My Oracle Support Banner

Understanding and Investigating SSL Issues Support Pattern (Doc ID 1078957.1)

Last updated on DECEMBER 20, 2023

Applies to:

Oracle WebLogic Server - Version 6.1 and later
Information in this document applies to any platform.

Purpose

This document is a support pattern describing the SSL implementation in WebLogic Server and provides tips on how to troubleshoot related problems

Problem Description

Two communicating parties, using the SSL (Secure Socket Layer) protocol, cannot establish a connection due to an SSL failure.

Troubleshooting Steps

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
 Problem Description
Troubleshooting Steps
 What is SSL and how does it work?
 What is PKC and how does it work?
 What is a Certificate?
 What is a Certificate Authority?
 What is a SSL handshake?
 Certificate Formats
 PEM
 DER
 PKCS#12
 Generating Demo Certificates
 Step 1 - Create demo private keys
 keytool (from your jdk)
 Certificate Servlet from WebLogic (deprecated in 7.0)
 Step 2 - Sign the public key by a trusted CA
 Converting Certificate Formats
 To PKCS#12 (Mozilla, IE etc.) from PEM
 From PKCS#12 to PEM
 Look into a Certificate
 Other commands:
 Configure WLS to use your keystore (one way SSL only)
 Problem Troubleshooting
 1. Know the failure: Enable the SSL Debug Flags to track SSL issues
 2. What does a correct handshake look like?
 First SSL Handshake
 Server Side
 Client Side
 SSL resuming a session
 Server Side
 Client Side
 Handshake doing client authentication (2-way SSL)
 Server Side
 Client Side
 3. Analyze logs - determine the failure
 General Certificate
 Solution
 Failed hostname verification check
 Client Side
 Solution
 CERT_CHAIN_UNTRUSTED
 Client Side
 Solution
 BAD_CERTIFICATE (not signed properly causing SSL handshake failure)
 Client Side
 Server Side
 Solution
 CLOSE_NOTIFY
 HANDSHAKE_FAILURE
 Server Side
 Solution
 Need further help?

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.