WebLogic 8.1 and Linux - keytool import of digital cert error - weblogic.support.install(Archived)

getting keytool error: java.lang.Exception: Failed to establish chain from reply when trying import digitial certificate from Verisign. Allows me to import digital cert only if I use different name on my alias from when i created the keystore. any ideas?

Related

import SSL certificate

greetings everyone!
i have been (unsuccessfully) trying to import a test certificate from verisign following the steps outlined in the following tutorial (which is very good btw)
http://support.bea.com/askbea_soln/attachments/S-22841/Configure_Keystore_SSL_WLS81_viewlet_swf
once i get to the step where i store the signed certificate in the custom identity keystore using the -import flag i receive the following error:
C:\bea\WEBLOG~1\samples\domains\workshop>keytool -import -trustcacerts -alias su
pport -file c:\bea\weblogic81\samples\domains\workshop\supportcert.pem -keypass
weblogic -keystore c:\bea\weblogic81\samples\domains\workshop\support.jks -store
pass support
keytool error: java.lang.Exception: Failed to establish chain from reply
i have followed every step exactly how it was outlined in the tutorial (im even using the same names for passwords and keys). what step could i have done wrong in order to receive this message?
thank you very much
marcos 
is there a reason you have to use support.jks. I would try to import the cert into a new keystore. Use the same command put change the keystore location. if the file does not exist keytool will make the new jks file. If this fails then there is a problem with the certificate you got from verisign. If it works do you need to be using support.jks or will your own file work

SSL Certificate renewal

I am new to WebLogic and have been given the task of renewing the digital certificates on our production servers running WebLogic 7.0. I have generated the CSR and sent to Verisign and received a email back with a cert.cer file and some other info about an Intermediate CA certificate. Looking for info on what to do with this file and Intermediate data. Verisign's did not install info for version 7.0. Thanks
Append the intermediate certificate to the file verisign sent yoi. Then use the
keytool utility to import the Verisign certificate into your keystore. You may
also need to update you cacert keystore located in Java_Home/jre/lib/security
with the latest class 3 trusted certificate from verisign. Their class 3 root
certificate expired in January.
David Olness <david.olness#verizon.com> wrote:
I am new to WebLogic and have been given the task of renewing the digital
certificates on our production servers running WebLogic 7.0. I have
generated the CSR and sent to Verisign and received a email back with
a cert.cer file and some other info about an Intermediate CA certificate.
Looking for info on what to do with this file and Intermediate data.
Verisign's did not install info for version 7.0. Thanks

[Security:090542]Certificate chain received from 10.121.32.153 - 10.121.32.

Hi,
I'm getting following error everytime I try to connect to one of our server 10.121.32.153 which https enabled.
[Security:090542]Certificate chain received from 10.121.32.153 - 10.121.32.153 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.
I'm using customized keystore and truststore within weblogic s. I have imported the 10.121.32.153 specific certificate in our customized truststore but still facing the same issue.
Any kind of pointer would be really helpful.
Thanks,
Shweta 
The server's private key should go into the keystore, including the CA if needed.
We use Verisign, so here we
1) import primary intermediate
2) import secondary intermediate
3) import our server crt and tell it to trust above chain (keytool asks for it)
..into the keystore.
If the server certificate is invalid (i.e. expired, or CA chain missing), it will also not trust any certificate from the truststore.

How create and configure keystores

Hi,anyone has experience on how :Obtain private keys and digital certificates from a sever, create keystores and load the keys into the keystores and set them up under the Console? I'm trying to connect to a Pop3 over SSL unsing OSB and email transport and I get some errors. Thanks for your help. Fairlie
Hi, The ImportPrivateKey utility allows you to take private key and digital certificate files and load them into a keystore. The keytool utility can generate a key pair (a public key and associated private key) and a self-signed digital certificate and store them in the keystore.Check here...http://docs.oracle.com/cd/E28280_01/web.1111/e13707/identity_trust.htm#SECMG380 Cheers,Vlad
I resolved in this way: I have created my java keystore using InstallCert and got the certificates from mail server, then I have imported the jks into the DemoTrust.jks located under %ORACLE_HOME%/weblogic/wlserver_10.3/ server/lib/ using this command: keytool -importkeystore -srckeystore key.jks -destkeystore -srcstoretype JKS -deststoretype PKCS11 -srcstorepass changeit -deststorepass topsecret DemoTrustKeyStorePassPhrase is the default DemoTrust.jks password.Now, WebLogic server works fine  and exchange SSL handshake.Fairlie

No trusted certificate found error for .pfx type

Hi All, Our trading partner has sent us a certificate in .pfx format. we used the below keytool code to add it to a keystore.keytool -v -importkeystore -srckeystore E:\SOA12c\wlserver\server\lib\name.pfx -srcstoretype PKCS12 -destkeystore E:\SOA12c\wlserver\server\lib\vancert.jks  -deststoretype JKSIn weblogic, we configured soa_server to use the new keystore and enabled SSL and provided aliases in SSL tab.In B2B console, we provided the jks file path and its credentials.When we send a transaction (EDI), we are getting,Transport error: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found No trusted certificate foundThe SOA version is 12.1.3Can you folks help in guiding us?Thanks.
Hi, First of all your trading partner should provide you their public cert in P7B/DER/CER format. PKCS12 format is used to store private keys and your partner must not share their private key with you. Once you get the public cert of your partner, import it into the keystore configured at your B2B. Need not to import it in WLS keystore (if that's a separate keystore). Please note that Oracle SOA works with base64 encoded cert only.  Regards,Anuj

Categories

Resources