Current Position:Home > Problems when setting SSL for a MQSeries Adapter

Problems when setting SSL for a MQSeries Adapter

Update:10-11Source: network consolidation
Advertisement
I'm trying to enable SSL and so far these are the steps I've done:
- I've been using the DemoIdentity.jks and DemoTrust.jks files located under <MIDDLEWARE_HOME>\wlserver_10.3\server\lib for all my certificate operations.
- I created a PrivateKey and imported it to my DemoIdentity store, created a certificate request and when I got the response imported it back using the same alias. Something I want to highlight here is that when I created the PrivateKey I left the password field empty so it supposed inherit the keystore's.
- I also imported the CA cert into the DemoTrust.jks
My MQAdapter is all set and when I used it with no SSL it was working just fine so I think I have the problem isolated.
Anyway, now when I try to connect this is what I'm getting in the logs:
at oracle.integration.platform.blocks.adapter.fw.jca.cci.JCAConnectionMa
nager$JCAConnectionPool.createJCAConnection(JCAConnectionManager.java:1335)
... 59 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java
:38)
at java.security.KeyStore.getKey(KeyStore.java:763)
at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyM
anagerImpl.java:113)
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit
(KeyManagerFactoryImpl.java:48)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239)
at oracle.tip.adapter.mq.ManagedConnectionImpl.setupSSLSocketFactory(Man
agedConnectionImpl.java:670)
Googling this it seems like it's a problem with the keystore and private key passwords being different but I changed the private key's to match the keystore (something that I shouldn't be necessary because of the keytool's default behavior when generating the key) with no positive results.
Anyway, any ideas would be really appreciated. I've been spinning my wheels on this issue for 3 days now.
BTW, here's I'm using Oracle SOA11g.

The Best Answer

Advertisement
Hello MV,
I don't need to access my console through SSL as this is not part of what I'm trying to do.This will confirm whether SSL has been enabled on your weblogic. In your case it seems that SSL has not been enabled.
the demo keystore and truststore are regular stores and I was able to successfully import certificates into them using keytool.Demo keystores are not recommended to be used in production. Moreover DemoIdentity.jks already has a private (secret) key so importing another key may cause an issue. I don't think any application server supports multiple private keys for SSL.
I'll go ahead anyway and create a brand new set of keystores just to rule out that's not the problem here.Please test with new custom keystores and let us know the results.
Regards,
Anuj