Thanks go out to Atreya Mohan, who suggested a smaller key size for the CA. This did the trick. I guess that WebLogic 5.1 can't deal with keys bigger than 2048 bits
-----Original Message----- From: Metzinger, Tim [mailto:[EMAIL PROTECTED]] Sent: Friday, December 14, 2001 10:03 AM To: OpenSSL user list (E-mail) Subject: WebLogic and OpenSSL I've been having problems getting a Weblogic 5.1 server to run using a cert genertated with OpenSSL. Here's what I've done: Created a CA key of 4096 bits = ohrescakey.pem Created a self-signed cert for the CA key (ohrescacert.der) valid for five years, using the following command: OpenSSL> req -new -x509 -out ohrescacert.der -key ohrescakey.pem -days 1825 -config openssl_config.txt Then I created a new key and cert request for the web server, and used the OpenSSL CA function to sign this cert. All the certs are recognized by IE just fine, but when I load them into the WebLogic Server, they don't seem to work. weblogic.security.certificate.server=portalsdccert.pem weblogic.security.key.server=portalsdckey.pem weblogic.security.certificate.authority=ohrescacert.der If I submit the web server CSR to Verisign, and get a test cert back from them, then it works just fine. The only difference I can see is that the Verisign Root CA cert is a V1 cert, while the OpenSSL root CA cert I created is a V3 cert. Is there any way to force OpenSSL to create a V1 self-signed cert? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
