How to Configure Oracle iPlanet Web Server To Prevent It From Sending The Root CA Certificate In The Certificate Chain (Doc ID 1416075.1)

Last updated on NOVEMBER 05, 2016

Applies to:

Oracle iPlanet Web Server - Version 6.1 to 7.0 [Release 6.1 to 7.0]
Information in this document applies to any platform.
***Checked for relevance on 23-Dec-2013***

Goal

This document describes how to configure the Web Server to prevent the HTTPS/SSL response from sending the root certificate during the SSL handshake.

Background:
In iPlanet Web Server 6.x and 7.x, a HTTPS listener is configured with a SSL certificate with a specified certificate nickname like "Server-Cert". This nickname typically refers to a SSL server certificate that is stored in a SSL certificate store.

This certificate store is normally loaded with the Intermediate Certificate Authority that issued the SSL server cert as well as a trusted root Certificate Authority (CA).

A "Root Certificate Authority" is a certificate where it's "Subject" attribute is the same as it's "Issuer". For example, the following is a sample root CA from Verisign where the issuer and subject can be seen to be same.

Issuer: "CN=VeriSign Class 3 Public Primary Certification Authority -
G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=Ver
iSign Trust Network,O="VeriSign, Inc.",C=US"
Subject: "CN=VeriSign Class 3 Public Primary Certification Authority
- G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=Ve
riSign Trust Network,O="VeriSign, Inc.",C=US"


When a HTTPS/SSL client browser connects to the Web Server, part of the SSL protocol contains a step where the SSL response will return to the client the following as part of the SSL handshake:

iPlanet Web Server 6.x and 7.x will return the SSL server certificate and the chain, if it can form a certificate chain from the SSL Server certificate from its SSL certificate store.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms