Accessing Paglet Producer via SSL with Servers that have Self-Signed Certificates Fails with Exception "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated"
(Doc ID 1530386.1)
Last updated on APRIL 13, 2023
Applies to:
Oracle WebCenter Portal - Version 11.1.1.5.0 and laterInformation in this document applies to any platform.
Symptoms
Configuring Pagelet Producer to be able to proxy HTTPS resources which use self-signed or certificates issued by untrusted authorities.
The content server and the pagelet producer server both use self-signed SSL certificates. The pagelet producer server has the content server's SSL certificate imported into its keystore/truststore.
The exception in the pagelet producer log is this:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:176)
at weblogic.servlet.internal.VirtualConnection.init(VirtualConnection.java:78)
at weblogic.servlet.internal.ServletRequestImpl.initFromRequestParser(ServletRequestImpl.java:269)
at weblogic.servlet.internal.MuxableSocketHTTP.dispatch(MuxableSocketHTTP.java:278)
at weblogic.socket.JSSEFilterImpl.dispatch(JSSEFilterImpl.java:242)
at weblogic.socket.MuxableSocketDiscriminator.dispatch(MuxableSocketDiscriminator.java:185)
at weblogic.socket.JSSEFilterImpl.dispatch(JSSEFilterImpl.java:242)
at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:950)
at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:898)
at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:130)
at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
....
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
....
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:176)
at weblogic.servlet.internal.VirtualConnection.init(VirtualConnection.java:78)
at weblogic.servlet.internal.ServletRequestImpl.initFromRequestParser(ServletRequestImpl.java:269)
at weblogic.servlet.internal.MuxableSocketHTTP.dispatch(MuxableSocketHTTP.java:278)
at weblogic.socket.JSSEFilterImpl.dispatch(JSSEFilterImpl.java:242)
at weblogic.socket.MuxableSocketDiscriminator.dispatch(MuxableSocketDiscriminator.java:185)
at weblogic.socket.JSSEFilterImpl.dispatch(JSSEFilterImpl.java:242)
at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:950)
at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:898)
at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:130)
at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
....
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
....
Changes
The same works in HTTP. If the source URL is set to the HTTPS address of the content server, then accessing a pagelet via the pagelet producer fails with the error mentioned above.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |