1 Reply Latest reply on May 22, 2003 11:20 AM by 3004

    CLIENT-CERT  SSL requirements causing no prompt from browser - can't connect in two-way ssl

    3004
      Hi,

      I can't get two-way SSL to force my client browser to prompt for a
      certificate to send to weblogic.

      The browser either returns a "can't connect" or nothing. It's as if the SSL
      ports refuse incoming connections
      all together if I "enforce client certifciates". The same happens if I have
      two-way SSL configured with the administration conosle on administration
      port - impossible to get to the console.

      My web application has the usual login-config and roles setup. One-way SSL
      works fine. Two-way SSL and all the SSL ports clam up. After switching on
      SSL debugging, I get the trace below when trying to connect.

      I have a certificate in my browser (both IE and mozilla) - but have yet to
      see any action.

      Anybody got this to work? WL 7 SP 2 on W2K. I'm using democert/key on
      server.

      Thanks
      Q

      Here is some of my config.xml
      <SSL ClientCertificateEnforced="false" Enabled="true"
      HostnameVerificationIgnored="true" ListenPort="8002"
      Name="adm" ServerCertificateChainFileName="ca.pem"
      ServerCertificateFileName="democert.pem"
      ServerKeyFileName="demokey.pem"
      ServerPrivateKeyAlias="myalias"
      ServerPrivateKeyPassPhrase="{3DES}RDRimcCbQTJBLGCLxRl9YQ=="
      TwoWaySSLEnabled="true"/>
      <ServerDebug Name="adm"/>


      <21-May-2003 18:03:17 BST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
      <21-May-2003 18:03:17 BST> <Debug> <TLS> <000000>
      <SSLIOContextTable.addContext(ctx): 15689116>
      <21-May-2003 18:03:17 BST> <Debug> <TLS> <000000> <SSLSocket will be Muxing>
      <21-May-2003 18:03:17 BST> <Debug> <TLS> <000000>
      <SSLIOContextTable.findContext(is): 16249230>
      <21-May-2003 18:03:18 BST> <Info> <WebLogicServer> <000213> <Adding address:
      10.0.10.10 to licensed client lis
      t>
      <21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <SSLFilter.isActivated:
      false>
      <21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <isMuxerActivated: false>
      <21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <SSLFilter.isActivated:
      false>
      <21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <22124570 readRecord()>
      <21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <22124570 received
      SSL_20_RECORD>
      <21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE:
      ClientHelloV2>
      <21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <write HANDSHAKE offset =
      0 length = 58>
      <21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <write HANDSHAKE offset =
      0 length = 499>
      <21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <Exception during
      handshake, stack trace follows
      java.lang.ArrayStoreException
      at java.lang.System.arraycopy(Native Method)
      at java.util.Vector.copyInto(Vector.java:162)
      at
      com.certicom.tls.record.handshake.ServerStateNoHandshake.handle(Unknown
      Source)
      at
      com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
      known Source)
      at
      com.certicom.tls.record.handshake.HandshakeHandler.handleVersion2HandshakeMe
      ssages(Unknown Source)
      at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
      Source)
      at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
      at
      com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
      Source)
      at
      com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
      Source)
      at
      com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(U
      nknown Source)
      at
      weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:399)
      at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
      at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
      >
      <21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <NEW ALERT:
      com.certicom.tls.record.alert.Alert@159b25b Seve
      rity: 2 Type: 40
      java.lang.Throwable: Stack trace
      at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:245)
      at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
      at
      com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
      at
      com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
      known Source)
      at
      com.certicom.tls.record.handshake.HandshakeHandler.handleVersion2HandshakeMe
      ssages(Unknown Source)
      at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
      Source)
      at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
      at
      com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
      Source)
      at
      com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
      Source)
      at
      com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(U
      nknown Source)
      at
      weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:399)
      at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
      at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
      >
      <21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <write ALERT offset = 0
      length = 2>
      <21-May-2003 18:03:18 BST> <Debug> <TLS> <000000> <close(): 22124570>
      <21-May-2003 18:03:18 BST> <Debug> <TLS> <000000>
      <SSLIOContextTable.removeContext(ctx): 15689116>