JSSE Configuration Issue in WebLogic 10.3.x When Setting Cert Requested, Not Enforced

(Doc ID 1304249.1)

Last updated on AUGUST 08, 2017

Applies to:

Oracle WebLogic Server - Version 10.3.4 to 10.3.5
Information in this document applies to any platform.
***Checked for relevance on 24-Feb-2016***

Symptoms

On applications running on WLS 10.3.4 or 10.3.5, when attempting to secure the application with JSSE, the following error occurs:

####<Mar 15, 2011 2:25:28 PM EDT> <Debug> <SecuritySSL> <system> <AdminServer> <ExecuteThread: '1' for queue: 'weblogic.socket.Muxer'> <> <> <> <1300213528310> <BEA-000000> <Exception processing certificates: peer not authenticated javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)

The browser is not warning about the unauthenticated certificate use. The browser should warn the client that the certificate is not authenticated and provide an option to authenticate.

You will also see a stack trace similar to this:

<Mar 9, 2011 11:22:07 AM MST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[ExecuteThread: '3' for queue: 'weblogic.socket.Muxer',5,Thread Group for Queue: 'weblogic.socket.Muxer']]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.wrap(ByteBuffer,ByteBuffer).
javax.net.ssl.SSLHandshakeException: null cert chain
at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:1015)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:480)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1120)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1092)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:452)
at weblogic.security.SSL.jsseadapter.JaSSLEngine$1.run(JaSSLEngine.java:68)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.wrap(JaSSLEngine.java:66)
at weblogic.socket.JSSEFilterImpl.wrap(JSSEFilterImpl.java:475)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:133)
at weblogic.socket.JSSEFilterImpl.isMessageComplete(JSSEFilterImpl.java:313)
at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:100)
at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
Caused By: javax.net.ssl.SSLHandshakeException: null cert chain

Changes

Create two-way SSL:

  1. In the SSL tab go to the advanced tab.
  2. In the advanced tab go to the Two Way Client Cert Behavior: and change it to "cert requested and not enforced"
  3. Select the "Use JSSE SSL"option.
  4. Save and restart the server.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms