WLS with Two Way SSL: JPS-01520 Cannot initialize identity store, cause: oracle.security.idm.ConfigurationException: javax.naming.CommunicationException: <host>:<port> [Root exception is javax.net.ssl.SSLException: Fatal Alert received: Bad Certificate]
(Doc ID 2765064.1)
Last updated on JANUARY 17, 2024
Applies to:
Oracle Virtual Directory - Version 12.2.1.0.0 and laterOracle WebLogic Server - Version 12.2.1.0.0 and later
Information in this document applies to any platform.
Symptoms
Weblogic Server (WLS) running in secure production mode, all non SSL ports are closed.
Two way / 2 way SSL is enabled for Weblogic.
Note: A custom app that accesses the ldap store with one way SSL enabled was getting Certificate path error, which was resolved by adding - Djavax.net.ssl.trustStore=<MW_HOME>/**.pkcs12 -Djavax.net.ssl.trustStoreType=PKCS12 )-Djavax.net.ssl.trustStorePassword=**
After two-way / 2-way SSl is enabled for Weblogic, the following log error occurs:
<23-Mar-2021 14:36:33,442 o'clock GMT> <Emergency> <oracle.jps.idmgmt> <JPS-01520> <Cannot initialize identity store, cause: oracle.security.idm.ConfigurationException: javax.naming.CommunicationException: <hostname>:<port> [Root exception is javax.net.ssl.SSLException: Fatal Alert received: Bad Certificate].
oracle.security.idm.ConfigurationException: javax.naming.CommunicationException: <hostname>:<port> [Root exception is javax.net.ssl.SSLException: Fatal Alert received: Bad Certificate]
at oracle.security.idm.providers.stdldap.TestConnectionPool.execute(LDIdentityStoreFactory.java:1027)
at oracle.security.idm.providers.stdldap.LDIdentityStoreFactory.setupConnPool(LDIdentityStoreFactory.java:621)
at oracle.security.idm.providers.stdldap.LDIdentityStoreFactory.setup(LDIdentityStoreFactory.java:334)
at oracle.security.idm.providers.ovd.OVDIdentityStoreFactory.<init>(OVDIdentityStoreFactory.java:59)
at oracle.security.idm.providers.wlsldap.WLSLDAPIdentityStoreFactory.<init>(WLSLDAPIdentityStoreFactory.java:45)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at oracle.security.idm.IdentityStoreFactoryBuilder.getIdentityStoreFactory(IdentityStoreFactoryBuilder.java:128)
at oracle.security.jps.internal.idstore.util.IdentityStoreUtil.getIdentityStoreFactory(IdentityStoreUtil.java:228)
at oracle.security.jps.internal.idstore.AbstractIdmIdentityStore.getIdmFactory(AbstractIdmIdentityStore.java:347)
at oracle.security.jps.internal.idstore.AbstractIdmIdentityStore.initIdmStore(AbstractIdmIdentityStore.java:268)
at oracle.security.jps.internal.idstore.AbstractIdmIdentityStore.initStore(AbstractIdmIdentityStore.java:239)
at oracle.security.jps.internal.idstore.AbstractIdmIdentityStore.getIdmStore(AbstractIdmIdentityStore.java:194)
at com.fadata.insis.security.LDAPUtilities.getIdentityStore(LDAPUtilities.java:1117)
at com.fadata.insis.security.LDAPUtilities.getEnterpriseGroupsForUser(LDAPUtilities.java:449)
at com.fadata.insis.security.LDAPUtilities.getApplicationRolesForUser(LDAPUtilities.java:514)
at com.fadata.insis.security.LDAPUtilities.getApplicationRolesForUser(LDAPUtilities.java:477)
at group.banking.lloyds.insurance.authentication.CustomPostAuthenticator.postAuthenticate(CustomPostAuthenticator.java:42)
at group.banking.lloyds.insurance.authentication.CustomPostAuthenticator.postAuthenticate(CustomPostAuthenticator.java:1)
at com.fadata.ips.Authentication.doLoginPostProcess(Authentication.java:388)
at group.banking.lloyds.insurance.authentication.filter.CustomPostAuthenticationFilter.doFilter(CustomPostAuthenticationFilter.java:47)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at com.fadata.insis.rest.servlet.InactiveServicesFilter.doFilter(InactiveServicesFilter.java:74)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.security.jps.ee.http.JpsAbsFilter$3.run(JpsAbsFilter.java:175)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:650)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:112)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilterInternal(JpsAbsFilter.java:293)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:150)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:94)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:248)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.jrf.servlet.ExtensibleGlobalFilter.doFilter(ExtensibleGlobalFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:32)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3797)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3763)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:344)
at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197)
at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)
at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2451)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2299)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1720)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1680)
at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:272)
at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352)
at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337)
at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57)
at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:655)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:420)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:360)
Caused By: javax.naming.CommunicationException: <hostname>:<port> [Root exception is javax.net.ssl.SSLException: Fatal Alert received: Bad Certificate]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:235)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2847)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:225)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:243)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at oracle.security.idm.providers.stdldap.TestConnectionPool.run(LDIdentityStoreFactory.java:1007)
Caused By: javax.net.ssl.SSLException: Fatal Alert received: Bad Certificate
at com.rsa.sslj.x.aI.a(Unknown Source)
at com.rsa.sslj.x.aI.a(Unknown Source)
at com.rsa.sslj.x.aI.a(Unknown Source)
at com.rsa.sslj.x.ap.c(Unknown Source)
at com.rsa.sslj.x.ap.a(Unknown Source)
at com.rsa.sslj.x.ap.j(Unknown Source)
at com.rsa.sslj.x.ap.i(Unknown Source)
at com.rsa.sslj.x.ap.h(Unknown Source)
at com.rsa.sslj.x.aT.startHandshake(Unknown Source)
at oracle.security.idm.providers.stdldap.LDSSLSocketFactory.init(LDSSLSocketFactory.java:180)
at oracle.security.idm.providers.stdldap.LDSSLSocketFactory.createSocket(LDSSLSocketFactory.java:141)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:347)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:222)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2847)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:225)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:243)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at oracle.security.idm.providers.stdldap.TestConnectionPool.run(LDIdentityStoreFactory.java:1007)
>
oracle.security.idm.ConfigurationException: javax.naming.CommunicationException: <hostname>:<port> [Root exception is javax.net.ssl.SSLException: Fatal Alert received: Bad Certificate]
at oracle.security.idm.providers.stdldap.TestConnectionPool.execute(LDIdentityStoreFactory.java:1027)
at oracle.security.idm.providers.stdldap.LDIdentityStoreFactory.setupConnPool(LDIdentityStoreFactory.java:621)
at oracle.security.idm.providers.stdldap.LDIdentityStoreFactory.setup(LDIdentityStoreFactory.java:334)
at oracle.security.idm.providers.ovd.OVDIdentityStoreFactory.<init>(OVDIdentityStoreFactory.java:59)
at oracle.security.idm.providers.wlsldap.WLSLDAPIdentityStoreFactory.<init>(WLSLDAPIdentityStoreFactory.java:45)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at oracle.security.idm.IdentityStoreFactoryBuilder.getIdentityStoreFactory(IdentityStoreFactoryBuilder.java:128)
at oracle.security.jps.internal.idstore.util.IdentityStoreUtil.getIdentityStoreFactory(IdentityStoreUtil.java:228)
at oracle.security.jps.internal.idstore.AbstractIdmIdentityStore.getIdmFactory(AbstractIdmIdentityStore.java:347)
at oracle.security.jps.internal.idstore.AbstractIdmIdentityStore.initIdmStore(AbstractIdmIdentityStore.java:268)
at oracle.security.jps.internal.idstore.AbstractIdmIdentityStore.initStore(AbstractIdmIdentityStore.java:239)
at oracle.security.jps.internal.idstore.AbstractIdmIdentityStore.getIdmStore(AbstractIdmIdentityStore.java:194)
at com.fadata.insis.security.LDAPUtilities.getIdentityStore(LDAPUtilities.java:1117)
at com.fadata.insis.security.LDAPUtilities.getEnterpriseGroupsForUser(LDAPUtilities.java:449)
at com.fadata.insis.security.LDAPUtilities.getApplicationRolesForUser(LDAPUtilities.java:514)
at com.fadata.insis.security.LDAPUtilities.getApplicationRolesForUser(LDAPUtilities.java:477)
at group.banking.lloyds.insurance.authentication.CustomPostAuthenticator.postAuthenticate(CustomPostAuthenticator.java:42)
at group.banking.lloyds.insurance.authentication.CustomPostAuthenticator.postAuthenticate(CustomPostAuthenticator.java:1)
at com.fadata.ips.Authentication.doLoginPostProcess(Authentication.java:388)
at group.banking.lloyds.insurance.authentication.filter.CustomPostAuthenticationFilter.doFilter(CustomPostAuthenticationFilter.java:47)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at com.fadata.insis.rest.servlet.InactiveServicesFilter.doFilter(InactiveServicesFilter.java:74)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.security.jps.ee.http.JpsAbsFilter$3.run(JpsAbsFilter.java:175)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:650)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:112)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilterInternal(JpsAbsFilter.java:293)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:150)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:94)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:248)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.jrf.servlet.ExtensibleGlobalFilter.doFilter(ExtensibleGlobalFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:32)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3797)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3763)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:344)
at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197)
at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)
at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2451)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2299)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1720)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1680)
at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:272)
at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352)
at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337)
at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57)
at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:655)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:420)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:360)
Caused By: javax.naming.CommunicationException: <hostname>:<port> [Root exception is javax.net.ssl.SSLException: Fatal Alert received: Bad Certificate]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:235)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2847)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:225)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:243)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at oracle.security.idm.providers.stdldap.TestConnectionPool.run(LDIdentityStoreFactory.java:1007)
Caused By: javax.net.ssl.SSLException: Fatal Alert received: Bad Certificate
at com.rsa.sslj.x.aI.a(Unknown Source)
at com.rsa.sslj.x.aI.a(Unknown Source)
at com.rsa.sslj.x.aI.a(Unknown Source)
at com.rsa.sslj.x.ap.c(Unknown Source)
at com.rsa.sslj.x.ap.a(Unknown Source)
at com.rsa.sslj.x.ap.j(Unknown Source)
at com.rsa.sslj.x.ap.i(Unknown Source)
at com.rsa.sslj.x.ap.h(Unknown Source)
at com.rsa.sslj.x.aT.startHandshake(Unknown Source)
at oracle.security.idm.providers.stdldap.LDSSLSocketFactory.init(LDSSLSocketFactory.java:180)
at oracle.security.idm.providers.stdldap.LDSSLSocketFactory.createSocket(LDSSLSocketFactory.java:141)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:347)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:222)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2847)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:225)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:243)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at oracle.security.idm.providers.stdldap.TestConnectionPool.run(LDIdentityStoreFactory.java:1007)
>
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |