Weblogic/Java not sending Client Certificate in Mutual SSL Integration with IIS


Weblogic/Java not sending Client Certificate in Mutual SSL Integration with IIS



I'm having trouble understanding why Weblogic/Java are not sending the Client certificate requested by the server(IIS server) during SSL Handshake via the CertificateRequest message.



I have already checked and tried all the other questions/answer in SO such as :
Java not providing client certificate for mutual SSL?
and similar.



I have created a custom keystore called Identity.jks and I've follwed the WL guides (and everything else I could find on the Internet) to do the right settings.



Here are the debug logs for the SSL handshake:


*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withRSA, SHA512withECDSA, SHA256withRSA, SHA384withRSA, SHA1withRSA, SHA256withECDSA, SHA384withECDSA, SHA1withECDSA, SHA1withDSA
Cert Authorities:
<Empty>
*** ServerHelloDone
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>



As you can see the server sends a CertificateRequest message but for some reasons the Cert Authorities is Empty. The client (Weblogic) in this case doesn't send the certificate. As you can see there is a warnin message by the developers saying:


CertificateRequest


Cert Authorities


Empty



no suitable certificate found - continuing without client authentication


no suitable certificate found - continuing without client authentication



When I use SoapUI instead of Weblogic to communicate with the server the handshake succeeds. SoapUI sends the certificate contained in the Identity.jks keystore.


SoapUI


Identity.jks



Can it be that SoapUI is less restrictive and sends the only certificate present in the keystore anyway while Weblogic is expecting from the server to find something in the Cert Authorities:
<Empty> ?


SoapUI


Cert Authorities:
<Empty>



Since I've setup weblogic to use that key with that alias I expect it to send it...



Is my interpretation of the logs correct?



Any idea/help is welcome.





are they both Weblogic and SOAPUI running the exact same JVM ?
– Eugène Adell
Jun 29 at 9:43






@EugèneAdell Yes they are running both in Java 8 specifically: jdk1.8.0_151
– Alboz
Jun 29 at 10:12





When the server sends an empty cert authorities list it is up to the client as to whether it's sends a cert or not. This you should fix the incorrect server configuration so that the server send the correct CAs list.
– James K Polk
2 days ago





@JamesKPolk even with the server sending the list of cert authorities the problem still persists... Seems some WL specific behaviour.
– Alboz
2 days ago









By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

Comments

Post a Comment

Popular posts from this blog

paramiko-expect timeout is happening after executing the command

paramiko-expect timeout is happening after executing the command Can someone help me why timeout is happening after executing the command .I am trying to SSH to a machine and execute a command.I want to store the result of the executed command . I have referred paramiko-timeout but i didn't get my expected result. import traceback try: import paramiko except ImportError: raise Exception("Please install paramiko , pip install paramiko") import pexpect from paramiko_expect import SSHClientInteraction def main(): HOSTNAME = "minion5.net" USERNAME = "root" PASSWORD = "help@432" PROMPT = "root@*:~$s+" try: client = paramiko.SSHClient() client.load_system_host_keys() client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) client.connect(hostname=HOSTNAME, username=USERNAME, password=PASSWORD) with SSHClientInteraction(client, timeout=20, display=True) as interact: ...
Read more

Export result set on Dbeaver to CSV

Export result set on Dbeaver to CSV Normally I use Dbeaver for windows and always export my result set like this: run my query --> select the result --> export the result set --> select export to clipboard --> done This step by step puts my result set in my clipboard and I can paste it wherever I want to work with it. The problem is that now I am using dbeaver for mac and this guide is not working. I can go on until the moment that I select my result set like in the image below: exporting data set But once I go further in the process, in the last step I get: no query Note that in "source" it was suppose to show the query that originated the result set, but instead it says just "select. As a result it does't select my result or anything (besides being "successful"). Normally my query would show up there automatically and I couldn't find any option that corrects this problem in the menus. Please help me! Thanks. Aft...
Read more

Opening a url is failing in Swift

Opening a url is failing in Swift breakpointing inside the callback and logging success shows false. I added itms-apps to my plist: LSApplicationQueriesSchemes and put this in my app delegate: func application(_ app: UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey : Any] = [:]) -> Bool { return true } func moreTapped() { let url = NSURL(string: "itms-apps://itunes.com/developer/quantum-productions/id979315877") if #available(iOS 10.0, *) { UIApplication.shared.open(url! as URL, options: [:], completionHandler: {(success: Bool) in }) } else { UIApplication.shared.openURL(url! as URL) } } Are you testing on a real device? – rmaddy Jun 21 at 23:57 I try on a device, get "Cannot Connect to App Store". Device is online ...
Read more