WebLogic 10.3のカスタム信頼およびカスタムIDキーストア
[〜#〜]質問[〜#〜]
WebLogic 10.3でカスタムトラストキーストアとカスタムIDキーストアを構成した後、WebLogic10.3が引き続きデモキーストアとJDKトラストストアをロードする理由を知っている人はいますか。
[〜#〜]説明[〜#〜]
WebLogicを起動し、 https://mysite.com/console を参照してログインし、[環境]-> [サーバー]-> [管理サーバー]-> [キーストア]に移動してキーストアを構成し、IDと信頼キーストアを設定します(どちらも同じキーストアです)。
WebLogicを停止し、${DOMAIN_HOME}/bin/startWebLogic.shを変更して次の行を含めます。
Java_OPTIONS="${Java_OPTIONS} -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true "
WebLogicを再起動します。
Nohup ${DOMAIN_HOME}/startWebLogic.sh &
tail -f Nohup.out
次の行は出力の一部です。
...Loading trusted certificates from the jks keystore file /opt/bea/wlserver_10.3/server/lib/DemoTrust.jks.>
...Loading trusted certificates from the jks keystore file /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts.>
追加情報
このWebLogicは、VMのクローンを作成してインストールされましたが、クローンの後でドメインをパックおよびアンパックしたため、ドーマンのホスト名は最新です。
${DOMAIN_HOME}/config/config.xmlファイルのキーストア、custom-trust-key-store-file-name、およびcustom-identity-key-store-file-nameエンティティには正しい値があります。
これと同じVM)から複製されたサーバーのいくつかは、期待どおりに機能しています。つまり、起動時に正しいキーストアをロードします。これらは、分散認証サーバーとOpenSSOサーバーです。問題のあるサーバーは、OpenSSOポリシーエージェントがインストールされているIdentityManagerサーバーです。
[〜#〜] log [〜#〜]
2つのデフォルトキーおよびトラストストアがカスタムキーおよびトラストストアの前にロードされることを示すAdminServer.logからの抜粋:注:Java_OPTIONSには-verbose:classおよび-Dssl.debug = trueが設定されています
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE KeyAgreement: SunPKCS11-Solaris version 1.6 for algorithm DiffieHellman>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default KeyAgreement for algorithm DiffieHellman>
[Loaded com.certicom.ecc.scheme.DH from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default KeyAgreement for algorithm ECDH>
[Loaded com.certicom.ecc.scheme.KeyAgreement from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
[Loaded com.certicom.ecc.scheme.ECDH from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
[Loaded com.certicom.ecc.scheme.KDF from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
[Loaded com.certicom.tls.provider.Cipher from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.NullCipher from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.ECCpresso_RC4 from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.des.ECCpresso_DESCBCNoPad from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.ECCpresso_AESCBCNoPad from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.JSAFE_RSA from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.cipher.ECCpresso_RSACipher from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.jce.WLCipher from file:/opt/bea/wlserver_10.3/server/lib/wlcipher.jar]
[Loaded Sun.security.pkcs11.P11Cipher from file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar]
[Loaded Sun.security.pkcs11.P11Cipher$Padding from file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede>
[Loaded com.certicom.ecc.scheme.DES from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DES/CBC/NoPadding>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DES>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm AES/CBC/NoPadding>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm AES>
[Loaded com.certicom.ecc.scheme.AES from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm RC4>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm RC4>
[Loaded com.certicom.ecc.scheme.ARC4 from file:/opt/bea/wlserver_10.3/server/lib/EccpressoCore.jar]
[Loaded com.Sun.crypto.provider.RSACipher from file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunjce_provider.jar]
[Loaded javax.crypto.spec.PSource from /usr/jdk/instances/jdk1.6.0/jre/lib/jce.jar]
[Loaded javax.crypto.spec.PSource$PSpecified from /usr/jdk/instances/jdk1.6.0/jre/lib/jce.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
[Loaded Java.util.regex.Pattern$BranchConn from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Java.util.regex.Pattern$Branch from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
[Loaded com.certicom.tls.interfaceimpl.CertificateSupport from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded Java.security.cert.CertificateParsingException from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Java.security.cert.CertificateNotYetValidException from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Java.security.cert.CertificateExpiredException from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded com.certicom.security.cert.internal.x509.X509V3CertImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.KeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.net.ssl.TrustManager from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.net.ssl.impl.TrustManagerImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.interfaceimpl.SessionDBImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSL Session TTL :90000>
[Loaded com.certicom.tls.interfaceimpl.ProtocolVersions from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.interfaceimpl.ProtocolVersion from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.SSLTrustValidator from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded Java.security.cert.CertificateEncodingException from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded weblogic.security.SSL.CertPathTrustManager from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.SSLWLSHostnameVerifier from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.SSLWLSHostnameVerifier$NullHostnameVerifier from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.SSLWLSHostnameVerifier$DefaultHostnameVerifier from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <DefaultHostnameVerifier: allowReverseDNS=false>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: using pre-mbean command line configuration for SSL trust>
[Loaded weblogic.security.utils.KeyStoreConfigurationHelper from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.PreMBeanKeyStoreConfiguration from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.KeyStoreInfo from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.KeyStoreConstants from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.SSLContextManager from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
<Jan 26, 2010 4:00:26 PM EST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/bea/wlserver_10.3/server/lib/DemoTrust.jks.>
[Loaded weblogic.jndi.ClientEnvironment from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.jndi.Environment from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded weblogic.security.utils.KeyStoreUtils from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded Java.security.KeyStoreSpi from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.security.provider.JavaKeyStore from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.security.provider.JavaKeyStore$JKS from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Java.security.DigestInputStream from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.security.provider.JavaKeyStore$TrustedCertEntry from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded weblogic.security.utils.SSLCertUtility from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded javax.security.cert.CertificateException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded javax.security.cert.CertificateEncodingException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded javax.net.ssl.SSLException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded javax.net.ssl.SSLPeerUnverifiedException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loaded 5 trusted CAs from /opt/bea/wlserver_10.3/server/lib/DemoTrust.jks>
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US; Issuer: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US>
... The Certs ....
<Jan 26, 2010 4:00:26 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US; Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US>
<Jan 26, 2010 4:00:26 PM EST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts.>
[Loaded Sun.security.x509.CRLDistributionPointsExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.security.x509.DistributionPoint from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.security.x509.URIName from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.security.x509.DNSName from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.security.x509.CertificatePoliciesExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.security.x509.PolicyInformation from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.security.x509.CertificatePolicyId from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Java.security.cert.PolicyQualifierInfo from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.security.x509.PrivateKeyUsageExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.reflect.GeneratedConstructorAccessor9 from __JVM_DefineClass__]
[Loaded Sun.reflect.GeneratedConstructorAccessor10 from __JVM_DefineClass__]
[Loaded Sun.security.x509.ExtendedKeyUsageExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.reflect.GeneratedConstructorAccessor11 from __JVM_DefineClass__]
[Loaded Sun.reflect.GeneratedConstructorAccessor12 from __JVM_DefineClass__]
[Loaded Sun.security.x509.IssuerAlternativeNameExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.security.x509.AuthorityInfoAccessExtension from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.security.x509.AccessDescription from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
<Jan 26, 2010 4:00:27 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loaded 76 trusted CAs from /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts>
... The 76 Certs ...
[Loaded Sun.nio.cs.ISO_8859_1$Decoder from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
<Jan 26, 2010 4:00:27 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US; Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
[Loaded com.certicom.security.asn1.ASN1ParsingException from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Type from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Structured from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Sequence from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1SequenceOf from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Extensions from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.SubjectPublicKeyInfo from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1InputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Certificate from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1EncodingException from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1OutputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.TBSCertificate from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Tag from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Primitive from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Integer from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.AlgorithmIdentifier from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Null from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkcs.pkcs1.DSSParams from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1OID from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkcs.pkcs5.PBEParameter from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Choice from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Name from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.RDNSequence from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.AttributeTypeAndValue from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1SetOf from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.RelativeDistinguishedName from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1String from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1SimpleString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1PrintableString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1TeletextString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1IA5String from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.UTF8String from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1BMPString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Validity from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Time from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1BitString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DERInputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DERDefiniteLengthInputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Time from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Set from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1OctetString from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1Boolean from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DERInputStream$Header from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.ASN1UTCTime from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.pkix.Extension from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DEROutputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DERByteArrayOutputStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.security.asn1.DEROutputSizer from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.kf.ECCpresso_ECKeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.kf.JSAFE_RSAKeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.kf.ECCpresso_RSAKeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.provider.kf.DSAKeyFactory from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded Sun.reflect.GeneratedConstructorAccessor13 from __JVM_DefineClass__]
[Loaded Sun.reflect.GeneratedConstructorAccessor14 from __JVM_DefineClass__]
[Loaded Sun.reflect.GeneratedConstructorAccessor15 from __JVM_DefineClass__]
[Loaded com.certicom.locale.Resources from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.locale.jSSLPlusResources from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.locale.jSSLPlusResources_en from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.bea.logging.ThrowableWrapper from file:/opt/bea/modules/com.bea.core.logging_1.4.0.0.jar]
[Loaded weblogic.logging.ThrowableInfo from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
<Jan 26, 2010 4:00:27 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Failure loading trusted CA list
Java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.CertificateSupport.addTrustedCertificate(Unknown Source)
at com.certicom.net.ssl.SSLContext.addTrustedCertificate(Unknown Source)
at com.bea.sslplus.CerticomSSLContext.addTrustedCA(Unknown Source)
at weblogic.security.utils.SSLContextWrapper.addTrustedCA(SSLContextWrapper.Java:62)
at weblogic.security.utils.SSLSetup.getSSLContext(SSLSetup.Java:320)
at weblogic.security.SSL.SSLClientInfo.getSSLSocketFactory(SSLClientInfo.Java:101)
at weblogic.security.SSL.SSLSocketFactory.setSSLClientInfo(SSLSocketFactory.Java:218)
at weblogic.security.SSL.SSLSocketFactory.<init>(SSLSocketFactory.Java:36)
at weblogic.security.SSL.SSLSocketFactory.getInstance(SSLSocketFactory.Java:68)
at weblogic.net.http.HttpsClient.New(HttpsClient.Java:561)
at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.Java:242)
at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.Java:237)
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.Java:191)
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.Java:93)
at com.iplanet.services.naming.WebtopNaming.getNamingTable(WebtopNaming.Java:1038)
at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.Java:1074)
at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.Java:991)
at com.iplanet.services.naming.WebtopNaming.access$000(WebtopNaming.Java:74)
at com.iplanet.services.naming.WebtopNaming$SiteMonitor.<clinit>(WebtopNaming.Java:1386)
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.Java:145)
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.Java:93)
at com.iplanet.services.naming.WebtopNaming.getNamingTable(WebtopNaming.Java:1038)
at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.Java:1074)
at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.Java:991)
at com.iplanet.services.naming.WebtopNaming.getServiceAllURLs(WebtopNaming.Java:466)
at com.Sun.identity.authentication.AuthContext.login(AuthContext.Java:575)
at com.Sun.identity.authentication.AuthContext.login(AuthContext.Java:521)
at com.Sun.identity.authentication.AuthContext.login(AuthContext.Java:381)
at com.Sun.identity.agents.common.ApplicationSSOTokenProvider.getApplicationSSOToken(ApplicationSSOTokenProvider.Java:63)
at com.Sun.identity.agents.Arch.AgentConfiguration.setAppSSOToken(AgentConfiguration.Java:541)
at com.Sun.identity.agents.Arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.Java:646)
at com.Sun.identity.agents.Arch.AgentConfiguration.initializeConfiguration(AgentConfiguration.Java:1054)
at com.Sun.identity.agents.Arch.AgentConfiguration.<clinit>(AgentConfiguration.Java:1498)
at com.Sun.identity.agents.Arch.Manager.<clinit>(Manager.Java:643)
at com.Sun.identity.agents.weblogic.v10.AmWLAuthProvider.initialize(AmWLAuthProvider.Java:57)
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.Java:65)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.Java:363)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.Java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.Java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.Java:72)
at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(Unknown Source)
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(Unknown Source)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
at weblogic.security.SecurityService.start(SecurityService.Java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.Java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.Java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.Java:173)
>
[Loaded javax.net.ssl.impl.SSLSocketImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded Java.net.SocksConsts from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Java.net.PlainSocketImpl from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Java.net.SocksSocketImpl from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Java.net.SocksSocketImpl$5 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Java.net.ProxySelector from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.net.spi.DefaultProxySelector from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.net.spi.DefaultProxySelector$1 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.net.NetProperties from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.net.NetProperties$1 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Sun.net.spi.DefaultProxySelector$3 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Java.net.Socket$2 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Java.net.SocketInputStream from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Java.net.Socket$3 from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded Java.net.SocketOutputStream from /usr/jdk/instances/jdk1.6.0/jre/lib/rt.jar]
[Loaded javax.net.ssl.impl.StringID from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.event.HandshakeWouldBlockException from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded javax.net.ssl.SSLProtocolException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded javax.net.ssl.SSLHandshakeException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded javax.net.ssl.SSLKeyException from /usr/jdk/instances/jdk1.6.0/jre/lib/jsse.jar]
[Loaded com.certicom.tls.record.Message from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.InputSSLIO from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.OutputSSLIO from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.bea.sslplus.TwoWaySSLHandshakeStageSocketException from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.TLSSession from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.OutputSSLIOStreamWrapper from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.InputSSLIOStreamWrapper from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.InputSSLIOStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.io.OutputSSLIOStream from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.alert.AlertHandler from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.HandshakeHandler from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.alert.Alert from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.HandshakeInputBuffer from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.interfaceimpl.TLSSessionImpl from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.CryptoRecordState from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.HandshakeTypes from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.HandshakeState from file:/opt/bea/wlserver_10.3/server/lib/weblogic.jar]
[Loaded com.certicom.tls.record.handshake.ClientStateSentHello from file:/opt/bea/wlserver_10.
Boot.propertiesファイルを作成します。
${DOMAIN_HOME}/servers/AdminServer/security/boot.properties
コンテンツを編集して、以下を追加します。
username=weblogicAdminUsername
password=weblogicAdminUnencryptedPassword
TrustKeyStore=CustomTrust
CustomTrustKeyStoreFileName=/path/to/custom/keystore
CustomTrustKeyStorePassPhrase=keystoreUnencryptedPassword
WebLogicサーバーを始動します。
起動後、boot.propertiesファイルの内容が暗号化されていることに注意してください。
これを行う別の方法は次のとおりです。
Java_OPTIONS="${Java_OPTIONS} -Dweblogic.security.TrustKeyStore=CustomTrust "
Java_OPTIONS="${Java_OPTIONS} -Dweblogic.security.CustomTrustKeyStorePassPhrase=customKeystorePassword "
Java_OPTIONS="${Java_OPTIONS} -Dweblogic.security.CustomTrustKeyStoreFileName=/my/custom/keystore.jks "
上記の行をドメインのbin/setDomainEnv.shファイルに追加します。最後の2つをカスタマイズします。