WebLogic Server Fails to Establish and Outbound SSL Connection (LDAPS or IIOPS) If Its Own Certificate Has Expired (Doc ID 1592808.1)

Last updated on FEBRUARY 11, 2017

Applies to:

Oracle WebLogic Server - Version 10.3.4 to 12.1.2.0.0
Information in this document applies to any platform.

Symptoms

Under these circumstances:

1) SSL is enabled in WLS

1) WLS uses SSL to establish outbound connections for LDAP (LDAPS) or IIOP (IIOPS)

3) The certificate WLS uses for its own identity has expired

WLS will fail to establish an outbound SSL connection as it won't validate the certificate presented by the other peer.

Specifically, this has been observed by setting up an external LDAP as authentication provider, using SSL connection. For that to work, one needs to add the CA cert for the certificate that the LDAP server presents to WLS trust store. If for some reason the server/identity certificate that WLS has configured in its identity store has expired, then WLS will fail to establish the outbound SSL connection.

The following errors will be seen in the WLS sever logs:

Changes

The certificate used by WLS has expired.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms