My Oracle Support Banner

V3 CA certificate which did not indicate it really is a CA (Doc ID 1358334.1)

Last updated on JULY 15, 2021

Applies to:

Oracle WebLogic Server - Version 8.1 to 8.1
Information in this document applies to any platform.

Symptoms

Path length constraint of CA certificates is being checked as a part of Basic Constraint check from WLS 8.1.4 onwards. If you are using a CA certificate with path length constraint field omitted in basic constraint extension of the certificate then such certificate chains fail the certificate validation during SSL connection with the following errors:

To overcome this issue you can use-Dweblogic.security.SSL.enforceConstraints=off. This will turn off the Basic constraint check on WebLogic Server. However customer was still facing the same issue after adding the above flag in WLS 8.1.4.

Changes

Upgraded from WLS 8.1.3 to WLS 8.1.4. (same certificates were used in WLS 8.1.3 ).

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.