V3 CA certificate which did not indicate it really is a CA
(Doc ID 1358334.1)
Last updated on JULY 15, 2021
Applies to:Oracle WebLogic Server - Version 8.1 to 8.1
Information in this document applies to any platform.
Path length constraint of CA certificates is being checked as a part of Basic Constraint check from WLS 8.1.4 onwards. If you are using a CA certificate with path length constraint field omitted in basic constraint extension of the certificate then such certificate chains fail the certificate validation during SSL connection with the following errors:
To overcome this issue you can use-Dweblogic.security.SSL.enforceConstraints=off. This will turn off the Basic constraint check on WebLogic Server. However customer was still facing the same issue after adding the above flag in WLS 8.1.4.
Upgraded from WLS 8.1.3 to WLS 8.1.4. (same certificates were used in WLS 8.1.3 ).
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document