Wednesday, October 7, 2009

BAD_CERTIFICATE - A corrupt or unuseable certificate...

This is a simple symptom-cause-solution blog entry only. I hope these blogs will help fellow administrators.

Symptom

In wls_utc, when trying to test a webservice using SSL, the following error message is received:
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.

If SSL debugging is enabled, the following error also appears in the logs:
ExecuteThread: '4' for queue: 'weblogic.kernel.Default
(self-tuning)' <1254822672320>>
verification failed because RSA key public exponent [3] is too small

Cause

The certificate encryption is of a weaker strength than expected by newer versions of Java.

Solution

Add the flag "-Dweblogic.security.SSL.allowSmallRSAExponent=true" to the server startup parameters.

References



None.