Category: Weblogic Configuration

TSL error when calling a WebService over ssl/https

In one of my projects recently, even after importing the correct ssl certificates in the keystore (cacerts and DemoTrust.jks) on the weblogic server, when accessing the webservice over https gave an error. javax.xml.ws.WebServiceException: javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE alert received from example.com – 172.16.250.58. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hostname…

Read More »

Identity and Trust Keystores

When you configure SSL, you must decide how identity and trust will be stored. Although one keystore can be used for both identity and trust, Oracle recommends using separate keystores for both identity and trust because the identity keystore (private key/digital certificate pairs) and the trust keystore (trusted CA certificates) may have different security requirements. For example:

Read More »

How WebLogic Server Locates Trust

WebLogic Server uses the following algorithm when it loads its trusted CA certificates: If the keystore is specified by the -Dweblogic.security.SSL.trustedCAkeystore command-line argument, load the trusted CA certificates from that keystore. Else if the keystore is specified in the configuration file (config.xml), load trusted CA certificates from the specified keystore. If the server is configured with DemoTrust, trusted CA certificates…

Read More »

how to read cwallet.sso file

$MW_HOME/oracle_common/bin/orapki wallet display -wallet ~/cwallet.sso Sample: [oracle@wcsoa bin]$ ./orapki wallet display -wallet /webdata/Oracle/admin/wcsoadomain/aserver/wcsoadomain/config/fmwconfig/bootstrap/cwallet.sso Oracle PKI Tool : Version 11.1.1.7.0 Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved. Requested Certificates: User Certificates: Oracle Secret Store entries: BOOTSTRAP_JPS@#3#@bootstrap_9m1kYn8KpxCStfqBmSxQFhIXQHs= fks@#3#@current.key fks@#3#@master.key.0 fks@#3#@master.key.0.base64 IntegrityChecker@#3#@kss Trusted Certificates: Subject:        OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US Subject:        OU=Class 3 Public Primary Certification Authority,O=VeriSign\,…

Read More »