SSL on Weblogic Made Simple – PART3
We come cross lot SSL related issues in our day to day
middleware activities; I will talk about different ways of troubleshooting SSL
related issues.
1)
The first and
foremost thing we need to look as soon as we start looking into a SSL issue is
the validity of the SSL certificate.
2)
Enable Debugging on
the weblogic servers to see the ssl traces and dumps
To see the debug messages you
need to enable server severity level to debug
3)
You can also
enable debugging in the setDomainEnv.sh
File ( command line parameters)
This will write all SLL
debug information in server logs.
-Dweblogic.log.RedirectStdoutToServerLogEnabled=true
-Dweblogic.StdoutDebugEnabled=TRUE
-Djavax.net.debug=ssl,handshake,verbose
-Dweblogic.log.RedirectStdoutToServerLogEnabled=true
-Dssl.debug=true
Run the command to find
the debug flags enabled or disabled
java weblogic.Admin -username
weblogic -password weblogic -url localhost:7001 GET -type ServerDebug -pretty
or
java -cp
.:$WL_HOME/wlserver_10.3/server/lib/weblogic.jar weblogic.Admin
-username weblogic -password weblogic -url localhost:7001 GET -type ServerDebug
–pretty
4 )
Testing with a JAVA
Client to test the SSL Connectivity.
Here is Java Code , Name it as SSL_Test.java
import java.io.*;
import java.net.*;
import javax.net.ssl.*;
import java.util.*;
import java.security.Permission;
import java.security.cert.Certificate;
public class SSL_Test {
//Usage ::
// java_home/bin/java -Djavax.net.debug=ssl,handshake,verbose -XX:+PrintCommandLineFlags -Djavax.net.ssl.trustStore=TurstStore .jks SSL_Test
public static void main(String[] args) throws Exception {
//Disabling the Host Name verification of the certificate
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
// Replace WS URL with the actual URL
URL url =
new URL("https:///context");
System.out.println("Opening URL: " + url.toString());
// SSL handShake with the below method
HttpsURLConnection con = (HttpsURLConnection)url.openConnection();
System.out.println("===================================== HandShake Successfull !!!");
System.out.println("===================================== SSL Connection Successfull !!!");
System.out.println("got the connection Object.....!");
System.out.println("TRUST STORE :::::::::javax.net.ssl.trustStore::" +
System.getProperty("javax.net.ssl.trustStore"));
System.out.println("%%%%%%%%%% P R I N T I N G C O N N E C T I O N I N F O R M A T I O N %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%");
//print_https_cert(con);
System.out.println(" %%%%%%%%%% E N D %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ");
System.out.println("################## P R I N T I N G J A V A E N V I R O N M E N T ################## ");
//print_java_classpath();
System.out.println(" ################## E N D ################## ");
System.out.println("===================================== PRINTING THE CONTENT OF THE URL ======================================================");
BufferedReader in =
new BufferedReader(new InputStreamReader(url.openStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
}
private static void print_https_cert(HttpsURLConnection con) {
if (con != null) {
try {
//System.out.println("PeerPrincipal : " + con.getPeerPrincipal());
//System.out.println("LocalPrincipal : " + con.getLocalPrincipal());
System.out.println("HostnameVerifier : " +
con.getHostnameVerifier());
System.out.println("DefaultVerifier : " +
con.getDefaultHostnameVerifier());
System.out.println("Response Code : " + con.getResponseCode());
System.out.println("Cipher Suite : " + con.getCipherSuite());
System.out.println("ErrorStream : " + con.getErrorStream());
System.out.println("ResponseMessage : " +
con.getResponseMessage());
System.out.println("RequestMethod : " +
con.getRequestMethod());
Permission sp = con.getPermission();
System.out.println("Permission : " + sp.toString());
System.out.println("Permission : " + sp.getName());
System.out.println("Permission : " + sp.getActions());
Map> lst = con.getHeaderFields();
for (Map.Entry> me : lst.entrySet()) {
String key = me.getKey();
List valueList = me.getValue();
System.out.println("Key: " + key);
System.out.print("Values: ");
for (String s : valueList) {
System.out.print(s + " ");
}
}
System.out.println("\n");
} catch (SSLPeerUnverifiedException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
private static void print_java_classpath() {
ClassLoader cl = ClassLoader.getSystemClassLoader();
URL[] urls = ((URLClassLoader)cl).getURLs();
for (URL url1 : urls) {
System.out.println(url1.getFile());
}
Properties p = System.getProperties();
Enumeration keys = p.keys();
while (keys.hasMoreElements()) {
String key = (String)keys.nextElement();
String value = (String)p.get(key);
System.out.println(key + ": " + value);
}
}
}
You need to update the URL with the required string in the code Compile the Code :
[JAVA_HOME]/jdk160_31/bin/javac SSL_Test.java
Execute the Code :
<JAVA_HOME>/jdk160_31/bin/java -Djavax.net.debug=ssl,handshake,verbose -XX:+PrintCommandLineFlags -Djavax.net.ssl.trustStore=/tmp/truststore.jks SSL_Test
Note: This code is used to test the SSL handshake and also verify whether you are passing right
Trust store which has the appropriate CA's
We need to make sure /tmp/truststore.jks has all the Trusted and Root CA's of the calling system
if you don't pass -Djavax.net.ssl.trustStore=/tmp/truststore.jks then SSL handshake will fail
No comments:
Post a Comment