WebLogic Server Fails to Establish and Outbound SSL Connection (LDAPS or IIOPS) if its own Certificate has Expired
(Doc ID 1592808.1)
Last updated on SEPTEMBER 22, 2021
Applies to:Oracle WebLogic Server - Version 10.3.4 to 126.96.36.199.0
Information in this document applies to any platform.
Under these circumstances:
1) SSL is enabled in WLS
1) WLS uses SSL to establish outbound connections for LDAP (LDAPS) or IIOP (IIOPS)
3) The certificate WLS uses for its own identity has expired
WLS will fail to establish an outbound SSL connection as it won't validate the certificate presented by the other peer.
Specifically, this has been observed by setting up an external LDAP as authentication provider, using SSL connection. For that to work, one needs to add the CA cert for the certificate that the LDAP server presents to WLS trust store. If for some reason the server/identity certificate that WLS has configured in its identity store has expired, then WLS will fail to establish the outbound SSL connection.
The following errors will be seen in the WLS sever logs:
The certificate used by WLS has expired.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document