Getting following exception when we deploy application in weblogic.
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
The same application works fine on Tomcat. It appears that Weblogic SSL validation fails the certificate when the certificate encryption is of a weaker strength than what is expected by newer versions of Java, whereas Tomcat allows the same certs.
Full Stack trace for reference:
Solution :
Adding the following -D options in weblogic should resolve the issue:
weblogic.security.SSL.allowSmallRSAExponent=true
weblogic.security.SSL.ignoreHostnameVerification=true
]] Root cause of ServletException.
javax.xml.ws.WebServiceException: javax.net.ssl.SSLKeyException: FATAL Alert:BAD
_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.sun.xml.ws.transport.http.client.HttpClientTransport.readResponse
CodeAndMessage(HttpClientTransport.java:221)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTr
ansportPipe.java:204)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest
(HttpTransportPipe.java:124)
at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(Deferre
dTransportPipe.java:118)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:866)
Truncated. see log file for complete stacktrace
Caused By: javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrup
t or unuseable certificate was received.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknow
n Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.hand
le(Unknown Source)
Truncated. see log file for complete stacktrace
>
<Oct 31, 2013 2:30:27 PM CDT> <Warning> <Socket> <BEA-000449> <Closing socket as
no data read from it on 0:0:0:0:0:0:0:1:64,772 during the configured idle timeo
ut of 5 secs>
Added weblogic.security.SSL.allowSmallRSAExponent=true
Then I started getting hostname verification error as below
]] Root cause of ServletException.
javax.xml.ws.WebServiceException: javax.net.ssl.SSLKeyException: [Security:09050
4]Certificate chain received from ertservicescert.trivin.net - 76.193.245.70 fai
led hostname verification check. Certificate contained *.trivin.net but check ex
pected ertservicescert.trivin.net
at com.sun.xml.ws.transport.http.client.HttpClientTransport.readResponse
CodeAndMessage(HttpClientTransport.java:221)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTr
ansportPipe.java:204)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest
(HttpTransportPipe.java:124)
at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(Deferre
dTransportPipe.java:118)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:866)
Truncated. see log file for complete stacktrace
Caused By: javax.net.ssl.SSLKeyException: [Security:090504]Certificate chain rec
eived from ertservicescert.trivin.net - 76.193.245.70 failed hostname verificati
on check. Certificate contained *.trivin.net but check expected ertservicescert.
trivin.net
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknow
n Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.hand
le(Unknown Source)
Truncated. see log file for complete stacktrace
>
<Oct 31, 2013 2:27:37 PM CDT> <Warning> <Socket> <BEA-000449> <Closing socket as
no data read from it on 0:0:0:0:0:0:0:1:64,743 during the configured idle timeo
ut of 5 secs>
