WebLogic Server Fails to Establish and Outbound SSL Connection (LDAPS or IIOPS) If Its Own Certificate Has Expired
Last updated on DECEMBER 11, 2017
Applies to:Oracle WebLogic Server - Version 10.3.4 to 220.127.116.11.0
Information in this document applies to any platform.
Under these circumstances:
1) SSL is enabled in WLS
1) WLS uses SSL to establish outbound connections for LDAP (LDAPS) or IIOP (IIOPS)
3) The certificate WLS uses for its own identity has expired
WLS will fail to establish an outbound SSL connection as it won't validate the certificate presented by the other peer.
Specifically, this has been observed by setting up an external LDAP as authentication provider, using SSL connection. For that to work, one needs to add the CA cert for the certificate that the LDAP server presents to WLS trust store. If for some reason the server/identity certificate that WLS has configured in its identity store has expired, then WLS will fail to establish the outbound SSL connection.
The following errors will be seen in the WLS sever logs:
The certificate used by WLS has expired.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms