My Oracle Support Banner

WebLogic 7.0 SP1 - Getting "javax.net.ssl.SSLKeyException" corrupt certificate exception when client certificate with only "Digital Signature" in 2-Way SSL (Doc ID 771781.1)

Last updated on MAY 07, 2020

Applies to:

Oracle WebLogic Server - Version 7.0 to 7.0
Information in this document applies to any platform.
This document is applicable for WebLogic 7.0 SP1 on all supported platforms.


Symptoms

Issue of getting "javax.net.ssl.SSLKeyException" corrupt certificate exception when using client certificate with only "Digital Signature" in 2-Way SSL was reported in WebLogic 7.0 SP1.

When using certificate with both "Digital Signature" and "Key Encipherment" everything works fine. Below is exception trace in weblogic logs at the time of the issue.

####<Oct 14, 2002 11:02:43 AM
EDT><Debug><TLS><><><ExecuteThread: '7' for queue:
'default'><kernel identity><><000000><Exception during handshake, stacktrace follows>
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unusable certificate was received.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source) 
.
.
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:400)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134)

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.