My Oracle Support Banner

WLS with Two Way SSL: JPS-01520 Cannot initialize identity store, cause: oracle.security.idm.ConfigurationException: javax.naming.CommunicationException: <host>:<port> [Root exception is javax.net.ssl.SSLException: Fatal Alert received: Bad Certificate] (Doc ID 2765064.1)

Last updated on MARCH 31, 2021

Applies to:

Oracle Virtual Directory - Version 12.2.1.0.0 and later
Oracle WebLogic Server - Version 12.2.1.0.0 and later
Information in this document applies to any platform.

Symptoms

Weblogic Server (WLS) running in secure production mode, all non SSL ports are closed.

Two way / 2 way SSL is enabled for Weblogic.

Note: A custom app that accesses the ldap store with one way SSL enabled was getting Certificate path error, which was resolved by adding - Djavax.net.ssl.trustStore=<MW_HOME>/**.pkcs12 -Djavax.net.ssl.trustStoreType=PKCS12 )-Djavax.net.ssl.trustStorePassword=**


After two-way / 2-way SSl is enabled for Weblogic, the following log error occurs:

<23-Mar-2021 14:36:33,442 o'clock GMT> <Emergency> <oracle.jps.idmgmt> <JPS-01520> <Cannot initialize identity store, cause: oracle.security.idm.ConfigurationException: javax.naming.CommunicationException: <hostname>:<port> [Root exception is javax.net.ssl.SSLException: Fatal Alert received: Bad Certificate].
oracle.security.idm.ConfigurationException: javax.naming.CommunicationException: <hostname>:<port> [Root exception is javax.net.ssl.SSLException: Fatal Alert received: Bad Certificate]
at oracle.security.idm.providers.stdldap.TestConnectionPool.execute(LDIdentityStoreFactory.java:1027)
at oracle.security.idm.providers.stdldap.LDIdentityStoreFactory.setupConnPool(LDIdentityStoreFactory.java:621)
at oracle.security.idm.providers.stdldap.LDIdentityStoreFactory.setup(LDIdentityStoreFactory.java:334)
at oracle.security.idm.providers.ovd.OVDIdentityStoreFactory.<init>(OVDIdentityStoreFactory.java:59)
at oracle.security.idm.providers.wlsldap.WLSLDAPIdentityStoreFactory.<init>(WLSLDAPIdentityStoreFactory.java:45)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at oracle.security.idm.IdentityStoreFactoryBuilder.getIdentityStoreFactory(IdentityStoreFactoryBuilder.java:128)
at oracle.security.jps.internal.idstore.util.IdentityStoreUtil.getIdentityStoreFactory(IdentityStoreUtil.java:228)
at oracle.security.jps.internal.idstore.AbstractIdmIdentityStore.getIdmFactory(AbstractIdmIdentityStore.java:347)
at oracle.security.jps.internal.idstore.AbstractIdmIdentityStore.initIdmStore(AbstractIdmIdentityStore.java:268)
at oracle.security.jps.internal.idstore.AbstractIdmIdentityStore.initStore(AbstractIdmIdentityStore.java:239)
at oracle.security.jps.internal.idstore.AbstractIdmIdentityStore.getIdmStore(AbstractIdmIdentityStore.java:194)
at com.fadata.insis.security.LDAPUtilities.getIdentityStore(LDAPUtilities.java:1117)
at com.fadata.insis.security.LDAPUtilities.getEnterpriseGroupsForUser(LDAPUtilities.java:449)
at com.fadata.insis.security.LDAPUtilities.getApplicationRolesForUser(LDAPUtilities.java:514)
at com.fadata.insis.security.LDAPUtilities.getApplicationRolesForUser(LDAPUtilities.java:477)
at group.banking.lloyds.insurance.authentication.CustomPostAuthenticator.postAuthenticate(CustomPostAuthenticator.java:42)
at group.banking.lloyds.insurance.authentication.CustomPostAuthenticator.postAuthenticate(CustomPostAuthenticator.java:1)
at com.fadata.ips.Authentication.doLoginPostProcess(Authentication.java:388)
at group.banking.lloyds.insurance.authentication.filter.CustomPostAuthenticationFilter.doFilter(CustomPostAuthenticationFilter.java:47)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at com.fadata.insis.rest.servlet.InactiveServicesFilter.doFilter(InactiveServicesFilter.java:74)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.security.jps.ee.http.JpsAbsFilter$3.run(JpsAbsFilter.java:175)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:650)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:112)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilterInternal(JpsAbsFilter.java:293)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:150)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:94)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:248)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.jrf.servlet.ExtensibleGlobalFilter.doFilter(ExtensibleGlobalFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:32)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3797)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3763)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:344)
at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197)
at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)
at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2451)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2299)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1720)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1680)
at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:272)
at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352)
at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337)
at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57)
at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:655)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:420)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:360)
Caused By: javax.naming.CommunicationException: <hostname>:<port> [Root exception is javax.net.ssl.SSLException: Fatal Alert received: Bad Certificate]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:235)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2847)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:225)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:243)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at oracle.security.idm.providers.stdldap.TestConnectionPool.run(LDIdentityStoreFactory.java:1007)
Caused By: javax.net.ssl.SSLException: Fatal Alert received: Bad Certificate
at com.rsa.sslj.x.aI.a(Unknown Source)
at com.rsa.sslj.x.aI.a(Unknown Source)
at com.rsa.sslj.x.aI.a(Unknown Source)
at com.rsa.sslj.x.ap.c(Unknown Source)
at com.rsa.sslj.x.ap.a(Unknown Source)
at com.rsa.sslj.x.ap.j(Unknown Source)
at com.rsa.sslj.x.ap.i(Unknown Source)
at com.rsa.sslj.x.ap.h(Unknown Source)
at com.rsa.sslj.x.aT.startHandshake(Unknown Source)
at oracle.security.idm.providers.stdldap.LDSSLSocketFactory.init(LDSSLSocketFactory.java:180)
at oracle.security.idm.providers.stdldap.LDSSLSocketFactory.createSocket(LDSSLSocketFactory.java:141)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:347)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:222)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2847)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:225)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:243)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at oracle.security.idm.providers.stdldap.TestConnectionPool.run(LDIdentityStoreFactory.java:1007)
>



Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.