WebLogic not sending Client Certificates for 2-Way SSL (Doc ID 1988350.1)

Last updated on OCTOBER 18, 2016

Applies to:

Oracle Service Bus - Version 11.1.1.6.0 and later
Information in this document applies to any platform.

Symptoms

On an OSB 11.1.1.6 environment the user is having an issue with a Salesforce web service client deployed on OSB.  WebLogic server is not presenting the client certificate while establishing the 2way-ssl connection. The client does not seem to be passing down an acceptable CAList and this will be preventing the hanshake from happening.

Debug message in OSB Server logs - "Returning no identity certificates, because certificate request message contains no CA names."

 

<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <Returning no identity certificates, because certificate request message contains no CA names.>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 7>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <........... Eating Exception ..........
java.security.NoSuchAlgorithmException: Algorithm SHA not available
at javax.crypto.Mac.getInstance(DashoA13*..)
at com.certicom.tls.provider.Mac.getInstance(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.makeKeys(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.deriveKeys(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.generateSecurityParameters(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.doRSAKE(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)

  

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms