Java.security.cert.CertificateExpiredException After Renewal Of Certificate
(Doc ID 2768247.1)
Last updated on OCTOBER 31, 2022
Applies to:
JDBC - Version 12.1.0.2.0 and laterInformation in this document applies to any platform.
Symptoms
The database certicate expired, but before its expiration, the certificate was renewed. While re-newing the database certificate, the certificate was generated, and the old certificate was replaced with the new one, and the listener, scan_listener was restarted. After this, the JDBC 12.1.0.2 application using TCPS connects to the database most of the time, but some times it fails with the error below. The old certificate is not in the database server at all, but it seems to be used.
Restarting multiple times the application allows it to connect to the database.
java.security.cert.CertificateExpiredException: NotAfter: <DATE>
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629)
at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:190)
at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:219)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:347)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:249)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
at oracle.net.nt.SSLSocketChannel.runTasks(SSLSocketChannel.java:609)
at oracle.net.nt.SSLSocketChannel.unwrap(SSLSocketChannel.java:454)
at oracle.net.nt.SSLSocketChannel.handshake(SSLSocketChannel.java:350)
at oracle.net.nt.SSLSocketChannel.write(SSLSocketChannel.java:238)
at oracle.net.ns.NIOPacket.writeToSocketChannel(NIOPacket.java:211)
at oracle.net.ns.NIOConnectPacket.writeToSocketChannel(NIOConnectPacket.java:232)
at oracle.net.ns.NSProtocolNIO.negotiateConnection(NSProtocolNIO.java:108)
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:317)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1438)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:518)
at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:688)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:39)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:691)
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |