Skip to main content

BAD_CERTIFICATE - A corrupt or unuseable certificate...

This is a simple symptom-cause-solution blog entry only. I hope these blogs will help fellow administrators.

Symptom

In wls_utc, when trying to test a webservice using SSL, the following error message is received:
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.

If SSL debugging is enabled, the following error also appears in the logs:
ExecuteThread: '4' for queue: 'weblogic.kernel.Default
(self-tuning)' <1254822672320>>
verification failed because RSA key public exponent [3] is too small

Cause

The certificate encryption is of a weaker strength than expected by newer versions of Java.

Solution

Add the flag "-Dweblogic.security.SSL.allowSmallRSAExponent=true" to the server startup parameters.

References



None.

Comments

  1. Thanks. This was very helpful. I exactly had the same problem with the mydaddy certificate and it is resolved now.
    - Chandu

    ReplyDelete
    Replies
    1. Can you tell me how to add the above flag to the server start up?

      Delete
    2. This comment has been removed by the author.

      Delete
    3. Could you tell us how to add this flag

      Delete
  2. Thanks a ton mate !

    ReplyDelete
  3. Could you tell us how to add this flag to startup server please?

    ReplyDelete
  4. Append -Dweblogic.security.SSL.allowSmallRSAExponent=true flag after JAVA_OPTIONS in setDomainEnv.sh file in weblogic server.

    ReplyDelete
  5. valid & precise. Thanks Casey.

    ReplyDelete
    Replies
    1. This comment has been removed by the author.

      Delete
  6. hi all,
    I've tried to add the flag to server->configuration->server start->arguments but I get the same error. Is this the way to set correctly the flag? I'm trying on a intergrated wls

    ReplyDelete

Post a Comment

Popular posts from this blog

Connection refused: No available router to destination

This is a simple symptom-cause-solution blog entry only. I hope these blogs will help fellow administrators.
Symptom

The following exception occurs in WebLogic server logs. Most likely to occur during WebLogic server start-up, but similar exceptions may occur at other times.
java.net.ConnectException: t3://myserver:8000: Destination unreachable; nested exception is: java.net.ConnectException: Connection refused: connect; No available router to destination] at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:49) at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:773) at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:363) at weblogic.jndi.Environment.getContext(Environment.java:307) at weblogic.jndi.Environment.getContext(Environment.java:277)
Cause
This message (Connection refused: connect; No available router to destination) is a kind of "catch…

WebLogic Admin Console

WebLogic Admin Console
The WebLogic Admin Console is a web-based, user interface used to configure and control a set of WebLogic servers or clusters (i.e. a "domain"). In any logical group of WebLogic servers there must exist one admin server, which hosts the WebLogic Admin Console application and manages the associated configuration files.
WebLogic Administrators will use the Administration Console for a number of tasks, including:
Starting and stopping WebLogic servers or entire clusters.Configuring server parameters, security, database connections and deployed applications.Viewing server status, health and metrics. Note: It is not strictly necessary to use the Weblogic Admin Console to perform these tasks, as they can be scripted using WLST (the WebLogic Scripting Tool).
Accessing the Admin Console
WebLogic Admin Console Url: http://hostname:port/console.
To access the WebLogic Administration Console, assuming the admin server has been started, goto the above url. Where hostname…