WebLogic not sending Client Certificates for 2-Way SSL
(Doc ID 1988350.1)
Last updated on OCTOBER 13, 2021
Applies to:
Oracle Service Bus - Version 11.1.1.6.0 and laterInformation in this document applies to any platform.
Symptoms
On an OSB 11.1.1.6 environment the user is having an issue with a Salesforce web service client deployed on OSB. WebLogic server is not presenting the client certificate while establishing the 2way-ssl connection. The client does not seem to be passing down an acceptable CAList and this will be preventing the hanshake from happening.
Debug message in OSB Server logs - "Returning no identity certificates, because certificate request message contains no CA names."
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <Returning no identity certificates, because certificate request message contains no CA names.>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 7>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <........... Eating Exception ..........
java.security.NoSuchAlgorithmException: Algorithm SHA not available
at javax.crypto.Mac.getInstance(DashoA13*..)
at com.certicom.tls.provider.Mac.getInstance(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.makeKeys(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.deriveKeys(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.generateSecurityParameters(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.doRSAKE(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <Returning no identity certificates, because certificate request message contains no CA names.>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 7>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 3, 2015 3:06:43 PM MST> <Debug> <SecuritySSL> <BEA-000000> <........... Eating Exception ..........
java.security.NoSuchAlgorithmException: Algorithm SHA not available
at javax.crypto.Mac.getInstance(DashoA13*..)
at com.certicom.tls.provider.Mac.getInstance(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.makeKeys(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.deriveKeys(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.generateSecurityParameters(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.doRSAKE(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |