SSL JNDI Client 2 way SSL with Weblogic

By -
This is a Simple demonstration of doing a JNDI lookup using 2 Way SSL client.
Step-1). Create Self Signed Certificate using Open SSL
openssl genrsa 1024 > host.key
openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.der
set WLS Environment and convert the der file to pem using the following command line
java utils.der2pem host.der
Step-2). Configure WLS for two way SSL.
Enable SSL on the Server.
Then got to
AdminServer > Configuration > SSL
Click Advanced and Set
Hostname Verification: NONE
Two Way Client Cert Behavior: Client Certs Requested But Not Enforced
Import the certificate into the truststore of WLS
C:\bea\bea1032\wlserver_10.3\server\lib>keytool -v -import -file host.crt -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase
Owner: CN=myhost, C=IN, ST=MH, L=Pune, EMAILADDRESS=test@MyOrganization, OU=Oracle, O=MyOrganization
Issuer: CN=myhost, C=IN, ST=MH, L=Pune, EMAILADDRESS=test@MyOrganization, OU=Oracle, O=MyOrganization
Serial number: c289a1692a6e8890
Valid from: Wed Jun 09 11:47:27 IST 2010 until: Thu Jun 09 11:47:27 IST 2011
Certificate fingerprints:
MD5: E1:A2:90:AA:D4:12:2E:C2:9E:94:15:81:65:40:47:EB
SHA1: 04:CA:6C:90:B9:3F:EE:DF:8A:81:AB:9F:73:C3:10:FE:95:D4:A8:71
Signature algorithm name: SHA1withRSA
Version: 1
Trust this certificate? [no]:
Certificate was not added to keystore
Restart Server
Step-3). Compile SSLJNDIClient and run it with the following command line
java -Dweblogic.security.TrustKeyStore=DemoTrust -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dssl.debug=true SSLJNDIClient
“SSLJNDIClient.java”
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import weblogic.jndi.Environment;
import weblogic.security.PEMInputStream;
import java.io.InputStream;
import java.io.FileInputStream;
public class SSLJNDIClient
{
public static void main(String[] args) throws Exception
{
Context context = null;
try {
Environment env = new Environment();
env.setProviderUrl(“t3s://localhost:7002?);
env.setSecurityPrincipal(“weblogic”);
env.setSecurityCredentials(“weblogic123?);
InputStream key = new FileInputStream(“host.key”);
InputStream cert = new FileInputStream(“host.pem”);
key = new PEMInputStream(key);
cert = new PEMInputStream(cert);
env.setSSLClientCertificate(new InputStream[] { key, cert});
env.setInitialContextFactory(Environment.DEFAULT_INITIAL_CONTEXT_FACTORY);
context = env.getInitialContext();
context.bind(“name”,new String(“hello”));
}
finally {
if (context != null) context.close();
}
}
}
Check the JNDI for the Object Bound

Comments

Post a Comment

Popular posts from this blog

Interview question for File and FTP Adapter

By -
1)  Why File Adapter is used in SOA Suite tool ?.  File adapter is used to read and write file from and to local system. 2)  Why FTP Adapter is used in SOA Suite tool ?. FTP adapter is similar to File adapter with one difference that this adapter is used to read/write the file from/to remote system. 3)  What all differences we have between File and FTP adapters.  Following are the major differences between File and FTP adapter. File Adapter 1. It is used to deal with local systems only. 2. Do not require any configuration to make this adapter work. FTP Adapter 1. It is used to deal with remote systems. 2. Outbound Connection Pool needs to be configured with FTP details to make this adapter work. 4)  File & FTP adapters are known and Transactional or Non-Transactional adapters?.  These adapters are known as non-transactional adapters as these adapters does not support transactions. 5)  Can we read flat files using these adapter...
Read more

What is boot.properties file and how to create

By -
Boot.properties is a file, it containing  weblogic server username and password . If your server is in production mode then only you have to create manually this boot.properties file. If your server is in Development then you no need to create this file because server it self create this file while creating Domain. A boot identity file contains the user credentials for starting and stopping an instance of WebLogic Server. An administration server or managed server can refer to this file for user credentials instead of prompting at the command line to provide them. To Create boot.properties: Go to below location Win :   C:\Oracle\Middleware\user_projects\domains\test_domain\servers\AdminServer\ Linux : Oracle\Middleware\user_projects\domains\test_domain\servers\AdminServer\ 1.First you have to create security folder under AdminServer 2.Create boot.properties file under security folder. 3.Open notepad and write the below two lines username=********** password=*****...
Read more

SSL Exceptions in Admin Server and Node Manager.

By -
javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from oracle.test.com – xx.xxx.xx.xx. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected. <WARNING> <Uncaught exception in server handlerjavax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake>javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:849) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170) The above exceptions are  the most common exceptions encountered during the setup of Weblogic Server in an environment. The stack does suggest what could be the reasons but the diagnostics are not mentioned. To debug this issue, first we need...
Read more