5 Replies Latest reply on Dec 16, 2004 6:17 PM by 666705

    Error CERT_CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED

    666705
      Hi,

      I am getting the following error on the weblogic(8.1 Sp2) server while using two-way ssl. I have used java keytool to generate the private keys and self signed certificates for the server and the client:

      #<13-Sep-2004 12:27:16 o'clock BST> <Debug> <TLS> <000000> <validationCallback: validateErr = 16>
      <13-Sep-2004 12:27:16 o'clock BST> <Debug> <TLS> <000000> <Required peer certificates not supplied by peer>
      <13-Sep-2004 12:27:16 o'clock BST> <Warning> <Security> <BEA-090508> <Certificate chain received from BTG106099.iuser.iroot.adidom.com - 132.146.172.164 was incomplete.>
      <13-Sep-2004 12:27:16 o'clock BST> <Warning> <Security> <BEA-090477> <Certificate chain received from BTG106099.iuser.iroot.adidom.com - 132.146.172.164 was not trusted causing SSL handshake failure.>
      <13-Sep-2004 12:27:16 o'clock BST> <Debug> <TLS> <000000> <Validation error = 20>
      <13-Sep-2004 12:27:16 o'clock BST> <Debug> <TLS> <000000> <Certificate chain is incomplete>
      <13-Sep-2004 12:27:16 o'clock BST> <Debug> <TLS> <000000> <Certificate chain is untrusted>
      <13-Sep-2004 12:27:16 o'clock BST> <Debug> <TLS> <000000> <User defined JSSE trustmanagers not allowed to override>
      <13-Sep-2004 12:27:16 o'clock BST> <Debug> <TLS> <000000> <SSLTrustValidator returns: 84>
      <13-Sep-2004 12:27:16 o'clock BST> <Debug> <TLS> <000000> <Trust failure (84): CERT_CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED>
      <13-Sep-2004 12:27:16 o'clock BST> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls.record.alert.Alert@1cba87 Severity: 2 Type: 40
      java.lang.Throwable: Stack trace
      at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
      at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
      at com.certicom.tls.record.handshake.ServerStateSentHelloDone.handle(Unknown Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
      at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
      at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown Source)
      at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
      at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
      at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
      >
      <13-Sep-2004 12:27:16 o'clock BST> <Debug> <TLS> <000000> <write ALERT offset = 0 length = 2>
      <13-Sep-2004 12:27:16 o'clock BST> <Debug> <TLS> <000000> <close(): 20298077>
      <13-Sep-2004 12:27:16 o'clock BST> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 20935029>

      The contents of the server-side keystore is:
      Keystore type: jks
      Keystore provider: SUN

      Your keystore contains 2 entries

      secureserver, 13-Sep-2004, keyEntry,
      Certificate fingerprint (MD5): 9B:35:81:5D:4F:3D:72:EA:12:B4:5C:59:8A:C6:36:A5
      secureclient, 13-Sep-2004, trustedCertEntry,
      Certificate fingerprint (MD5): D2:C1:47:A1:68:E1:42:6A:84:36:40:A2:89:E1:60:8B

      The contents of the client-side keystore is:
      Keystore type: jks
      Keystore provider: SUN

      Your keystore contains 2 entries

      secureserver, 13-Sep-2004, trustedCertEntry,
      Certificate fingerprint (MD5): 9B:35:81:5D:4F:3D:72:EA:12:B4:5C:59:8A:C6:36:A5
      secureclient, 13-Sep-2004, keyEntry,
      Certificate fingerprint (MD5): D2:C1:47:A1:68:E1:42:6A:84:36:40:A2:89:E1:60:8B

      Any help on this would be highly appreciated.
      Thanks in advance.

      Regards,
      Nirupama Srivastava
        • 1. Re: Error CERT_CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED
          666705
          Hello All,
          Iam getting the following error
          ..........
          <Dec 13, 2004 2:50:32 PM CST> <Debug> <TLS> <000000> <Validation error = 20>
          <Dec 13, 2004 2:50:32 PM CST> <Debug> <TLS> <000000> <Certificate chain is incomplete>
          <Dec 13, 2004 2:50:32 PM CST> <Debug> <TLS> <000000> <Certificate chain is untrusted>
          <Dec 13, 2004 2:50:32 PM CST> <Debug> <TLS> <000000> <SSLTrustValidator returns: 20>
          <Dec 13, 2004 2:50:32 PM CST> <Debug> <TLS> <000000> <Trust status (20): CERT_CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED>
          <Dec 13, 2004 2:50:32 PM CST> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls.record.alert.Alert@192c8d9 Severity: 2 Ty
          : 42
          java.lang.Throwable: Stack trace
          at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:245)
          at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
          at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
          at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
          at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
          at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
          at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
          at com.certicom.tls.record.WriteHandler.write(Unknown Source)
          at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
          at java.io.BufferedOutputStream.flush(Unknown Source)
          at java.io.FilterOutputStream.flush(Unknown Source)
          at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:97)
          at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:284)
          at java.net.HttpURLConnection.getResponseCode(Unknown Source)
          at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:662)
          at org.diabetes.phd.services.SSLClient.tryConnection(SSLClient.java:81)
          at org.diabetes.phd.services.SSLClient.wlsURLConnect(SSLClient.java:126)
          at org.diabetes.phd.services.SSLClient.main(SSLClient.java:36)
          >
          <Dec 13, 2004 2:50:32 PM CST> <Debug> <TLS> <000000> <write ALERT offset = 0 length = 2>
          <Dec 13, 2004 2:50:32 PM CST> <Debug> <TLS> <000000> <close(): 27692793>
          <Dec 13, 2004 2:50:32 PM CST> <Debug> <TLS> <000000> <Exception during handshake, stack trace follows
          javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
          at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
          at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
          at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
          at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
          at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
          at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
          at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
          at com.certicom.tls.record.WriteHandler.write(Unknown Source)
          at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
          at java.io.BufferedOutputStream.flush(Unknown Source)
          at java.io.FilterOutputStream.flush(Unknown Source)
          at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:97)
          at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:284)
          at java.net.HttpURLConnection.getResponseCode(Unknown Source)
          at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:662)
          at org.diabetes.phd.services.SSLClient.tryConnection(SSLClient.java:81)
          at org.diabetes.phd.services.SSLClient.wlsURLConnect(SSLClient.java:126)
          at org.diabetes.phd.services.SSLClient.main(SSLClient.java:36)
          >
          <Dec 13, 2004 2:50:32 PM CST> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls.record.alert.Alert@16acdd1 Severity: 2 Ty
          : 40
          java.lang.Throwable: Stack trace
          at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:245)
          at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
          at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
          at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
          at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
          at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
          at com.certicom.tls.record.WriteHandler.write(Unknown Source)
          at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
          at java.io.BufferedOutputStream.flush(Unknown Source)
          at java.io.FilterOutputStream.flush(Unknown Source)
          at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:97)
          at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:284)
          at java.net.HttpURLConnection.getResponseCode(Unknown Source)
          at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:662)
          at org.diabetes.phd.services.SSLClient.tryConnection(SSLClient.java:81)
          at org.diabetes.phd.services.SSLClient.wlsURLConnect(SSLClient.java:126)
          at org.diabetes.phd.services.SSLClient.main(SSLClient.java:36)
          >
          <Dec 13, 2004 2:50:32 PM CST> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 23894119>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 15623809>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <SSLIOContextTable.findContext(is): 25934938>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <write SSL_20_RECORD>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <isMuxerActivated: false>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <3083761 readRecord()>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <3083761 received HANDSHAKE>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <isMuxerActivated: false>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <3083761 readRecord()>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <3083761 received HANDSHAKE>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <Performing hostname validation checks: grid.slacker.com>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> <validationCallback: validateErr = 20>
          <Dec 13, 2004 2:50:33 PM CST> <Debug> <TLS> <000000> < cert[0] = [[
          ...................

          java.lang.Throwable: Stack trace
          at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:245)
          at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
          at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
          at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
          at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
          at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
          at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
          at com.certicom.tls.record.WriteHandler.write(Unknown Source)
          at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
          at java.io.BufferedOutputStream.flush(Unknown Source)
          at java.io.FilterOutputStream.flush(Unknown Source)
          at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:97)
          at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:284)
          at weblogic.net.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:527)
          at java.net.HttpURLConnection.getResponseCode(Unknown Source)
          at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:662)
          at org.diabetes.phd.services.SSLClient.tryConnection(SSLClient.java:81)
          at org.diabetes.phd.services.SSLClient.wlsURLConnect(SSLClient.java:126)
          at org.diabetes.phd.services.SSLClient.main(SSLClient.java:36)
          >
          <Dec 13, 2004 2:50:36 PM CST> <Debug> <TLS> <000000> <write ALERT offset = 0 length = 2>
          <Dec 13, 2004 2:50:36 PM CST> <Debug> <TLS> <000000> <close(): 9717476>
          <Dec 13, 2004 2:50:36 PM CST> <Debug> <TLS> <000000> <Exception during handshake, stack trace follows
          javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
          at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
          at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
          at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
          at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
          at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
          at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
          at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
          at com.certicom.tls.record.WriteHandler.write(Unknown Source)
          at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
          at java.io.BufferedOutputStream.flush(Unknown Source)
          at java.io.FilterOutputStream.flush(Unknown Source)
          at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:97)
          at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:284)
          at weblogic.net.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:527)
          at java.net.HttpURLConnection.getResponseCode(Unknown Source)
          at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:662)
          at org.diabetes.phd.services.SSLClient.tryConnection(SSLClient.java:81)
          at org.diabetes.phd.services.SSLClient.wlsURLConnect(SSLClient.java:126)
          at org.diabetes.phd.services.SSLClient.main(SSLClient.java:36)
          >
          <Dec 13, 2004 2:50:36 PM CST> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls.record.alert.Alert@7cbde6 Severity: 2 Type:
          40
          java.lang.Throwable: Stack trace
          at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:245)
          at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
          at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
          at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
          at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
          at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
          at com.certicom.tls.record.WriteHandler.write(Unknown Source)
          at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
          at java.io.BufferedOutputStream.flush(Unknown Source)
          at java.io.FilterOutputStream.flush(Unknown Source)
          at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:97)
          at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:284)
          at weblogic.net.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:527)
          at java.net.HttpURLConnection.getResponseCode(Unknown Source)
          at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:662)
          at org.diabetes.phd.services.SSLClient.tryConnection(SSLClient.java:81)
          at org.diabetes.phd.services.SSLClient.wlsURLConnect(SSLClient.java:126)
          at org.diabetes.phd.services.SSLClient.main(SSLClient.java:36)
          >
          Write Channel Closed, possible SSL handshaking or trust failurejava.io.IOException: Write Channel Closed, possible SSL handsh
          aking or trust failure
          at com.certicom.tls.record.WriteHandler.write(Unknown Source)
          at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
          at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
          at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
          at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
          at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
          at com.certicom.tls.record.WriteHandler.write(Unknown Source)
          at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
          at java.io.BufferedOutputStream.flush(Unknown Source)
          at java.io.FilterOutputStream.flush(Unknown Source)
          at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:97)
          at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:284)
          at java.net.HttpURLConnection.getResponseCode(Unknown Source)
          at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:662)
          at org.diabetes.phd.services.SSLClient.tryConnection(SSLClient.java:81)
          at org.diabetes.phd.services.SSLClient.wlsURLConnect(SSLClient.java:126)
          at org.diabetes.phd.services.SSLClient.main(SSLClient.java:36)
          Can anyone help?
          Thanks in advance
          sheets
          • 2. Re: Error CERT_CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED
            666705
            Your ssl client is not configured to trust the server identity certificate. You can use these command line properties to make it trust certs from a jks keystore:
            -Dweblogic.security.TrustKeyStore=CustomTrust
            -Dweblogic.security.CustomTrustKeyStoreFileName=<ks_file>

            Pavel.
            • 3. Re: Error CERT_CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED
              666705
              Hello,
              Thanks for the prompt reply. Am using the "cacerts" keystore from WL-HOME\server\lib. It doesnt help...Below is the weblogic startup file , the error and Code. Am I missiing something ! I would really appreciate any help on this.

              ---------------START UP---------------
              C:\bea\user_projects\adadomain>"C:\bea\jdk131_06\bin\java" -server -Xmx384m -Dweblogic.security.TrustKeyStore=CustomTrust -Dw
              eblogic.security.CustomTrustKeyStoreFileName=C:\bea\weblogic700\server\lib\cacerts -Dssl.debug=true -Dweblogic.StdoutDebugEna
              bled=true -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.SSL.enforceConstraints=false -Dweblogic
              .webservice.client.ssl.strictcertchecking=false -Dweblogic.webservice.client.verbose=true -Dweblogic.StdoutDebugEnabled=true
              -Dweblogic.Name=adaserver -Dbea.home="C:\bea" -Dweblogic.management.username=system -Dweblogic.management.password=diabetes.o
              rg -Dweblogic.ProductionModeEnabled=false -Dweblogic.management.discover=false -Djava.security.policy="C:\bea\weblogic700\ser
              ver\lib\weblogic.policy" -Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,address=7654,suspend=n,server=
              y weblogic.Server
              Starting WebLogic Server...
              <Dec 14, 2004 12:19:00 PM CST> <Debug> <TLS> <000000> <Enabled muxing IO for SSL in server>
              <Dec 14, 2004 12:19:04 PM CST> <Notice> <Management> <140005> <Loading configuration C:\bea\user_projects\adadomain\.\config.
              xml>
              <Dec 14, 2004 12:19:21 PM CST> <Debug> <TLS> <000000> <SSLManager(server=adaserver, realm=myrealm)>
              <Dec 14, 2004 12:19:21 PM CST> <Notice> <Security> <090082> <Security initializing using realm myrealm.>
              <Dec 14, 2004 12:19:21 PM CST> <Notice> <WebLogicServer> <000327> <Starting WebLogic Admin Server "adaserver" for domain "ada
              domain">
              <Dec 14, 2004 12:20:52 PM CST> <Warning> <HTTP> <101247> <C:\bea\user_projects\adadomain\applications\vgs: Public ID referenc
              es the old version of Servlet DTD. Please, change the public ID in web.xml file to "-//Sun Microsystems, Inc.//DTD Web Applic
              ation 2.3//EN".>
              <Dec 14, 2004 12:20:55 PM CST> <Warning> <HTTP> <101247> <C:\bea\user_projects\adadomain\applications\annualmeeting: Public I
              D references the old version of Servlet DTD. Please, change the public ID in web.xml file to "-//Sun Microsystems, Inc.//DTD
              Web Application 2.3//EN".>
              <Dec 14, 2004 12:21:36 PM CST> <Notice> <Management> <141052> <Application Poller started for development server.>

              JSpell 2.0b HTML Servlet
              Instance: com.wallstreetwise.app.jspell.domain.net.JSpellServlet@32468a
              Copyright (c) 1999 Wall Street Wise Software, Inc.
              http://www.thesolutioncafe.com/jspell.html
              MAY NOT BE REDISTRIBUTED - LICENSED FOR USE ON ONE MACHINE ONLY

              JSpell 2.0b HTML Servlet
              Instance: com.wallstreetwise.app.jspell.domain.net.JSpellServlet@18188d
              Copyright (c) 1999 Wall Street Wise Software, Inc.
              http://www.thesolutioncafe.com/jspell.html
              MAY NOT BE REDISTRIBUTED - LICENSED FOR USE ON ONE MACHINE ONLY

              JSpell 2.0b HTML Servlet
              Instance: com.wallstreetwise.app.jspell.domain.net.JSpellServlet@73e277
              Copyright (c) 1999 Wall Street Wise Software, Inc.
              http://www.thesolutioncafe.com/jspell.html
              MAY NOT BE REDISTRIBUTED - LICENSED FOR USE ON ONE MACHINE ONLY

              JSpell 2.0b HTML Servlet
              Instance: com.wallstreetwise.app.jspell.domain.net.JSpellServlet@1921ca
              Copyright (c) 1999 Wall Street Wise Software, Inc.
              http://www.thesolutioncafe.com/jspell.html
              MAY NOT BE REDISTRIBUTED - LICENSED FOR USE ON ONE MACHINE ONLY

              JSpell 2.0b HTML Servlet
              Instance: com.wallstreetwise.app.jspell.domain.net.JSpellServlet@798a6c
              Copyright (c) 1999 Wall Street Wise Software, Inc.
              http://www.thesolutioncafe.com/jspell.html
              MAY NOT BE REDISTRIBUTED - LICENSED FOR USE ON ONE MACHINE ONLY

              JSpell 2.0b HTML Servlet
              Instance: com.wallstreetwise.app.jspell.domain.net.JSpellServlet@54c945
              Copyright (c) 1999 Wall Street Wise Software, Inc.
              http://www.thesolutioncafe.com/jspell.html
              MAY NOT BE REDISTRIBUTED - LICENSED FOR USE ON ONE MACHINE ONLY

              JSpell 2.0b HTML Servlet
              Instance: com.wallstreetwise.app.jspell.domain.net.JSpellServlet@4d0354
              Copyright (c) 1999 Wall Street Wise Software, Inc.
              http://www.thesolutioncafe.com/jspell.html
              MAY NOT BE REDISTRIBUTED - LICENSED FOR USE ON ONE MACHINE ONLY

              JSpell 2.0b HTML Servlet
              Instance: com.wallstreetwise.app.jspell.domain.net.JSpellServlet@317471
              Copyright (c) 1999 Wall Street Wise Software, Inc.
              http://www.thesolutioncafe.com/jspell.html
              MAY NOT BE REDISTRIBUTED - LICENSED FOR USE ON ONE MACHINE ONLY

              JSpell 2.0b HTML Servlet
              Instance: com.wallstreetwise.app.jspell.domain.net.JSpellServlet@53bd20
              Copyright (c) 1999 Wall Street Wise Software, Inc.
              http://www.thesolutioncafe.com/jspell.html
              MAY NOT BE REDISTRIBUTED - LICENSED FOR USE ON ONE MACHINE ONLY

              JSpell 2.0b HTML Servlet
              Instance: com.wallstreetwise.app.jspell.domain.net.JSpellServlet@2587bc
              Copyright (c) 1999 Wall Street Wise Software, Inc.
              http://www.thesolutioncafe.com/jspell.html
              MAY NOT BE REDISTRIBUTED - LICENSED FOR USE ON ONE MACHINE ONLY
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <No JCE support for algorithm ECDSA, class java.security.Signature>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <JCE support for algorithm SHA1withDSA, class java.security.Signature u
              sing provider SUN version 1.2>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <JCE support for algorithm MD5withRSA, class java.security.Signature us
              ing provider SunRsaSign version 1.0>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <JCE support for algorithm SHA1withRSA, class java.security.Signature u
              sing provider SunRsaSign version 1.0>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <JCE support for algorithm MD2withRSA, class java.security.Signature us
              ing provider SunRsaSign version 1.0>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <JCE support for algorithm SHA, class java.security.MessageDigest using
              provider SUN version 1.2>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <JCE support for algorithm MD5, class java.security.MessageDigest using
              provider SUN version 1.2>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <No JCE support for algorithm NullMac, class javax.crypto.Mac>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <No JCE support for algorithm HmacSHA1, class javax.crypto.Mac>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <No JCE support for algorithm HmacMD5, class javax.crypto.Mac>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <No JCE support for algorithm DES/CBC/NoPadding, class javax.crypto.Cip
              her>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <No JCE support for algorithm DESede/CBC/NoPadding, class javax.crypto.
              Cipher>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <No JCE support for algorithm DESede/ECB/NoPadding, class javax.crypto.
              Cipher>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <No JCE support for algorithm RC4, class javax.crypto.Cipher>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <No JCE support for algorithm RSA/ECB/PKCS1Padding, class javax.crypto.
              Cipher>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <No JCE support for algorithm RSA/ECB/NoPadding, class javax.crypto.Cip
              her>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <No JCE support for algorithm Anonymous, class javax.crypto.KeyAgreemen
              t>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <No JCE support for algorithm ECDH, class javax.crypto.KeyAgreement>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <No JCE support for algorithm DiffieHellman, class javax.crypto.KeyAgre
              ement>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <No JCE support for algorithm RSA, class javax.crypto.KeyAgreement>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> < provider[0] - SUN>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> < SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 d
              igests; SecureRandom; X.509 certificates; JKS keystore)>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> < provider[1] - SunRsaSign>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> < SUN's provider for RSA signatures>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <ECDSA | java.security.Signature | USEHARDWIRED>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <SHA | java.security.MessageDigest | USEJCE | SUN version 1.2>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <RC4 | javax.crypto.Cipher | USEHARDWIRED>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <MD2withRSA | java.security.Signature | USEJCE | SunRsaSign version 1.0
              >
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <RSA | javax.crypto.KeyAgreement | USEHARDWIRED>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <RSA/ECB/NoPadding | javax.crypto.Cipher | USEHARDWIRED>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <RSA/ECB/PKCS1Padding | javax.crypto.Cipher | USEHARDWIRED>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <DiffieHellman | javax.crypto.KeyAgreement | USEHARDWIRED>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <SHA1withRSA | java.security.Signature | USEJCE | SunRsaSign version 1.
              0>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <DESede/CBC/NoPadding | javax.crypto.Cipher | USEHARDWIRED>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <DES/CBC/NoPadding | javax.crypto.Cipher | USEHARDWIRED>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <SHA1withDSA | java.security.Signature | USEJCE | SUN version 1.2>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <NullMac | javax.crypto.Mac | USEHARDWIRED>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <MD5 | java.security.MessageDigest | USEJCE | SUN version 1.2>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <HmacSHA1 | javax.crypto.Mac | USEHARDWIRED>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <MD5withRSA | java.security.Signature | USEJCE | SunRsaSign version 1.0
              >
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <DESede/ECB/NoPadding | javax.crypto.Cipher | USEHARDWIRED>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <Anonymous | javax.crypto.KeyAgreement | USEHARDWIRED>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <HmacMD5 | javax.crypto.Mac | USEHARDWIRED>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <ECDH | javax.crypto.KeyAgreement | USEHARDWIRED>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <JCE used for some SSL = false>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <jsafeJCE used for some SSL = false>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <Crypto to use for RSA is USEHARDWIRED>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <usingJCE = false>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <usingJsafeJCE = false>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <SSL/Export license found>
              <Dec 14, 2004 12:21:44 PM CST> <Debug> <TLS> <000000> <Certicom SSL license found>
              <Dec 14, 2004 12:21:45 PM CST> <Debug> <TLS> <000000> <Weblogic license is export limited>
              <Dec 14, 2004 12:21:47 PM CST> <Debug> <TLS> <000000> <SSLListenThread.getSSLManager()>
              <Dec 14, 2004 12:21:47 PM CST> <Debug> <TLS> <000000> <SSLManager: getting server private key>
              <Dec 14, 2004 12:21:47 PM CST> <Debug> <TLS> <000000> <SSLManager.getService(KEYMANAGER)>
              <Dec 14, 2004 12:21:47 PM CST> <Debug> <TLS> <000000> <SSLManager.getServerPrivateKey(): key alias: null>
              <Dec 14, 2004 12:21:47 PM CST> <Warning> <Security> <090088> <Private key keystore alias is not specified in SSL configuratio
              n of server adaserver, realm myrealm. Assuming 6.x private key configuration. Loading the key from file.>
              <Dec 14, 2004 12:21:47 PM CST> <Debug> <TLS> <000000> <Using 6.x configuration for SSL Server PrivateKey>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <SSLManager.getServerCertificate()>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Server identity successfully loaded>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <SSLManager.getService(KEYMANAGER)>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <SSLManager, getting trusted CAs from TrustedCAFile: trusted-ca.pem>
              <Dec 14, 2004 12:21:48 PM CST> <Warning> <Security> <090120> <Cannot find the file specified by SSL.TrustedCAFileName trusted
              -ca.pem on server adaserver.>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Cannot find the specified trusted CA file trusted-ca.pem>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <SSLManager, getting trusted CAs from default key store: C:/bea/weblogi
              c700/server\lib\cacerts>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 0
              Issuer:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freema
              il CA, EMAIL=personal-freemail@thawte.com
              Subject:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freem
              ail CA, EMAIL=personal-freemail@thawte.com
              Not Valid Before:Sun Dec 31 18:00:00 CST 1995
              Not Valid After:Thu Dec 31 17:59:59 CST 2020
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 0
              Issuer:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic
              CA, EMAIL=personal-basic@thawte.com
              Subject:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic
              CA, EMAIL=personal-basic@thawte.com
              Not Valid Before:Sun Dec 31 18:00:00 CST 1995
              Not Valid After:Thu Dec 31 17:59:59 CST 2020
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 69042098805081595651034369680212310004
              Issuer:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=CACERT
              Subject:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=CACERT
              Not Valid Before:Thu Mar 21 14:12:27 CST 2002
              Not Valid After:Tue Mar 22 14:12:27 CST 2022
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 303889516662913207929516869807881060914
              Issuer:C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
              Subject:C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
              Not Valid Before:Sun Jan 28 18:00:00 CST 1996
              Not Valid After:Wed Jan 07 17:59:59 CST 2004
              Signature Algorithm:MD2withRSA
              >
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 0
              Issuer:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority Constraints, EMAIL=se
              curity@bea.com
              Subject:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority Constraints, EMAIL=s
              ecurity@bea.com
              Not Valid Before:Fri Nov 01 14:02:11 CST 2002
              Not Valid After:Mon Oct 16 15:02:11 CDT 2006
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 0
              Issuer:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premiu
              m CA, EMAIL=personal-premium@thawte.com
              Subject:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premi
              um CA, EMAIL=personal-premium@thawte.com
              Not Valid Before:Sun Dec 31 18:00:00 CST 1995
              Not Valid After:Thu Dec 31 17:59:59 CST 2020
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 1
              Issuer:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, E
              MAIL=server-certs@thawte.com
              Subject:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA,
              EMAIL=server-certs@thawte.com
              Not Valid Before:Wed Jul 31 19:00:00 CDT 1996
              Not Valid After:Thu Dec 31 17:59:59 CST 2020
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 11374952449
              Issuer:C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority
              Subject:C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority
              Not Valid Before:Sun Jan 28 18:00:00 CST 1996
              Not Valid After:Fri Dec 31 17:59:59 CST 1999
              Signature Algorithm:MD2withRSA
              >
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 46914133237969612308202465797198785159
              Issuer:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=CertGenCAB
              Subject:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=CertGenCAB
              Not Valid Before:Thu Oct 24 10:54:45 CDT 2002
              Not Valid After:Tue Oct 25 10:54:45 CDT 2022
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 0
              Issuer:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority, EMAIL=security@bea.c
              om
              Subject:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority, EMAIL=security@bea.
              com
              Not Valid Before:Tue May 30 16:10:46 CDT 2000
              Not Valid After:Fri May 14 16:10:46 CDT 2004
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 0
              Issuer:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority, EMAIL=support@bea.co
              m
              Subject:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority, EMAIL=support@bea.c
              om
              Not Valid Before:Tue May 30 16:37:44 CDT 2000
              Not Valid After:Fri May 14 16:37:44 CDT 2004
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 0
              Issuer:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority, EMAIL=security@bea.c
              om
              Subject:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority, EMAIL=security@bea.
              com
              Not Valid Before:Tue May 30 16:10:46 CDT 2000
              Not Valid After:Fri May 14 16:10:46 CDT 2004
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 3558802160848854062232407011527417280
              Issuer:C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
              Subject:C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
              Not Valid Before:Tue Nov 08 18:00:00 CST 1994
              Not Valid After:Thu Jan 07 17:59:59 CST 2010
              Signature Algorithm:MD2withRSA
              >
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 66877834366059883438131495164510717989
              Issuer:C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
              Subject:C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
              Not Valid Before:Sun Jan 28 18:00:00 CST 1996
              Not Valid After:Tue Jan 07 17:59:59 CST 2020
              Signature Algorithm:MD2withRSA
              >
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 1
              Issuer:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Serv
              er CA, EMAIL=premium-server@thawte.com
              Subject:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Ser
              ver CA, EMAIL=premium-server@thawte.com
              Not Valid Before:Wed Jul 31 19:00:00 CDT 1996
              Not Valid After:Thu Dec 31 17:59:59 CST 2020
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 247707796720552617014179539775290315277
              Issuer:C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority
              Subject:C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority
              Not Valid Before:Sun Jan 28 18:00:00 CST 1996
              Not Valid After:Wed Jan 07 17:59:59 CST 2004
              Signature Algorithm:MD2withRSA
              >
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 0
              Issuer:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority Constraints, EMAIL=su
              pport@bea.com
              Subject:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority Constraints, EMAIL=s
              upport@bea.com
              Not Valid Before:Fri Nov 01 14:02:22 CST 2002
              Not Valid After:Mon Oct 16 15:02:22 CDT 2006
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Checking certificate chain, 1 certs>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> <Cipher suites enabled:>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> < TLS_RSA_WITH_DES_CBC_SHA>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> < TLS_RSA_EXPORT1024_WITH_RC4_56_SHA>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> < TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> < TLS_RSA_EXPORT_WITH_RC4_40_MD5>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> < TLS_RSA_EXPORT_WITH_DES40_CBC_SHA>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> < TLS_RSA_EXPORT_WITH_DES_40_CBC_SHA>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> < TLS_RSA_WITH_NULL_MD5>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> < TLS_RSA_WITH_NULL_SHA>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> < TLS_DH_anon_EXPORT_WITH_RC4_40_MD5>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> < TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA>
              <Dec 14, 2004 12:21:48 PM CST> <Debug> <TLS> <000000> < TLS_DH_anon_EXPORT_WITH_DES_40_CBC_SHA>
              <Dec 14, 2004 12:21:49 PM CST> <Notice> <WebLogicServer> <000331> <Started WebLogic Admin Server "adaserver" for domain "adad
              omain" running in Development Mode>
              <Dec 14, 2004 12:21:50 PM CST> <Notice> <WebLogicServer> <000355> <Thread "SSLListenThread.Default" listening on port 443, ip
              address 10.100.10.100>
              <Dec 14, 2004 12:21:50 PM CST> <Notice> <WebLogicServer> <000355> <Thread "ListenThread.Default" listening on port 80, ip add
              ress 10.100.10.100>
              <Dec 14, 2004 12:21:50 PM CST> <Notice> <WebLogicServer> <000365> <Server state changed to RUNNING>
              <Dec 14, 2004 12:21:50 PM CST> <Notice> <WebLogicServer> <000360> <Server started in RUNNING mode>

              ------------ERROR------------------

              <Dec 14, 2004 12:24:15 PM CST> <Debug> <TLS> <000000> <Weblogic license is export limited>
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <SSLSetup: loading trusted CA certificates>
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <SSLManager.getService(KEYMANAGER)>
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <SSLManager, getting trusted CAs from TrustedCAFile: trusted-ca.pem>
              <Dec 14, 2004 12:24:17 PM CST> <Warning> <Security> <090120> <Cannot find the file specified by SSL.TrustedCAFileName trusted
              -ca.pem on server adaserver.>
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <Cannot find the specified trusted CA file trusted-ca.pem>
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <SSLManager, getting trusted CAs from default key store: C:/bea/weblogi
              c700/server\lib\cacerts>
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 0
              Issuer:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freema
              il CA, EMAIL=personal-freemail@thawte.com
              Subject:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freem
              ail CA, EMAIL=personal-freemail@thawte.com
              Not Valid Before:Sun Dec 31 18:00:00 CST 1995
              Not Valid After:Thu Dec 31 17:59:59 CST 2020
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 0
              Issuer:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic
              CA, EMAIL=personal-basic@thawte.com
              Subject:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic
              CA, EMAIL=personal-basic@thawte.com
              Not Valid Before:Sun Dec 31 18:00:00 CST 1995
              Not Valid After:Thu Dec 31 17:59:59 CST 2020
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 69042098805081595651034369680212310004
              Issuer:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=CACERT
              Subject:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=CACERT
              Not Valid Before:Thu Mar 21 14:12:27 CST 2002
              Not Valid After:Tue Mar 22 14:12:27 CST 2022
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 303889516662913207929516869807881060914
              Issuer:C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
              Subject:C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
              Not Valid Before:Sun Jan 28 18:00:00 CST 1996
              Not Valid After:Wed Jan 07 17:59:59 CST 2004
              Signature Algorithm:MD2withRSA
              >
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 0
              Issuer:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority Constraints, EMAIL=se
              curity@bea.com
              Subject:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority Constraints, EMAIL=s
              ecurity@bea.com
              Not Valid Before:Fri Nov 01 14:02:11 CST 2002
              Not Valid After:Mon Oct 16 15:02:11 CDT 2006
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 0
              Issuer:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premiu
              m CA, EMAIL=personal-premium@thawte.com
              Subject:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premi
              um CA, EMAIL=personal-premium@thawte.com
              Not Valid Before:Sun Dec 31 18:00:00 CST 1995
              Not Valid After:Thu Dec 31 17:59:59 CST 2020
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 1
              Issuer:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, E
              MAIL=server-certs@thawte.com
              Subject:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA,
              EMAIL=server-certs@thawte.com
              Not Valid Before:Wed Jul 31 19:00:00 CDT 1996
              Not Valid After:Thu Dec 31 17:59:59 CST 2020
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 11374952449
              Issuer:C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority
              Subject:C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority
              Not Valid Before:Sun Jan 28 18:00:00 CST 1996
              Not Valid After:Fri Dec 31 17:59:59 CST 1999
              Signature Algorithm:MD2withRSA
              >
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 46914133237969612308202465797198785159
              Issuer:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=CertGenCAB
              Subject:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=CertGenCAB
              Not Valid Before:Thu Oct 24 10:54:45 CDT 2002
              Not Valid After:Tue Oct 25 10:54:45 CDT 2022
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 0
              Issuer:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority, EMAIL=security@bea.c
              om
              Subject:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority, EMAIL=security@bea.
              com
              Not Valid Before:Tue May 30 16:10:46 CDT 2000
              Not Valid After:Fri May 14 16:10:46 CDT 2004
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 0
              Issuer:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority, EMAIL=support@bea.co
              m
              Subject:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority, EMAIL=support@bea.c
              om
              Not Valid Before:Tue May 30 16:37:44 CDT 2000
              Not Valid After:Fri May 14 16:37:44 CDT 2004
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 0
              Issuer:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority, EMAIL=security@bea.c
              om
              Subject:C=US, ST=California, L=San Francisco, O=BEA WebLogic, OU=Security, CN=Demo Certificate Authority, EMAIL=security@bea.
              com
              Not Valid Before:Tue May 30 16:10:46 CDT 2000
              Not Valid After:Fri May 14 16:10:46 CDT 2004
              Signature Algorithm:MD5withRSA
              >
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 3558802160848854062232407011527417280
              Issuer:C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
              Subject:C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
              Not Valid Before:Tue Nov 08 18:00:00 CST 1994
              Not Valid After:Thu Jan 07 17:59:59 CST 2010
              Signature Algorithm:MD2withRSA
              >
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 66877834366059883438131495164510717989
              Issuer:C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
              Subject:C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
              Not Valid Before:Sun Jan 28 18:00:00 CST 1996
              Not Valid After:Tue Jan 07 17:59:59 CST 2020
              Signature Algorithm:MD2withRSA
              >
              <Dec 14, 2004 12:24:17 PM CST> <Debug> <TLS> <000000> <Trusted CA: Serial number: 1
              Issuer:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Serv
              er CA, EMAIL=premium-server@thawte.com
              Subject:C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=
              • 4. Re: Error CERT_CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED
                666705
                I've assumed you were running on 8.1 The property for setting trusted CA keystore in 7.0 is
                -Dweblogic.security.SSL.trustedCAkeystore=<ks_file>
                Or, in case of an SSL client running on server, you do not need to set this, since it will use the server trust configuration by default. This applies to the URL api you use. See http://e-docs.bea.com/wls/docs70/secmanage/ssl.html for more info about configuring the server.

                In case of webservices API the property is:
                -Dweblogic.webservice.client.ssl.trustedcertfile=<certfile>
                Or you can configure trust programmatically with adapter.setTrustedCertifcatesFile() method. See http://e-docs.bea.com/wls/docs70/webserv/security.html for more info.

                Whichever api you use make sure the client trusted certificates contain a CA certificate that issued the server identity certificate.

                Pavel.
                • 5. Re: Error CERT_CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED
                  666705
                  Thanks a lot. That really helped.