My Oracle Support Banner

Java.security.cert.CertificateExpiredException After Renewal Of Certificate (Doc ID 2768247.1)

Last updated on APRIL 14, 2021

Applies to:

JDBC - Version 12.1.0.2.0 and later
Information in this document applies to any platform.

Symptoms

The database certicate expired, but before its expiration, the certificate was renewed. While re-newing the database certificate, the certificate was generated, and the old certificate was replaced with the new one, and the listener, scan_listener was restarted. After this, the  JDBC 12.1.0.2 application using TCPS connects to the database most of the time, but some times it fails with the error below. The old certificate is not in the database server at all, but it seems to be used.
Restarting multiple times the application allows it to connect to the database.

java.security.cert.CertificateExpiredException: NotAfter: <DATE>
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) 
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) 
at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:190) 
at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144) 
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125) 
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:219) 
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140) 
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79) 
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292) 
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:347) 
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:249) 
at sun.security.validator.Validator.validate(Validator.java:260) 
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) 
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) 
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) 
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) 
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) 
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) 
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) 
at java.security.AccessController.doPrivileged(Native Method) 
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) 
at oracle.net.nt.SSLSocketChannel.runTasks(SSLSocketChannel.java:609) 
at oracle.net.nt.SSLSocketChannel.unwrap(SSLSocketChannel.java:454) 
at oracle.net.nt.SSLSocketChannel.handshake(SSLSocketChannel.java:350) 
at oracle.net.nt.SSLSocketChannel.write(SSLSocketChannel.java:238) 
at oracle.net.ns.NIOPacket.writeToSocketChannel(NIOPacket.java:211) 
at oracle.net.ns.NIOConnectPacket.writeToSocketChannel(NIOConnectPacket.java:232) 
at oracle.net.ns.NSProtocolNIO.negotiateConnection(NSProtocolNIO.java:108) 
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:317) 
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1438) 
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:518) 
at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:688) 
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:39) 
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:691) 



Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.