Weblogic:即使在提供自定义主机名验证程序之后----仍然存在相同的 SSL 问题
专家!
我一直在努力让我的 Webservice 客户端(使用 https URL)在 Weblogic Server 10.3.2 中工作,这导致了如下问题:
2012 年 2 月 3 日上午 10:50:28 EST 警告安全 BEA-090504从 apcple.XXX.com 收到的证书链 - 113.128.90.16 主机名验证检查失败。证书包含 apcple.XXX.com,但检查预期的 apcple.XXX.com
如果我使用 -Dweblogic.security.SSL.ignoreHostnameVerification=true 禁用主机名验证检查,代码工作正常。没有问题。但这不是我们想要的。
a) 我启用了 weblogic SSL 调试。
b) 我介绍了我的自定义 HostNameVerifier 并通过控制台提供它,我在日志中看到我的自定义验证程序正在被拾取,并对 URL 主机名与证书 CN 名称进行主机名比较,结果成功并且代码返回 true。
c) 如果您看到 SSL 调试语句,则已建立与服务器的连接,并且第一次尝试验证证书链 0、1、2 并加载我的自定义主机名验证程序。
d) 经过几行后,它再次尝试验证同系列中的证书,第二次它没有加载我的自定义主机名验证程序,并且失败并出现上面粘贴的标准 BEA 安全错误。
你能帮我找出缺少的东西吗?
在这方面的任何帮助将不胜感激。
查看 SSL 调试语句的片段
Feb 3, 2012 10:50:23 AM EST Info WebLogicServer BEA-000307 Exportable key maximum lifespan set to 500 uses.
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Filtering JSSE SSLSocket
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 SSLIOContextTable.addContext(ctx): 30958379
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 SSLSocket will be Muxing
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 write SSL_20_RECORD
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 746666 received HANDSHAKE
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 HANDSHAKEMESSAGE: ServerHello
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 HANDSHAKEMESSAGE: Certificate
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Validating certificate 0 in the chain: Serial number: 1208925819615937499602513
Issuer:O=Cybertrust Inc, CN=Cybertrust Public SureServer SV CA
Subject:C=US, ST=Texas, L=Irving, O=XXX LLC, OU=ns, [email protected], CN=apcple.XXX.com
Not Valid Before:Fri Jun 17 10:48:17 EDT 2011
Not Valid After:Sun Jun 17 10:48:17 EDT 2012
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Validating certificate 1 in the chain: Serial number: 120010508
Issuer:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Subject:O=Cybertrust Inc, CN=Cybertrust Public SureServer SV CA
Not Valid Before:Wed Sep 08 13:35:16 EDT 2010
Not Valid After:Tue Sep 08 13:34:08 EDT 2020
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Validating certificate 2 in the chain: Serial number: 33554617
Issuer:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Subject:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Not Valid Before:Fri May 12 14:46:00 EDT 2000
Not Valid After:Mon May 12 19:59:00 EDT 2025
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 validationCallback: validateErr = 0
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 cert[0] = Serial number: 1208925819615937499602513
Issuer:O=Cybertrust Inc, CN=Cybertrust Public SureServer SV CA
Subject:C=US, ST=Texas, L=Irving, O=XXX LLC, OU=ns, [email protected], CN=apcple.XXX.com
Not Valid Before:Fri Jun 17 10:48:17 EDT 2011
Not Valid After:Sun Jun 17 10:48:17 EDT 2012
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 cert[1] = Serial number: 120010508
Issuer:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Subject:O=Cybertrust Inc, CN=Cybertrust Public SureServer SV CA
Not Valid Before:Wed Sep 08 13:35:16 EDT 2010
Not Valid After:Tue Sep 08 13:34:08 EDT 2020
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 cert[2] = Serial number: 33554617
Issuer:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Subject:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Not Valid Before:Fri May 12 14:46:00 EDT 2000
Not Valid After:Mon May 12 19:59:00 EDT 2025
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 weblogic user specified trustmanager validation status 0
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 SSLTrustValidator returns: 0
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Trust status (0): NONE
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Performing hostname validation checks: apcple.XXX.com
############ BELOW 6 LINES INDICATES MY CUSTOM HOST NAME VERIFIER GOT PICKED UP ########
Custom HostName Verifier Called =com.XXX.sys.WeblogicHostNameVerifier
Rcvd. Host Name=apcple.XXX.com SSL Session=javax.net.ssl.impl.SSLSessionImpl@1760238
Parsing COMMON Name from Certificates
getPeerLeafCert()....Start
Parsed CN = apcple.XXX.com
HOST NAME AND COMMON NAME MATCH FOUND
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 HANDSHAKEMESSAGE: ServerHelloDone
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HmacMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HmacSHA1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm MD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Using JCE Cipher: SunJCE version 1.6 for algorithm RC4
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HmacMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HmacSHA1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Using JCE Cipher: SunJCE version 1.6 for algorithm RSA
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 write HANDSHAKE, offset = 0, length = 262
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 write CHANGE_CIPHER_SPEC, offset = 0, length = 1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Using JCE Cipher: SunJCE version 1.6 for algorithm RC4
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HMACMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HmacMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HmacSHA1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 write HANDSHAKE, offset = 0, length = 16
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 746666 received CHANGE_CIPHER_SPEC
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Using JCE Cipher: SunJCE version 1.6 for algorithm RC4
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HMACMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 746666 received HANDSHAKE
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 HANDSHAKEMESSAGE: Finished
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HmacMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HmacSHA1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 write APPLICATION_DATA, offset = 0, length = 193
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 31771821 read(offset=0, length=8192)
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 746666 received APPLICATION_DATA: databufferLen 0, contentLength 143
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 31771821 read databufferLen 143
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 31771821 read A returns 143
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 31771821 read(offset=143, length=8049)
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 746666 received APPLICATION_DATA: databufferLen 0, contentLength 3819
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 31771821 read databufferLen 3819
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 31771821 read A returns 3819
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 31771821 read(offset=3962, length=4230)
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 746666 received APPLICATION_DATA: databufferLen 0, contentLength 8
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 31771821 read databufferLen 8
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 31771821 read A returns 8
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 write APPLICATION_DATA, offset = 0, length = 193
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read(offset=3970, length=4222)
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 746666 received APPLICATION_DATA: databufferLen 0, contentLength 143
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read databufferLen 143
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read A returns 143
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read(offset=4113, length=4079)
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 746666 received APPLICATION_DATA: databufferLen 0, contentLength 3819
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read databufferLen 3819
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read A returns 3819
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read(offset=7932, length=260)
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 746666 received APPLICATION_DATA: databufferLen 0, contentLength 8
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read databufferLen 8
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read A returns 8
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 SSLSetup: loading trusted CA certificates
Feb 3, 2012 10:50:25 AM EST Notice Security BEA-090898 Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.
Feb 3, 2012 10:50:25 AM EST Notice Security BEA-090898 Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 clientInfo has HostnameVerifier
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 Filtering JSSE SSLSocket
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 SSLIOContextTable.addContext(ctx): 25583909
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 SSLSocket will be Muxing
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 write SSL_20_RECORD
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 28097422 SSL3/TLS MAC
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 28097422 received HANDSHAKE
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 HANDSHAKEMESSAGE: ServerHello
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 HANDSHAKEMESSAGE: Certificate
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 Validating certificate 0 in the chain: Serial number: 1208925819615937499602513
Issuer:O=Cybertrust Inc, CN=Cybertrust Public SureServer SV CA
Subject:C=US, ST=Texas, L=Irving, O=XXX LLC, OU=ns, [email protected], CN=apcple.XXX.com
Not Valid Before:Fri Jun 17 10:48:17 EDT 2011
Not Valid After:Sun Jun 17 10:48:17 EDT 2012
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 Validating certificate 1 in the chain: Serial number: 120010508
Issuer:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Subject:O=Cybertrust Inc, CN=Cybertrust Public SureServer SV CA
Not Valid Before:Wed Sep 08 13:35:16 EDT 2010
Not Valid After:Tue Sep 08 13:34:08 EDT 2020
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 Validating certificate 2 in the chain: Serial number: 33554617
Issuer:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Subject:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Not Valid Before:Fri May 12 14:46:00 EDT 2000
Not Valid After:Mon May 12 19:59:00 EDT 2025
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 validationCallback: validateErr = 0
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 cert[0] = Serial number: 1208925819615937499602513
Issuer:O=Cybertrust Inc, CN=Cybertrust Public SureServer SV CA
Subject:C=US, ST=Texas, L=Irving, O=XXX LLC, OU=ns, [email protected], CN=apcple.XXX.com
Not Valid Before:Fri Jun 17 10:48:17 EDT 2011
Not Valid After:Sun Jun 17 10:48:17 EDT 2012
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 cert[1] = Serial number: 120010508
Issuer:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Subject:O=Cybertrust Inc, CN=Cybertrust Public SureServer SV CA
Not Valid Before:Wed Sep 08 13:35:16 EDT 2010
Not Valid After:Tue Sep 08 13:34:08 EDT 2020
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 cert[2] = Serial number: 33554617
Issuer:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Subject:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Not Valid Before:Fri May 12 14:46:00 EDT 2000
Not Valid After:Mon May 12 19:59:00 EDT 2025
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 weblogic user specified trustmanager validation status 0
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 SSLTrustValidator returns: 0
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 Trust status (0): NONE
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 Performing hostname validation checks: apcple.XXX.com
Feb 3, 2012 10:50:25 AM EST Warning Security BEA-090504 Certificate chain received from apcple.XXX.com - 113.128.90.16 failed hostname verification check. Certificate contained apcple.XXX.com but check expected apcple.XXX.com
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 Hostname Verification failed for certificate with CommonName 'apcple.XXX.com' against hostname: apcple.XXX.com
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.init(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle (Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:158)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:363)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream (SOAPHttpsURLConnection.java:37)
at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:952)
at com.sun.xml.ws.transport.http.client.HttpClientTransport.readResponseCodeAndMessage (HttpClientTransport.java:213)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process (HttpTransportPipe.java:172)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest (HttpTransportPipe.java:101)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
at com.sun.xml.ws.client.Stub.process(Stub.java:248)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:135)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:118)
at $Proxy189.updateMilestone(Unknown Source)
at com.XXX.sys.apc.APCProcessor.updateMilestoneToApc(APCProcessor.java:95)
at com.XXX.sys.apc.APCProcessor.sendAsrFeed(APCProcessor.java:50)
at com.XXX.sys.apc.APCLookupBean.onMessage(APCLookupBean.java:94)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection (AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoin point(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed (ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke (ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed (ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doPro ceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invok e(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed (ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke (JdkDynamicAopProxy.java:204)
at $Proxy148.onMessage(Unknown Source)
at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466)
at weblogic.ejb.container.internal.MDListener.transactionalOnMessage (MDListener.java:371)
at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:327)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4585)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:4271)
at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3747)
at weblogic.jms.client.JMSSession.access$000(JMSSession.java:114)
at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5096)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)'
Experts !
I had been struggling to make my Webservice Client (using https URL) work within Weblogic Server 10.3.2, which had been causing an issue as below:
Feb 3, 2012 10:50:28 AM EST Warning Security BEA-090504 Certificate chain received from apcple.XXX.com - 113.128.90.16 failed hostname verification check. Certificate contained apcple.XXX.com but check expected apcple.XXX.com
If i disable host name verification check using -Dweblogic.security.SSL.ignoreHostnameVerification=true , Code is WORKING fine. No Issue. But that is NOT what is want.
a) I enabled weblogic SSL debugs.
b) I introduced my Custom HostNameVerifier and supplied it via console , I see in the logs that My custom verifier is getting picked up and does Host Name comparison against URL hostname Vs Certiicate CN name and it suceeds and code returns true.
c) If you see SSL debug statements, Connection with server got established and First time it tries to validate Certificate chain 0 ,1, 2 and LOADS my CUSTOM HostName Verifier.
d) After few lines passed , It again tries to validate Certificates in same Series and SECOND time it DID NOT load My Custome HostName Verifier AND FAILS with the Standard BEA Security Error as pasted above.
Would you please help me to figure out what is missing ?
Any help in this regard would be highly appreciated.
SEE SNIPPET OF SSL DEBUG STATEMENTS
Feb 3, 2012 10:50:23 AM EST Info WebLogicServer BEA-000307 Exportable key maximum lifespan set to 500 uses.
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Filtering JSSE SSLSocket
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 SSLIOContextTable.addContext(ctx): 30958379
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 SSLSocket will be Muxing
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 write SSL_20_RECORD
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 746666 received HANDSHAKE
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 HANDSHAKEMESSAGE: ServerHello
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 HANDSHAKEMESSAGE: Certificate
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Validating certificate 0 in the chain: Serial number: 1208925819615937499602513
Issuer:O=Cybertrust Inc, CN=Cybertrust Public SureServer SV CA
Subject:C=US, ST=Texas, L=Irving, O=XXX LLC, OU=ns, [email protected], CN=apcple.XXX.com
Not Valid Before:Fri Jun 17 10:48:17 EDT 2011
Not Valid After:Sun Jun 17 10:48:17 EDT 2012
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Validating certificate 1 in the chain: Serial number: 120010508
Issuer:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Subject:O=Cybertrust Inc, CN=Cybertrust Public SureServer SV CA
Not Valid Before:Wed Sep 08 13:35:16 EDT 2010
Not Valid After:Tue Sep 08 13:34:08 EDT 2020
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Validating certificate 2 in the chain: Serial number: 33554617
Issuer:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Subject:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Not Valid Before:Fri May 12 14:46:00 EDT 2000
Not Valid After:Mon May 12 19:59:00 EDT 2025
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 validationCallback: validateErr = 0
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 cert[0] = Serial number: 1208925819615937499602513
Issuer:O=Cybertrust Inc, CN=Cybertrust Public SureServer SV CA
Subject:C=US, ST=Texas, L=Irving, O=XXX LLC, OU=ns, [email protected], CN=apcple.XXX.com
Not Valid Before:Fri Jun 17 10:48:17 EDT 2011
Not Valid After:Sun Jun 17 10:48:17 EDT 2012
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 cert[1] = Serial number: 120010508
Issuer:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Subject:O=Cybertrust Inc, CN=Cybertrust Public SureServer SV CA
Not Valid Before:Wed Sep 08 13:35:16 EDT 2010
Not Valid After:Tue Sep 08 13:34:08 EDT 2020
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 cert[2] = Serial number: 33554617
Issuer:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Subject:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Not Valid Before:Fri May 12 14:46:00 EDT 2000
Not Valid After:Mon May 12 19:59:00 EDT 2025
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 weblogic user specified trustmanager validation status 0
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 SSLTrustValidator returns: 0
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Trust status (0): NONE
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Performing hostname validation checks: apcple.XXX.com
############ BELOW 6 LINES INDICATES MY CUSTOM HOST NAME VERIFIER GOT PICKED UP ########
Custom HostName Verifier Called =com.XXX.sys.WeblogicHostNameVerifier
Rcvd. Host Name=apcple.XXX.com SSL Session=javax.net.ssl.impl.SSLSessionImpl@1760238
Parsing COMMON Name from Certificates
getPeerLeafCert()....Start
Parsed CN = apcple.XXX.com
HOST NAME AND COMMON NAME MATCH FOUND
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 HANDSHAKEMESSAGE: ServerHelloDone
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HmacMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HmacSHA1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm MD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Using JCE Cipher: SunJCE version 1.6 for algorithm RC4
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HmacMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HmacSHA1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Using JCE Cipher: SunJCE version 1.6 for algorithm RSA
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 write HANDSHAKE, offset = 0, length = 262
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 write CHANGE_CIPHER_SPEC, offset = 0, length = 1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Using JCE Cipher: SunJCE version 1.6 for algorithm RC4
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HMACMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HmacMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HmacSHA1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 write HANDSHAKE, offset = 0, length = 16
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 746666 received CHANGE_CIPHER_SPEC
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Using JCE Cipher: SunJCE version 1.6 for algorithm RC4
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HMACMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 746666 received HANDSHAKE
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 HANDSHAKEMESSAGE: Finished
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HmacMD5
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 Will use default Mac for algorithm HmacSHA1
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 write APPLICATION_DATA, offset = 0, length = 193
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 31771821 read(offset=0, length=8192)
Feb 3, 2012 10:50:23 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 746666 received APPLICATION_DATA: databufferLen 0, contentLength 143
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 31771821 read databufferLen 143
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 31771821 read A returns 143
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 31771821 read(offset=143, length=8049)
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 746666 received APPLICATION_DATA: databufferLen 0, contentLength 3819
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 31771821 read databufferLen 3819
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 31771821 read A returns 3819
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 31771821 read(offset=3962, length=4230)
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 746666 received APPLICATION_DATA: databufferLen 0, contentLength 8
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 31771821 read databufferLen 8
Feb 3, 2012 10:50:24 AM EST Debug SecuritySSL BEA-000000 31771821 read A returns 8
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 write APPLICATION_DATA, offset = 0, length = 193
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read(offset=3970, length=4222)
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 746666 received APPLICATION_DATA: databufferLen 0, contentLength 143
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read databufferLen 143
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read A returns 143
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read(offset=4113, length=4079)
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 746666 received APPLICATION_DATA: databufferLen 0, contentLength 3819
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read databufferLen 3819
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read A returns 3819
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read(offset=7932, length=260)
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 746666 SSL3/TLS MAC
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 746666 received APPLICATION_DATA: databufferLen 0, contentLength 8
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read databufferLen 8
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 31771821 read A returns 8
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 SSLSetup: loading trusted CA certificates
Feb 3, 2012 10:50:25 AM EST Notice Security BEA-090898 Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.
Feb 3, 2012 10:50:25 AM EST Notice Security BEA-090898 Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 clientInfo has HostnameVerifier
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 Filtering JSSE SSLSocket
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 SSLIOContextTable.addContext(ctx): 25583909
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 SSLSocket will be Muxing
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 write SSL_20_RECORD
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 isMuxerActivated: false
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 28097422 SSL3/TLS MAC
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 28097422 received HANDSHAKE
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 HANDSHAKEMESSAGE: ServerHello
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 HANDSHAKEMESSAGE: Certificate
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 Validating certificate 0 in the chain: Serial number: 1208925819615937499602513
Issuer:O=Cybertrust Inc, CN=Cybertrust Public SureServer SV CA
Subject:C=US, ST=Texas, L=Irving, O=XXX LLC, OU=ns, [email protected], CN=apcple.XXX.com
Not Valid Before:Fri Jun 17 10:48:17 EDT 2011
Not Valid After:Sun Jun 17 10:48:17 EDT 2012
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 Validating certificate 1 in the chain: Serial number: 120010508
Issuer:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Subject:O=Cybertrust Inc, CN=Cybertrust Public SureServer SV CA
Not Valid Before:Wed Sep 08 13:35:16 EDT 2010
Not Valid After:Tue Sep 08 13:34:08 EDT 2020
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 Validating certificate 2 in the chain: Serial number: 33554617
Issuer:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Subject:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Not Valid Before:Fri May 12 14:46:00 EDT 2000
Not Valid After:Mon May 12 19:59:00 EDT 2025
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 validationCallback: validateErr = 0
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 cert[0] = Serial number: 1208925819615937499602513
Issuer:O=Cybertrust Inc, CN=Cybertrust Public SureServer SV CA
Subject:C=US, ST=Texas, L=Irving, O=XXX LLC, OU=ns, [email protected], CN=apcple.XXX.com
Not Valid Before:Fri Jun 17 10:48:17 EDT 2011
Not Valid After:Sun Jun 17 10:48:17 EDT 2012
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 cert[1] = Serial number: 120010508
Issuer:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Subject:O=Cybertrust Inc, CN=Cybertrust Public SureServer SV CA
Not Valid Before:Wed Sep 08 13:35:16 EDT 2010
Not Valid After:Tue Sep 08 13:34:08 EDT 2020
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 cert[2] = Serial number: 33554617
Issuer:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Subject:C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Not Valid Before:Fri May 12 14:46:00 EDT 2000
Not Valid After:Mon May 12 19:59:00 EDT 2025
Signature Algorithm:SHA1withRSA
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 weblogic user specified trustmanager validation status 0
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 SSLTrustValidator returns: 0
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 Trust status (0): NONE
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 Performing hostname validation checks: apcple.XXX.com
Feb 3, 2012 10:50:25 AM EST Warning Security BEA-090504 Certificate chain received from apcple.XXX.com - 113.128.90.16 failed hostname verification check. Certificate contained apcple.XXX.com but check expected apcple.XXX.com
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 Hostname Verification failed for certificate with CommonName 'apcple.XXX.com' against hostname: apcple.XXX.com
Feb 3, 2012 10:50:25 AM EST Debug SecuritySSL BEA-000000 NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.init(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle (Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:158)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:363)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream (SOAPHttpsURLConnection.java:37)
at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:952)
at com.sun.xml.ws.transport.http.client.HttpClientTransport.readResponseCodeAndMessage (HttpClientTransport.java:213)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process (HttpTransportPipe.java:172)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest (HttpTransportPipe.java:101)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
at com.sun.xml.ws.client.Stub.process(Stub.java:248)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:135)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:118)
at $Proxy189.updateMilestone(Unknown Source)
at com.XXX.sys.apc.APCProcessor.updateMilestoneToApc(APCProcessor.java:95)
at com.XXX.sys.apc.APCProcessor.sendAsrFeed(APCProcessor.java:50)
at com.XXX.sys.apc.APCLookupBean.onMessage(APCLookupBean.java:94)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection (AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoin point(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed (ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke (ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed (ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doPro ceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invok e(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed (ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke (JdkDynamicAopProxy.java:204)
at $Proxy148.onMessage(Unknown Source)
at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466)
at weblogic.ejb.container.internal.MDListener.transactionalOnMessage (MDListener.java:371)
at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:327)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4585)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:4271)
at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3747)
at weblogic.jms.client.JMSSession.access$000(JMSSession.java:114)
at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5096)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)'
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论