Thursday, March 1, 2012

WebLogic 10.3.5 SSL Handshake

As a function of the SSL handshake, WebLogic Server compares the common name in the SubjectDN in the SSL server’s digital certificate with the host name of the SSL server used to initiate the SSL connection. If these names do not match, the SSL connection is dropped. The SSL client is the actual party that drops the SSL connection if the names do not match.

The following Java Program can be run from the  $MW_HOME/common/bin directory to see if the SSL handshake is happening. Also, before running the Java Code, the commEnv.sh need to be run to setup the Java environment.
import java.net.*;
import java.io.*;

public class SSLTest {

    public SSLTest() {
        super();
    }

    public static void main(String[] args) throws Exception {
        
        URL verisign = new URL("https://someserver.net:999/someservice?wsdl");
        System.out.println("Opening URL: " + verisign.toString());

        BufferedReader in =
            new BufferedReader(new InputStreamReader(verisign.openStream()));

        String inputLine;
        while ((inputLine = in.readLine()) != null)
            System.out.println(inputLine);

        in.close();
    }
}


Before running the Java Code, the following environment variables need to be set.
-Djavax.net.ssl.trustStorePassword=trustPassword 

-Dssl.debug=true 

-Dweblogic.StdoutDebugEnabled=true 

-Djavax.net.debug=ssl,handshake,verbose 

-Djavax.net.ssl.trustStore=C:\OSB\Middleware\wlserver_10.3\server\lib\mindtelligent-trust.jks 
-Djavax.net.ssl.keyStore=C:\OSB\Middleware\wlserver_10.3\server\lib\mindtelligent-identity.jks  


-Djavax.net.ssl.keyStorePassword=IdentityPassword

No comments:

Post a Comment

ForgeRock IAM : OpenDS (Open Directory Server). Importing LDIF files

The most efficient method of importing LDIF data is to take the OpenDJ server offline. Alternatively, you can schedule a task to import the ...