`
happyqing
  • 浏览: 3158234 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

weblogic 12c 修改计算机名报证书错误javax.net.ssl.SSLKeyException

weblogic证书SSLKeyException 
阅读更多

 

控制台报错
<2013-9-30 上午07时11分32秒 CST> <Warning> <Security> <BEA-090504> <Certificate chain received from localhost - 127.0.0.1 failed hostname verification check.

Certificate contained dev but check expectedocalhost>

 

计算机--监视--节点管理器状态
javax.net.ssl.SSLKeyException

 

解决办法,(似乎用方法1就可以了)

1.修改adminserver的ssl默认参数Hostname Verification:None
2.startWeblogic.cmd中追加:
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dweblogic.security.SSL.ignoreHostnameVerification=true

真正引起这个问题的原因是:在私钥(private key)中使用的Common Name并不是真正的Server Name,因此在验证hostname的时候会出错

可以重新生产公钥和私钥

 

查看现有秘钥

第一句是设置环境变量

[root@dev2 bin]# $WL_HOME/server/bin/setWLSEnv.sh
[root@dev2 bin]# keytool -list -v -alias demoidentity -keystore DemoIdentity.jks
输入keystore密码:  DemoIdentityKeyStorePassPhrase
别名名称: demoidentity
创建日期: 2013-9-30
项类型: PrivateKeyEntry
认证链长度: 1
认证 [1]:
所有者:CN=dev2, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
签发人:CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
序列号:60aa71396da2248dd69da66d08087314
有效期: Sun Sep 29 06:58:34 CST 2013 至Sat Sep 30 06:58:34 CST 2028
证书指纹:
         MD5:D7:32:49:6C:16:61:51:48:6D:20:28:AC:BE:D1:62:DB
         SHA1:F5:E4:AA:C0:CA:16:0A:7D:49:F2:D0:0C:47:8C:E0:4A:7F:ED:F2:FD
         签名算法名称:MD5withRSA
         版本: 1

 

二。重建证书

 2. Recreate the Certificates - The recommended way.
Node manager by default uses the WebLogic demo identity keystore. The keystore is generated at install time using the CertGen utility. The generated private key uses the common name (cn) resolved by Java.

2.1 Set the PATH
. $WL_HOME/server/bin/setWLSEnv.sh

2.2 Backup DemoIdentity.jks under $WL_HOME/server/lib

2.3 Generate the private key.
java utils.CertGen -cn hostname -keyfilepass DemoIdentityPassPhrase -certfile newcert -keyfile newkey

2.4 Import the key generated above to the keystore.
java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile newkey.pem -keyfilepass DemoIdentityPassPhrase -certfile newcert.pem -alias demoidentity

2.5 Copy DemoIdentity.jks to $WL_HOME/server/lib

2.6 Restart your nodemanager.

 ---------------------------------------------------------

 

把weblogic.jar加入环境变量,

export CLASSPATH=/u01/app/Middleware/wlserver_12.1/server/lib/weblogic.jar

要不会报::java.lang.ClassNotFoundException: utils.CertGen

 

[oracle@dev2 bin]$ export CLASSPATH=/u01/app/Middleware/wlserver_12.1/server/lib/weblogic.jar
[oracle@dev2 bin]$ java utils.CertGen -cn dev2 -keyfilepass DemoIdentityPassPhrase -certfile mycert -keyfile mykey
Generating a certificate with common name dev2 and key strength 1024
issued by CA with certificate from /u01/app/Middleware/wlserver_12.1/server/lib/CertGenCA.der file and key from

/u01/app/Middleware/wlserver_12.1/server/lib/CertGenCAKey.der file

 

[oracle@dev2 bin]$ java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile mykey.pem -keyfilepass DemoIdentityPassPhrase -certfile

mycert.pem -alias demoidentity

 

复制 $WL_HOME/server/bin/DemoIdentity.jks 下面的到$WL_HOME/server/lib

重启节点管理器。

 

分享到:
| web.xml 配置详解英文
评论
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

Magicbox
Global site tag (gtag.js) - Google Analytics