My Oracle Support Banner

IIS Proxy Plugin 1.0 For WebLogic Server Is Truncating The WL -Proxy-Client-Cert Header (Doc ID 1355311.1)

Last updated on FEBRUARY 03, 2019

Applies to:

Oracle Weblogic Server - Version: 10.3.5 and later   [Release: and later ]
Generic Windows

Symptoms

  • Using WLS Plugin 1.0 for IIS from patch p10051826_1033_Generic.zip
  • IIS is configured for client certificates with SSL
  • The proxy plugin is not passing the WL-Proxy-Client-Cert correctly to WLS and is truncating it
  • From the plugin log with Debug=ALL:
Wed Aug 10 21:41:43 2011 <22936131300890310> Hdrs to WLS:[WL-Proxy-Client-Keysize]=[128]
Wed Aug 10 21:41:43 2011 <22936131300890310> Hdrs to WLS:[X-WebLogic-KeepAliveSecs]=[30]
Wed Aug 10 21:41:43 2011 <22936131300890310> Hdrs to WLS:[X-WebLogic-Force-JVMID]=[-2134213772]
Wed Aug 10 21:41:43 2011 <22936131300890310> Hdrs to WLS:[WL-Proxy-SSL]=[true]
Wed Aug 10 21:41:43 2011 <22936131300890310> Hdrs to WLS:[WL-Proxy-Client-Cert]=[MIIC]
  • Because of this WLS fails to verify the cert with the following error in the $DOMAIN_HOME/servers/logs/<server>.log or stdout:
<Error> <HTTP> <BEA-101257> <Failed to parse the client certificate in header: WL-Proxy-Client-Cert. Ignoring this certificate.
java.security.cert.CertificateException: Could not parse certificate: java.io.EOFException: Detect premature EOF
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:109)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
at com.bea.common.security.jdkutils.X509CertificateFactory.engineGenerateCertificate(X509CertificateFactory.java:118)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
at weblogic.servlet.internal.VirtualConnection.initProxyClientCert(VirtualConnection.java:213)
Truncated. see log file for complete stacktrace
Caused By: java.io.EOFException: Detect premature EOF
at sun.misc.IOUtils.readFully(IOUtils.java:50)
at sun.security.util.DerValue.init(DerValue.java:370)
at sun.security.util.DerValue.<init>(DerValue.java:303)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
Truncated. see log file for complete stacktrace

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
  Symptoms
  Cause
  Solution
  References

This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.