Last updated on NOVEMBER 05, 2016
Applies to:Oracle iPlanet Web Server - Version 6.1 to 7.0 [Release 6.1 to 7.0]
Information in this document applies to any platform.
***Checked for relevance on 23-Dec-2013***
This document describes how to configure the Web Server to prevent the HTTPS/SSL response from sending the root certificate during the SSL handshake.
In iPlanet Web Server 6.x and 7.x, a HTTPS listener is configured with a SSL certificate with a specified certificate nickname like "Server-Cert". This nickname typically refers to a SSL server certificate that is stored in a SSL certificate store.
This certificate store is normally loaded with the Intermediate Certificate Authority that issued the SSL server cert as well as a trusted root Certificate Authority (CA).
A "Root Certificate Authority" is a certificate where it's "Subject" attribute is the same as it's "Issuer". For example, the following is a sample root CA from Verisign where the issuer and subject can be seen to be same.
G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=Ver
iSign Trust Network,O="VeriSign, Inc.",C=US"
Subject: "CN=VeriSign Class 3 Public Primary Certification Authority
- G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=Ve
riSign Trust Network,O="VeriSign, Inc.",C=US"
When a HTTPS/SSL client browser connects to the Web Server, part of the SSL protocol contains a step where the SSL response will return to the client the following as part of the SSL handshake:
- the SSL Server certificate (The "Server-Cert")
- It's SSL Certificate chain (this may contain a few X509 Certificates)
- Root CA (if this is present in the certificate trust store)
iPlanet Web Server 6.x and 7.x will return the SSL server certificate and the chain, if it can form a certificate chain from the SSL Server certificate from its SSL certificate store.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms