Sunday 15 May 2011

java - DemoIdentity DemoTrust keystores not working with standard SOAP client on Weblogic -



java - DemoIdentity DemoTrust keystores not working with standard SOAP client on Weblogic -

i have written soap client called within web application. uses spring's webservicegatewaysupport in turn uses standard java http(s)urlconnection. server connect requires both parties peer authentication. certificate private key. client works running test case using standard java keystore bootstrapping...

system.setproperty("javax.net.ssl.truststore", new file(cert).getabsolutepath()); system.setproperty("javax.net.ssl.truststorepassword", certpassword); system.setproperty("javax.net.ssl.keystore", new file(cert).getabsolutepath()); system.setproperty("javax.net.ssl.keystorepassword", certpassword);

the problem when effort utilize soap client within weblogic. have added key jrocket's cacerts, demotrust , demoidentity keystores. result though demoidentity , demotrust not applied. having loaded key cacerts, client trusts server. server gateway responds 403 forbidden, happens test case when trust store set, not keystore (identity).

keystores config

when configuring server custom keystore, go keystores tab , alter custom identity , java standard trust if key signed standard certificate authorization (this includes jdk's list of trusted cas). if self-signed, utilize custom identity , custom trust.

after saving, come in total path keystore, type (usually jks), , passphrase of keystore. same custom trust if required.

ssl config

having changed above, ssl tab allow specify custom identity. alter private key alias value used when importing private key keystore. if private key generated passphrase, fill in private key passphrase fields (note: not same keystore passphrase).

click advanced , tick use server certs option, tell weblogic utilize certificate , key configured above when performing outbound ssl calls.

after saving above options, weblogic tell "a restart not required". isn't true, you'll need restart server. if tail start-up logs, should see next indicate custom keystore beingness used:

<bea-090171> <loading identity certificate , private key stored under alias [your_alias] jks keystore file [path_to_your_keystore].>

weblogic may log following:

weblogic.security.customidentitykeystorefilename = /u01/app/oracle/middleware/weblogic/server/lib/demoidentity.jks

which erroneously indicates it's using default identity keystore start-up argument it's safe ignore long previous line logged.

java soap weblogic

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)