My Oracle Support Banner

Weblogic Apache Plugin Truncates the Header When Using WL-Proxy-Client-Cert (Doc ID 2415432.1)

Last updated on FEBRUARY 03, 2019

Applies to:

Oracle WebLogic Server - Version 12.1.3.0.0 and later
Information in this document applies to any platform.

Symptoms

Larger certificate not loading properly with weblogic Apache Plugin. WebLogic plugin truncates the client cert if the cert length is more than 4k.

Certificates start with "[" but don't end with "]" in the plugin.

Weblogic server throws below error due to this issue:

<Error> <HTTP> <BEA-101257> <Failed to parse the client certificate in header: WL-Proxy-Client-Cert. Ignoring this certificate. java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Incomplete BER/DER data

java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Incomplete BER/DER data
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at com.bea.common.security.jdkutils.X509CertificateFactory.engineGenerateCertificate(X509CertificateFactory.java:118)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at weblogic.servlet.internal.VirtualConnection.initProxyClientCert(VirtualConnection.java:212)
Truncated. see log file for complete stacktrace
Caused By: java.io.IOException: Incomplete BER/DER data
at sun.security.provider.X509Factory.readBERInternal(X509Factory.java:693)
at sun.security.provider.X509Factory.readOneBlock(X509Factory.java:491)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:91)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at com.bea.common.security.jdkutils.X509CertificateFactory.engineGenerateCertificate(X509CertificateFactory.java:118)
Truncated. see log file for complete stacktrace

Changes

 With some long certificates (Size: 512 Bytes / 4096 Bits) in WebLogic module for Apache 2.2.15, the certificate that appears in the header [WL-Proxy-Client-Cert] is truncated and as result, the web application that needs the certificate gives us an error.

If the certificate not closed "]" that means certificate is more than 4096 size.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.