I have struggled on this one for several days now. I am using WebLogic 11g (10.3.4.0) on Windows (Linux behaves the same). I have setup two way SSL authentication following details from http://emo.sourceforge.net/cert-login-howto.html and http://middlewareforum.com/weblogic/?p=312. I used JMeter as the client with following JVM parameters. Standalone Java client behaves the same.
-Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.keyStore=c:/Users/sli/keys/browser.p12 -Djavax.net.debug=ssl -Djavax.net.ssl.keyStorePassword=PASSWORD-Djavax.net.ssl.trustStorePassword=changeit -Dweblogic.security.SSL.ignoreHostnameVerification=true
It works fine with t3 thin client (wlthint3client.jar), but it does not work when I switch to full client (wlfullclient.jar). One of applications somehow stuck with full client. It is a different problem by its own. BTW, full client is not full as it needs webserviceclient+ssl.jar and cryptoj.jar for SSL. It complains following at client.
javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://localhost:7503: Destination unreachable; nested exception is: com.bea.sslplus.TwoWaySSLHandshakeStageSocketException: SocketException during 2 way handshake; check client certificate or the network connection; No available router to destination]
Here is the server side log.
<39146459 SSL Version 2 with no padding> <39149058 SSL3/TLS MAC> <39149058 received SSL_20_RECORD> <39149058 SSL3/TLS MAC> <39149058 received HANDSHAKE> (Unknown Source) at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source) at com.certicom.tls.record.handshake.ServerStateSentHelloDone.handle(Unknown Source) at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source) at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source) at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source) at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source) at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source) at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source) at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source) at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source) at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source) at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207) at weblogic.work.ExecuteThread.run(ExecuteThread.java:176) > <37447543 SSL Version 2 with no padding> <37447552 SSL3/TLS MAC> <37447552 received SSL_20_RECORD> <37447552 SSL3/TLS MAC> <37447552 received HANDSHAKE> (Unknown Source) at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source) at com.certicom.tls.record.handshake.ServerStateSentHelloDone.handle(Unknown Source) at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source) at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source) at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source) at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source) at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source) at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source) at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source) at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source) at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source) at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207) at weblogic.work.ExecuteThread.run(ExecuteThread.java:176) >
I have done some research and found this (http://stackoverflow.com/questions/2047732/solaris-jms-client-connect-to-weblogic-11g-t3s-security-problem) that someone has gotten it working using full client on t3s for two way SSL authentication, but the link does not provide how. I have also tried to use the WebLogic security option mentioned there and it still does not work for me.
Thank you any of your help.
