Weblogic ‘feature’ and Bb Vista SP3

The 'feature' is called hostname verification. It's on by default. You'll find it under > Environments > Servers > 1 of your servers > SSL tab > bottom of the page under 'Advanced'

Whatever you do, DON'T touch that button. Your environment may never be the same…

Hostname_verifier_setting 

I'm sure it renders man-in-the-middle attacks moot, BUT…

It originally bit us because we added Wimba Voice Tools – fully encrypted. Wimba, at the time, about 18 months ago now, was using a wildcard cert in their data center. This 'feature' above does not like notredamevoice.wimba.com referred to as *.wimba.com . Wimba, to their credit, moved Notre Dame's instance and purchased a specific cert.

Today this 'feature' bites again…

This time even after it was changed from "NONE" back to its default as you see above, it has prevented our SP3 from starting up properly after the upgrade. The workaround includes removing the hostname verification param in your config.xml file and disabling schema validation in webct.sh  STARTUP_OPTIONS with this parameter

-Dweblogic.configuration.schemaValidationEnabled=false

I may write more about it later after I figure out what else needs to be done to get schema validation to work again…

By the way, has anyone had to edit the config.xml header since Oracle purchased Weblogic? The xsd files would not be hosted in the same place, would they?

Previous header:

<?xml version="1.0" encoding="UTF-8"?>
<domain xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/security http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/920/domain http://www.bea.com/ns/weblogic/920/domain.xsd http://www.bea.com/ns/weblogic/90/security/wls http://www.bea.com/ns/weblogic/90/security/wls.xsd">

Potential new header?

<?xml version="1.0" encoding="UTF-8"?>
<domain xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/security http://www.oracle.com/technology/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/920/domain http://www.oracle.com/technology/weblogic/920/domain.xsd http://www.bea.com/ns/weblogic/90/security/wls http://www.oracle.com/technology/weblogic/90/security/wls.xsd">

 

Advertisements

One response to “Weblogic ‘feature’ and Bb Vista SP3

  1. I started the cluster with the schema validation disabled, then went into the weblogic console and toggled hostname verification to NONE, saved, activated, then toggled it back to BEA Hostname verification, the default. Then removed the line which disabled schema validation from my webct.sh STARTUP_OPTIONS, then was able to start the cluster normally. Yes, the config.xml file still contains a param under SSL for the hostname verification setting. Yes, I’m still using the old domain header with URLs pointing to the xsd files…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s