RE: SSL issue while using Axis and WLS

[Vemuri, Krishna]

Title: SSL issue while using Axis and WLS

Have you done SSL before with .NET and Weblogic?   Nope   Do you have SSL requirements for the .NET service?    Yep Is it configured to do server authentication, or both client and server authentication?  Client authentication will require you setup a WebLogic "key store" which contains a properly signed key (proper signatures are defined by the server).  The .NET service should define these things.        Ans: Just to do server auth. I can access the SSL protected .NET service through Websphere, but Weblogic is the issue. Who signed the server's certificate?  The signer's cert will need to be loaded into the WebLogic "trust store" in order for WebLogic to properly authenticate it.         Ans: I have no idea how this is done, any information in this regards would be appreciated. What cryptographic algorithms are available in the .NET service?  The SSL client and SSL server must have a common algorithm in order to communicate.       Ans: That is another answer I don't know.   Thanks Jim for the response. If you can elaborate more on How a signer's cert can be loaded into WLS trust store that would be great. Thanks in advance for your help.   regards, Krishna -----Original Message----- From: Stickley, Jim [mailto:[EMAIL PROTECTED]] Sent: Monday, February 17, 2003 9:31 AM To: '[EMAIL PROTECTED]' Subject: RE: SSL issue while using Axis and WLS Have you done SSL before with .NET and Weblogic? Do you have SSL requirements for the .NET service?  Is it configured to do server authentication, or both client and server authentication?  Client authentication will require you setup a WebLogic "key store" which contains a properly signed key (proper signatures are defined by the server).  The .NET service should define these things. Who signed the server's certificate?  The signer's cert will need to be loaded into the WebLogic "trust store" in order for WebLogic to properly authenticate it. What cryptographic algorithms are available in the .NET service?  The SSL client and SSL server must have a common algorithm in order to communicate.   The answers to these questions will drive the solution you seek.   Jim Stickley Enterprise Architect Birch Telecom (816) 300-6743 [EMAIL PROTECTED]   -----Original Message----- From: Vemuri, Krishna [mailto:[EMAIL PROTECTED]] Sent: Friday, February 14, 2003 5:05 PM To: [EMAIL PROTECTED] Subject: SSL issue while using Axis and WLS   Hey guys, This in all probability is an issue on Weblogic's side but if someone knows here how can I fix this, it will be really helpful Issue : We are running WLS6.1 integrated with Axis RC1.1, our web-service ear which is WLS based we make an Axis Call to a .NET webservice which is SSL protected and everytime we make a call to the SSL protected .NET service we get the following exception: javax.net.ssl.SSLHandshakeException: FATAL Alert:HANDSHAKE_FAILURE - The handsha ke handler was unable to negotiate an acceptable set of security parameters.         at com.certicom.tls.b.e.a(Unknown Source)         at com.certicom.tls.b.e.a(Unknown Source)         at com.certicom.tls.d.b.o.do(Unknown Source)         at com.certicom.tls.d.b.o.aB(Unknown Source)         at com.certicom.tls.d.b.o.int(Unknown Source)         at com.certicom.tls.d.b.o.a(Unknown Source)         at com.certicom.tls.d.e.if(Unknown Source)         at com.certicom.tls.d.e.ai(Unknown Source)         at com.certicom.tls.d.e.aj(Unknown Source)         at com.certicom.tls.b.e.c(Unknown Source)         at com.certicom.tls.d.c.write(Unknown Source)         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67 )         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:125)         at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:240)         at java.io.BufferedWriter.flush(BufferedWriter.java:228)         at org.apache.axis.Message.writeTo(Message.java:441)         at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.ja va:466)         at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:122)         at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrateg y.java:71)         at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)         at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)         at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)         at org.apache.axis.client.Call.invokeEngine(Call.java:2492)         at org.apache.axis.client.Call.invoke(Call.java:2481)         at org.apache.axis.client.Call.invoke(Call.java:2176)         at org.apache.axis.client.Call.invoke(Call.java:2099)         at org.apache.axis.client.Call.invoke(Call.java:1622)         at com.verizon.itwagent.security.saml.SAMLImpl.authorize(SAMLImpl.java:1 51)         at com.verizon.itwagent.action.security.SecurityAction.execute(SecurityA ction.java:255)         at com.verizon.itwagent.ITWAgent.processRequest(ITWAgent.java:101)         at com.verizon.itwagent.RPCFilter.doFilter(RPCFilter.java:204)         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja va:27)         at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppSe rvletContext.java:2552)         at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestIm pl.java:2260)         at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)         at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120) The funny part is if the .NET service is not SSL protected then we don't get this exception at all. One more thing, I did a test run by creating a standalone console client (Not running in the context of WLS) and executing it against the SSL protected .NET Webservice, that works fine too. For those wondering why we are using Axis Call, within WLS6.1, to make a Call to the .NET webservice. The reason is to the .NET webservice we have to send a SOAPMessage with a SOAP Header and unfortunately WLS6.1 doesn't support SOAPHeader, hence we are using Axis to make this call. Any ideas or anyone ever come across this problem. Any help in this regards would be appreciated. thanks, Krishna