0

I want to set up two way ssl(self-signed cert) to call a webservice endpoint from wildfly to weblogic. I've tested the weblogic setting, it works fine. Now, the problem is how should I configure the wildfly in order to build the connection with weblogic. I've tried the settings in standalone.xml as below:

<security-realm name="UndertowRealm">
                <server-identities>
                    <ssl>
                        <keystore path="space2_identity.jks" relative-to="jboss.server.config.dir" keystore-password="password" alias="space2i" key-password="password"/>
                    </ssl>
                </server-identities>
                <authentication>
                    <truststore path="space2_trust.jks" relative-to="jboss.server.config.dir" keystore-password="password"/>
                    <local default-user="$local" skip-group-loading="true"/>
                    <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
            </security-realm>


<https-listener name="https" verify-client="REQUIRED" security-realm="UndertowRealm" socket-binding="https"/>

The above setting is succeeded if I use a browser to run a two way ssl with wildfly. But for my main purpose (call WS between wildfly and weblogic), I keep receiving a bad_certification error, I suspect that wildfly cannot find my keystore and trustkeystore when wildfly is acting as a client role. It's because if I put the self-sign cert into jvm cacerts file, one way ssl can be built with weblogic. However, I've tried many methods to do the two way ssl, it keeps telling me bad_certification error. I've even insert the following lines into standalone.conf.bat:

set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.debug=ssl"  
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStore=D:/Keystore/space2_identity.jks"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStore=D:/Keystore/space2_trust.keystore"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStorePassword=password"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStorePassword=password"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStoreType=jks" 
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStoreType=jks"

Still, bad_certification received. I've tried many ways, what have I done wrong? Please kindly help. Thank you very much!

Tim
  • 1

1 Answers1

0

In your JAVA_OPTS the truststore is space2_trust.keystorewhile you have space2_trust.jks in your Undertow configuration.

ehsavoie
  • 3,126
  • 1
  • 16
  • 14