Self-signed Expired Client Certificates Is Not Checked For Validity During SSL Handshake
(Doc ID 2904872.1)
Last updated on NOVEMBER 09, 2023
Applies to:Oracle WebLogic Server - Version 10.3.6 and later
Information in this document applies to any platform.
WebLogic is configured for two way SSL requiring client supplying a client certificate during SSL handshake. When the client uses an self-signed certificate and it has expired the WebLogic is not validating it and allows the handshake going through with no error. However, if a CA signed certificate is used as client certificate and the certificate has expired, the SSL handshake fails as expected and the WebLogic returns "bad certificate" error to the client.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document