Weblogic Server 8.1 SP4 SSL Problem - Weblogic

This is a discussion on Weblogic Server 8.1 SP4 SSL Problem - Weblogic ; I had a server setup using SSL and x.509 certificates on Weblogic 8.1 SP3. Everything was setup fine and working properly. I installed SP4 and I couldnt get the Certificates to work properly. I keeps rejecting the certificate. All the ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Weblogic Server 8.1 SP4 SSL Problem

  1. Weblogic Server 8.1 SP4 SSL Problem

    I had a server setup using SSL and x.509 certificates on Weblogic 8.1 SP3. Everything was setup fine and working properly.

    I installed SP4 and I couldnt get the Certificates to work properly. I keeps rejecting the certificate. All the Identity, Trust, and all configurations seem to be identical.

    I get a message
    Could not establish encrypted connection because your certificate was rejected by localhost Error Code: -12271

    Any ideas on what the problem could be.

  2. Re: Weblogic Server 8.1 SP4 SSL Problem

    Does any of your CA certificates involved have critical basic constraints extension with not specified path length field? A bug introduced in sp4 made this field required, while it should be optional.

    Try running with ssl debug on: -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
    This should provide more info about why validation failed.

    Pavel.

  3. Re: Weblogic Server 8.1 SP4 SSL Problem

    I do have one set to true, but the PathLen field is a large 10 digit number.

    Does that seem right?

  4. Re: Weblogic Server 8.1 SP4 SSL Problem

    Large pathlen field value is OK, though this effectively disables the path length constraint which is supposed to protect against certificate spoofing.
    The bug I was talking about is exposed by CA certificates that omit the pathlen field. If this were your case, you'd see this ssl debug message: "Failed x509 basic constraints check - is not CA"

    Pavel.

+ Reply to Thread