access a servlet through IE deployed on weblogic server we are getting this exception on server side.
            Initially we were using the demo certificate provided by weblogic itself for securely communicating with server.
            But when we got a trial certificate from verisign and deployed that certificate on weblogic by following the steps provided below we are facing this problem:

            Follow these steps to configure SSL:

            1.) Create a directory "cert" under domain directorybea_home\user_projects\mydomain) and place these files:

            mykey.der : private-key
            serverCertificate.pem : Signed Server Certificate
            CAIntermediateCert.pem : Intermediate certificate used by the CACertificate Authority) to validate/sign the serverCertificate
            CASelfCert.pem : CA's root certificate that validates the CA's intermediate certificate

            2.) On the Admin Console > Servers > myserver > Connections tab > SSL tab

            Server Certficate File Name : /cert/serverCertificate.pem
            Server Key File Name : /cert/mykey.der

            3.) Open a command-prompt/shell window. Change current directory to BEA_HOME\user_projects\mydomain and run setEnv.
            [ This sets the environment to run the java utilities.]

            4.) Then go to cert directoryi.e BEA_HOME\user_projects\mydomain\cert) and Register the Intermediate certificateCAIntermediateCert.pem):

            $BEA_HOME/jdk1.3.1_03/bin/keytool -import -trustcacerts -file CAIntermediateCert.pem -alias intermediateCA -keystore $BEA_HOME/weblogic700/server/lib/cacerts

            -- Enter password : changeit default)
            -- When prompted to trust the certificate, I type "yes"

            Output on the screen:

            Enter keystore password: changeit
            Owner: CN=XXX CLASS 3 CA-4, OU=PKI, OU=XXX, O=KKK, C=US
            Issuer: CN=XXX CLASS 3 Root CA, OU=PKI, OU=XXX, O=KKK, C=US
            Serial number: f
            Valid from: Wed Jul 05 08:55:43 EDT 2000 until: Tue Jul 04 08:55:43 EDT 2006
            Certificate fingerprints:
            MD5: 69:39:25:B5:02:03:B2:0D:A9:AC:45:68:A6:37:21:4A
            SHA1: 77:78:E8:2C:73:7D:1D:A7:B8:11:11:EE:A3:86:4C:81:55:04:86:ED
            Trust this certificate? [no]: yes
            Certificate was added to keystore

            5.) Then Register the root certificateCASelfCert.pem):

            $BEA_HOME/jdk1.3.1_03/bin/keytool -import -trustcacerts -file CASelfCert.pem -alias CASelfCert -keystore $BEA_HOME/weblogic700/server/lib/cacerts

            -- Entered password : changeit
            -- When prompted to trust the certificate, I typed "yes"

            Output on the screen:

            Enter keystore password: changeit
            Owner: CN=XXX CLASS 3 Root CA, OU=PKI, OU=XXX, O=KKK, C=US

            Issuer: CN=XXX CLASS 3 Root CA, OU=PKI, OU=XXX, O=KKK, C=US
            Serial number: 4
            Valid from: Fri May 19 09:13:00 EDT 2000 until: Thu May 14 09:13:00 EDT
            2020
            Certificate fingerprints:
            MD5: 8C:48:08:65:BB:DA:FF:9F:FD:8C:E2:95:E0:96:B9:9D
            SHA1: 10:F1:93:F3:40:AC:91:D6:DE:5F:1E:DC:00:62:47:C4:F2:5D:96:71
            Trust this certificate? [no]: yes
            Certificate was added to keystore

            6.) Include the follwing parameters in WLS startup script and start WLS:

            -Dweblogic.security.SSL.trustedCAKeyStore=C:\bea_WLPlatform702\weblogic700\server\lib\cacerts
            -Dweblogic.management.pkpassword=<password>

            where password refers to the private-key encryption password.

            Can you suggest why we are facing the problems after deploying the certificate from verisign. Can you tell us that deploying third party certificates like verisign will require some change in the code of servlet or it is automatically taken care of by weblogic server.

            Any kind of help will be highly appreciated.

            Thanks in advance
            Rupinder Singh Kainth
            • 3. Re: Can anyone help me out why java.lang.IllegalStateException is coming?
              666705
              seems alredy a CR125537 is there for this issue,
              can u open open a support case with BEA

              Regards
              Prasanna Yalam