OC4J & SSL

MySQL/PostgreSQL/SQLite/Oracle/M$SQL/....

Модератор: terminus

Правила форума
Убедительная просьба юзать теги [code] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.
kuzmichev
мл. сержант
Сообщения: 83
Зарегистрирован: 2009-06-01 14:31:39

OC4J & SSL

Непрочитанное сообщение kuzmichev » 2009-08-05 16:19:38

Здравствуйте уважаемые! уже пару дней бьюсь и все как :st:
есть фунциклирующий Oracle Container for Java версии 10.1.3.3.0. И требуется эту штуку запустить с поддержкой протокола HTTPS. И все бы ничего, только с необходимыми модулями загружаться не хочет.
вот конфиг server.xml:

Код: Выделить всё

<?xml version="1.0"?>

<application-server  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/application-server-10_1.xsd"  application-directory="../applications"
 check-for-updates="adminClientOnly"
 deployment-directory="../application-deployments"
 connector-directory="../connectors"
 schema-major-version="10" schema-minor-version="0" >
        <shared-library name="global.libraries" version="1.0" library-compatible="true">
                <code-source path="../applib"/>
        </shared-library>
        <shared-library name="global.tag.libraries" version="1.0" library-compatible="true">
                <code-source path="../../home/jsp/lib/taglib/"/>
                <code-source path="../../../j2ee/home/jsp/lib/taglib/"/>
                <code-source path="../../../lib/dsv2.jar"/>
                <import-shared-library name="oracle.xml"/>
                <import-shared-library name="oracle.jdbc"/>
                <import-shared-library name="oracle.cache"/>
                <import-shared-library name="soap"/>
        </shared-library>
        <shared-library name="oracle.persistence" version="1.0" library-compatible="true">
                <code-source path="../../../toplink/jlib/toplink-essentials.jar"/>
                <import-shared-library name="oracle.jdbc"/>
        </shared-library>
        <rmi-config path="./rmi.xml" />
        <jms-config path="./jms.xml" />
        <javacache-config path="../../../javacache/admin/javacache.xml" />
        <j2ee-logging-config path="./j2ee-logging.xml" />
        <log>
                <file path="../log/server.log" />
        </log>
        <java-compiler name="javac" in-process="false" options="-J-Xmx1024m -encoding UTF8" extdirs="/usr/lib64/jvm/java-1.5.0-sun-1.5.0_update8/jre/lib/ext" />
        <global-application name="default" path="application.xml" parent="system" start="true" />
        <application name="javasso" path="../../home/applications/javasso.ear" parent="default" start="false" />
        <application name="ascontrol" path="../../home/applications/ascontrol.ear" parent="system" start="true" />
        <application name="sqr-pl_sqr-WS" path="../applications/sqr-pl_sqr-WS.ear" parent="default" start="true" />
        <application name="test2-project-WS" path="../applications/test2-project-WS.ear" parent="default" start="true" />
        <application name="test4-Project1-WS" path="../applications/test4-Project1-WS.ear" parent="default" start="true" />
        <application name="test5-Project1-WS" path="../applications/test5-Project1-WS.ear" parent="default" start="true" />
        <application name="GercWS-Dai-WS" path="../applications/GercWS-Dai-WS.ear" parent="default" start="true" />
 <global-web-app-config path="global-web-application.xml" />
        <transaction-manager-config path="transaction-manager.xml" />
        <web-site path="./secure-web-site.xml" />
        <cluster  id="11610991077312" />
</application-server>
вот secure-web-site.xml:

Код: Выделить всё

<?xml version="1.0" standalone="yes"?>
<!DOCTYPE web-site PUBLIC "Oracle9iAS XML Web-site" "http://xmlns.oracle.com/ias/dtds/web-site-9_04.dtd">
<!-- change the host name below to your own host name. Localhost will -->
<!-- not work with clustering -->
<!-- also add cluster-island attribute as below
<web-site host="localhost" port="8888"
          display-name="Oracle 9iAS Java HTTP WebSite" cluster-island="1" >
-->
<web-site port="443" display-name="Oracle9iAS Containers for J2EE HTTP Web Site" protocol="http" secure="true">
        <ssl-config keystore="../mykeystore" keystore-password="123456" needs-client-auth="true" />
        <!-- Uncomment the following line when using clustering -->
        <!-- <frontend host="your_host_name" port="80" /> -->
    <!-- The default web-app for this site, bound to the root -->
    <default-web-app application="default" name="SecureWebApp"/>
        <web-app application="default" name="dms0" root="/dms0" access-log="true" />
        <web-app application="default" name="dms" root="/dmsoc4j" access-log="true" />
    <web-app application="default" name="admin_web" root="/adminoc4j"/>

    <!-- Access Log, where requests are logged to -->
    <access-log path="../log/secure-http-web-access.log"/>
</web-site>
и лог запуска:

Код: Выделить всё

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
09/08/05 14:47:52   Issuer:  EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x0
09/08/05 14:47:52   Valid from Mon Jan 01 02:00:00 EET 1996 until Fri Jan 01 01:59:59 EET 2021

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
09/08/05 14:47:52   Issuer:  CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x1b6
09/08/05 14:47:52   Valid from Fri Aug 14 17:50:00 EEST 1998 until Thu Aug 15 02:59:00 EEST 2013

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
09/08/05 14:47:52   Issuer:  OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55
09/08/05 14:47:52   Valid from Mon Jan 29 02:00:00 EET 1996 until Wed Aug 02 02:59:59 EEST 2028

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
09/08/05 14:47:52   Issuer:  CN=GTE CyberTrust Root, O=GTE Corporation, C=US
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x1a3
09/08/05 14:47:52   Valid from Sat Feb 24 01:01:00 EET 1996 until Fri Feb 24 01:59:00 EET 2006

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
09/08/05 14:47:52   Issuer:  CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x389b113c
09/08/05 14:47:52   Valid from Fri Feb 04 19:20:00 EET 2000 until Tue Feb 04 19:50:00 EET 2020

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
09/08/05 14:47:52   Issuer:  CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b
09/08/05 14:47:52   Valid from Fri Jul 09 21:31:20 EEST 1999 until Tue Jul 09 21:40:36 EEST 2019

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
09/08/05 14:47:52   Issuer:  CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x1
09/08/05 14:47:52   Valid from Thu Jan 01 02:00:00 EET 2004 until Mon Jan 01 01:59:59 EET 2029

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
09/08/05 14:47:52   Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
09/08/05 14:47:52   Valid from Mon May 18 03:00:00 EEST 1998 until Wed Aug 02 02:59:59 EEST 2028

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
09/08/05 14:47:52   Issuer:  EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x1
09/08/05 14:47:52   Valid from Thu Aug 01 03:00:00 EEST 1996 until Fri Jan 01 01:59:59 EET 2021

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
09/08/05 14:47:52   Issuer:  OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0
09/08/05 14:47:52   Valid from Wed Nov 09 02:00:00 EET 1994 until Fri Jan 08 01:59:59 EET 2010

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
09/08/05 14:47:52   Issuer:  CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x380391ee
09/08/05 14:47:52   Valid from Tue Oct 12 22:24:30 EEST 1999 until Sat Oct 12 22:54:30 EEST 2019

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
09/08/05 14:47:52   Issuer:  CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x389ef6e4
09/08/05 14:47:52   Valid from Mon Feb 07 18:16:40 EET 2000 until Fri Feb 07 18:46:40 EET 2020

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
09/08/05 14:47:52   Issuer:  OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x2d1bfc4a178da391ebe7fff58b45be0b
09/08/05 14:47:52   Valid from Mon Jan 29 02:00:00 EET 1996 until Wed Aug 02 02:59:59 EEST 2028

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
09/08/05 14:47:52   Issuer:  CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
09/08/05 14:47:52   Valid from Fri Oct 01 03:00:00 EEST 1999 until Thu Jul 17 02:59:59 EEST 2036

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=Sonera Class1 CA, O=Sonera, C=FI
09/08/05 14:47:52   Issuer:  CN=Sonera Class1 CA, O=Sonera, C=FI
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x24
09/08/05 14:47:52   Valid from Fri Apr 06 13:49:13 EEST 2001 until Tue Apr 06 13:49:13 EEST 2021

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
09/08/05 14:47:52   Issuer:  CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x1a5
09/08/05 14:47:52   Valid from Thu Aug 13 03:29:00 EEST 1998 until Tue Aug 14 02:59:00 EEST 2018

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
09/08/05 14:47:52   Issuer:  CN=Sonera Class2 CA, O=Sonera, C=FI
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x1d
09/08/05 14:47:52   Valid from Fri Apr 06 10:29:40 EEST 2001 until Tue Apr 06 10:29:40 EEST 2021

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
09/08/05 14:47:52   Issuer:  EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x1
09/08/05 14:47:52   Valid from Thu Aug 01 03:00:00 EEST 1996 until Fri Jan 01 01:59:59 EET 2021

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
09/08/05 14:47:52   Issuer:  CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x3863b966
09/08/05 14:47:52   Valid from Fri Dec 24 19:50:51 EET 1999 until Tue Dec 24 20:20:51 EET 2019

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
09/08/05 14:47:52   Issuer:  CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x1
09/08/05 14:47:52   Valid from Tue May 30 13:48:38 EEST 2000 until Sat May 30 13:48:38 EEST 2020

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
09/08/05 14:47:52   Issuer:  CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x23456
09/08/05 14:47:52   Valid from Tue May 21 07:00:00 EEST 2002 until Sat May 21 07:00:00 EEST 2022

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
09/08/05 14:47:52   Issuer:  CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x1
09/08/05 14:47:52   Valid from Mon Jun 21 07:00:00 EEST 1999 until Sun Jun 21 07:00:00 EEST 2020

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
09/08/05 14:47:52   Issuer:  OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x0
09/08/05 14:47:52   Valid from Tue Jun 29 20:06:20 EEST 2004 until Thu Jun 29 20:06:20 EEST 2034

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
09/08/05 14:47:52   Issuer:  CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
09/08/05 14:47:52   Valid from Fri Oct 01 03:00:00 EEST 1999 until Thu Jul 17 02:59:59 EEST 2036

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
09/08/05 14:47:52   Issuer:  CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x1
09/08/05 14:47:52   Valid from Tue May 30 13:44:50 EEST 2000 until Sat May 30 13:44:50 EEST 2020

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
09/08/05 14:47:52   Issuer:  CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x1
09/08/05 14:47:52   Valid from Tue May 30 13:38:31 EEST 2000 until Sat May 30 13:38:31 EEST 2020

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
09/08/05 14:47:52   Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
09/08/05 14:47:52   Valid from Mon May 18 03:00:00 EEST 1998 until Wed Aug 02 02:59:59 EEST 2028

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
09/08/05 14:47:52   Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
09/08/05 14:47:52   Valid from Mon May 18 03:00:00 EEST 1998 until Wed Aug 02 02:59:59 EEST 2028

09/08/05 14:47:52 adding as trusted cert:
09/08/05 14:47:52   Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
09/08/05 14:47:52   Issuer:  CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
09/08/05 14:47:52   Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989
09/08/05 14:47:52   Valid from Fri Jul 09 20:28:50 EEST 1999 until Tue Jul 09 20:36:58 EEST 2019

09/08/05 14:47:52 trigger seeding of SecureRandom
09/08/05 14:47:52 done seeding SecureRandom
Aug 5, 2009 2:48:01 PM com.evermind.server.http.HttpMessages severeCouldNotCreateSecureHttpListener
SEVERE: Could not create Secure http listener due to {0}
java.security.UnrecoverableKeyException: Cannot recover key
        at sun.security.provider.KeyProtector.recover(KeyProtector.java:301)
        at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:120)
        at java.security.KeyStore.getKey(KeyStore.java:731)
        at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:111)
        at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:41)
        at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:192)
        at oracle.oc4j.security.OC4JSSLSocketFactory.getKeyManagers(OC4JSSLSocketFactory.java:288)
        at oracle.oc4j.security.OC4JSSLSocketFactory.getKeyManager(OC4JSSLSocketFactory.java:267)
        at oracle.oc4j.security.OC4JSSLSocketFactory.getSSLContext(OC4JSSLSocketFactory.java:358)
        at oracle.oc4j.security.OC4JSSLSocketFactory.getSocketFactory(OC4JSSLSocketFactory.java:161)
        at oracle.oc4j.security.OC4JSSLSocketFactory.createSSLSocketFactory(OC4JSSLSocketFactory.java:169)
        at com.evermind.server.http.HttpConnectionListener.initHandlers(HttpConnectionListener.java:214)
        at com.evermind.server.http.HttpConnectionListener.<init>(HttpConnectionListener.java:177)
        at com.evermind.server.http.HttpServer.getListener(HttpServer.java:478)
        at com.evermind.server.http.HttpServer.setSites(HttpServer.java:264)
        at com.evermind.server.http.HttpServer.setConfig(HttpServer.java:177)
        at com.evermind.server.ApplicationServer.initializeHttp(ApplicationServer.java:2493)
        at com.evermind.server.ApplicationServer.setConfig(ApplicationServer.java:1042)
        at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:131)
        at java.lang.Thread.run(Thread.java:595)
Aug 5, 2009 2:48:01 PM oracle.j2ee.util.LoggingUtils logAndReturnMessage
SEVERE: Exception starting HTTP server: SSL setup failure: Cannot recover key
09/08/05 14:48:01 Error initializing server: Unable to start HTTP-Server. default-web-site configuartion may not be valid.
09/08/05 14:48:05 Finalizer, called close()
09/08/05 14:48:05 Finalizer, called closeInternal(true)
09/08/05 14:48:05 Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
09/08/05 14:48:05 Finalizer, WRITE: TLSv1 Alert, length = 2
09/08/05 14:48:08 Fatal error: server exiting
app-srv:/opt/oracle/product/10.2/db_1/j2ee/home #

в папке /opt/oracle/product/10.2/db_1/j2ee/home все это и происходит.
есть еще /opt/oracle/product/10.2/db_1/oc4j/j2ee/home есть такая же ява только не настроенная. без каких либо модулей. там все завелось. конфиг оттуда не заработал в первом месте из-за модулей. добавляя постепенно модули пришел вот к такому конфигу:

Код: Выделить всё

<?xml version="1.0"?>

<application-server  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/application-server-10_1.xsd"  application-directory="../applications"
 deployment-directory="../application-deployments"
 connector-directory="../connectors"
 schema-major-version="10" schema-minor-version="0" >
        <shared-library name="global.libraries" version="1.0" library-compatible="true">
                <code-source path="../applib"/>
        </shared-library>
        <shared-library name="global.tag.libraries" version="1.0" library-compatible="true">
                <code-source path="../../home/jsp/lib/taglib/"/>
                <code-source path="../../../j2ee/home/jsp/lib/taglib/"/>
                <code-source path="../../../lib/dsv2.jar"/>
                <import-shared-library name="oracle.xml"/>
                <import-shared-library name="oracle.jdbc"/>
                <import-shared-library name="oracle.cache"/>
                <import-shared-library name="soap"/>
        </shared-library>
        <shared-library name="oracle.persistence" version="1.0" library-compatible="true">
                <code-source path="../../../toplink/jlib/toplink-essentials.jar"/>
                <import-shared-library name="oracle.jdbc"/>
        </shared-library>
        <rmi-config path="./rmi.xml" />
        <jms-config path="./jms.xml" />
        <log>
                <file path="../log/server.log" />
        </log>
        <java-compiler name="javac" in-process="false" options="-J-Xmx1024m -encoding UTF8" extdirs="/usr/lib64/jvm/java-1.5.0-sun-1.5.0_update8/jre/lib/ext" />
        <global-application name="default" path="application.xml" parent="system" start="true" />
        <global-web-app-config path="global-web-application.xml" />
        <transaction-manager-config path="transaction-manager.xml" />
        <web-site path="./secure-web-site.xml" />
        <cluster  id="11610991077312" />
</application-server>

и к снова незапускающейся яве. где копать, уже не представляю. делал все по мануалу. ман в ПДФ. еси че - могу выложить целиком или кусками.

может, в http сервер Oracle нужно каким-то образом встроить сгенерированный сертификат? как же это делать?

Хостинговая компания Host-Food.ru
Хостинг HostFood.ru
 

Услуги хостинговой компании Host-Food.ru

Хостинг HostFood.ru

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

kuzmichev
мл. сержант
Сообщения: 83
Зарегистрирован: 2009-06-01 14:31:39

Re: OC4J & SSL

Непрочитанное сообщение kuzmichev » 2009-08-06 9:18:26

ключевые строки вот эти:

Код: Выделить всё

Aug 6, 2009 9:15:53 AM com.evermind.server.http.HttpMessages severeCouldNotCreateSecureHttpListener
SEVERE: Could not create Secure http listener due to {0}
java.security.UnrecoverableKeyException: Cannot recover key
...
Aug 6, 2009 9:15:53 AM oracle.j2ee.util.LoggingUtils logAndReturnMessage
SEVERE: Exception starting HTTP server: SSL setup failure: Cannot recover key
09/08/06 09:15:53 Error initializing server: Unable to start HTTP-Server. default-web-site configuartion may not be valid.

kuzmichev
мл. сержант
Сообщения: 83
Зарегистрирован: 2009-06-01 14:31:39

Re: OC4J & SSL

Непрочитанное сообщение kuzmichev » 2009-08-06 15:03:20

балбес.. делал secure-версию xml из левого дефолта. если кто на такое наступит - делать нужно из уже рабочего default-web-site.xml

kuzmichev
мл. сержант
Сообщения: 83
Зарегистрирован: 2009-06-01 14:31:39

Re: OC4J & SSL

Непрочитанное сообщение kuzmichev » 2009-08-13 9:25:08

Помимо перечисленного, при исполнении приложения в окне браузера по HTTPS вылетала ошибка
SSL Error: unable to find valid certification path to requested target

Это значит, корневой сертификат не помещен в хранилище доверенных сертификатов JAVA машины. Решается просто, находится файл cacerts в домашнем каталоге явы и кейтулом импортируется прям туды :)

Дальше лучше. по SSL без аутентификации клиента - заработало. с аутентификацией вылазит:
SSL Error: Received fatal alert: bad_certificate

и что делать с этим - пока неясно. да и почему выскакивает, тоже нипанятна..

kuzmichev
мл. сержант
Сообщения: 83
Зарегистрирован: 2009-06-01 14:31:39

Re: OC4J & SSL

Непрочитанное сообщение kuzmichev » 2009-08-21 10:21:59

Так прикольно.. сам спрашиваешь, сам отвечаешь.. Рекомендую!

kuzmichev
мл. сержант
Сообщения: 83
Зарегистрирован: 2009-06-01 14:31:39

Re: OC4J & SSL

Непрочитанное сообщение kuzmichev » 2009-08-27 16:34:40

Щас еще спрошу кой чего.. мож хто из отвечавших знает..
keytool-ом оказывается низя p12 сертификаты генерить, их как то нуна конвертировать, с помощью openssl-а. мож кто в курсе? Кста, предыдущая грабля - это генерирование сертификатов от корневого не keytool-а, а openssl-а. то бишь, просто корневой левый, потому и ошибочка..