Click on the Server Start tab and add -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true in the Arguments section:
Restart oam_server1. SSL-debug information will be written to the oam_server1.log (located in $MW_HOME/domains/WLSDomain/servers/oam_server1/logs):
...
...
...
####<May 16, 2014 2:30:25 PM EDT> <Debug> <SecuritySSL> <svrtst02.isedlab.org> <oam_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <114848da72d7dcfc:-3a0c05c9:14605a3f20e:-8000-0000000000001794> <1400265025295> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 207182277780947434404477757924094648847
Issuer:C=US, O=U.S. Government, OU=DoD, OU=NRO, CN=ISED lab Root
Subject:C=US, O=U.S. Government, OU=DoD, OU=NRO, OU=CA, CN=CAD CA 1
Not Valid Before:Thu Jun 14 10:00:16 EDT 2012
Not Valid After:Sun Jun 14 10:00:16 EDT 2015
Signature Algorithm:SHA1withRSA
>
####<May 16, 2014 2:30:25 PM EDT> <Debug> <SecuritySSL> <svrtst02.isedlab.org> <oam_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <114848da72d7dcfc:-3a0c05c9:14605a3f20e:-8000-0000000000001794> <1400265025295> <BEA-000000> <validationCallback: validateErr = 0>
####<May 16, 2014 2:30:25 PM EDT> <Debug> <SecuritySSL> <svrtst02.isedlab.org> <oam_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <114848da72d7dcfc:-3a0c05c9:14605a3f20e:-8000-0000000000001794> <1400265025296> <BEA-000000> < cert[0] = Serial number: 85355980927748066409252166003794705697
Issuer:C=US, O=U.S. Government, OU=DoD, OU=NRO, OU=CA, CN=CAD CA 1
Subject:C=US, O=U.S. Government, OU=DoD, OU=NRO, CN=weblogic
Not Valid Before:Fri May 09 16:24:56 EDT 2014
Not Valid After:Sun Jun 14 09:59:16 EDT 2015
Signature Algorithm:SHA1withRSA
>
####<May 16, 2014 2:30:25 PM EDT> <Debug> <SecuritySSL> <svrtst02.isedlab.org> <oam_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <114848da72d7dcfc:-3a0c05c9:14605a3f20e:-8000-0000000000001794> <1400265025296> <BEA-000000> < cert[1] = Serial number: 207182277780947434404477757924094648847
Issuer:C=US, O=U.S. Government, OU=DoD, OU=NRO, CN=ISED lab Root
Subject:C=US, O=U.S. Government, OU=DoD, OU=NRO, OU=CA, CN=CAD CA 1
Not Valid Before:Thu Jun 14 10:00:16 EDT 2012
Not Valid After:Sun Jun 14 10:00:16 EDT 2015
Signature Algorithm:SHA1withRSA
>
...
...
...
When using Firefox and passing your SSL certificate to the server, if the "Remember this decision" is checked, Firefox will not prompt you again for the cert:
While testing, it's good to reset this behavior so that you will be always prompted to select a certificate to present to the server. To do this, from Firefox Tools -> Options -> Privacy -> clear your recent history:
Check Active Logins and un-check everything else and click Clear Now. This will prompt for a client cert to be selected.
No comments:
Post a Comment