My Oracle Support Banner

2-Way SSL Connection On WebLogic Fails With Null Cert Chain (Doc ID 2386803.1)

Last updated on MAY 25, 2018

Applies to:

Oracle WebLogic Server - Version and later
Information in this document applies to any platform.


WebLogic Server 12.1.3 and JDK 1.7.0_151

When configuring 2-way SSL between 2 WebLogic domains, 'ServiceDomain' and 'ClientDomain' the SSL handshake is not successful. 

Enable the following debug flags to server start-up JAVA_OPTIONS on both 'ServiceDomain' and 'ClientDomain' -Dssl.debug=true -Dweblogic.debug.DebugSecuritySSL=true -Dweblogic.StdoutDebugEnabled=true -Dweblogic.log.StdoutSeverity=Debug -Dweblogic.log.LogSeverity=Debug

With the above debug in place, when we reproducing 2-way SSL call shows error on 'ServiceDomain' side :

ExecuteThread: '1' for queue: 'weblogic.socket.Muxer', READ: TLSv1.2 Handshake, length = 77
*** Certificate chain
ExecuteThread: '1' for queue: 'weblogic.socket.Muxer', fatal error: 42: null cert chain null cert chain
%% Invalidated: [Session-11, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
ExecuteThread: '1' for queue: 'weblogic.socket.Muxer', SEND TLSv1.2 ALERT: fatal, description = bad_certificate
ExecuteThread: '1' for queue: 'weblogic.socket.Muxer', WRITE: TLSv1.2 Alert, length = 2
ExecuteThread: '1' for queue: 'weblogic.socket.Muxer', fatal: engine already closed. Rethrowing null cert chain
ExecuteThread: '1' for queue: 'weblogic.socket.Muxer', called closeOutbound()
ExecuteThread: '1' for queue: 'weblogic.socket.Muxer', closeOutboundInternal()

Logs show configured correct identity keystores and cacert loaded during server start up on both 'ServiceDomain' and 'ClientDomain'.

But, during 2-way SSL Handshake, above error show that the 'ClientDomain' is not sending its Identity certificate. 




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.