Skip to main content

BAD_CERTIFICATE - A corrupt or unuseable certificate...

This is a simple symptom-cause-solution blog entry only. I hope these blogs will help fellow administrators.

Symptom

In wls_utc, when trying to test a webservice using SSL, the following error message is received:
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.

If SSL debugging is enabled, the following error also appears in the logs:
ExecuteThread: '4' for queue: 'weblogic.kernel.Default
(self-tuning)' <1254822672320>>
verification failed because RSA key public exponent [3] is too small

Cause

The certificate encryption is of a weaker strength than expected by newer versions of Java.

Solution

Add the flag "-Dweblogic.security.SSL.allowSmallRSAExponent=true" to the server startup parameters.

References



None.
Labels:

Comments

  1. AnonymousAugust 15, 2013 at 10:26 AM

    Thanks. This was very helpful. I exactly had the same problem with the mydaddy certificate and it is resolved now.
    - Chandu

    ReplyDelete
    Replies
    1. AnonymousJune 14, 2014 at 10:03 AM

      Can you tell me how to add the above flag to the server start up?

      Delete
    2. YazanDecember 29, 2015 at 8:40 PM

      This comment has been removed by the author.

      Delete
    3. AnonymousDecember 29, 2015 at 8:42 PM

      Could you tell us how to add this flag

      Delete
  2. AnonymousOctober 15, 2014 at 10:55 PM

    Thanks a ton mate !

    ReplyDelete
  3. AnonymousDecember 29, 2015 at 8:40 PM

    Could you tell us how to add this flag to startup server please?

    ReplyDelete
  4. AnonymousJanuary 16, 2016 at 1:31 AM

    Append -Dweblogic.security.SSL.allowSmallRSAExponent=true flag after JAVA_OPTIONS in setDomainEnv.sh file in weblogic server.

    ReplyDelete
  5. yas109February 10, 2016 at 6:34 AM

    valid & precise. Thanks Casey.

    ReplyDelete
  6. Manea Bogdan-EmilianFebruary 23, 2016 at 9:02 PM

    hi all,
    I've tried to add the flag to server->configuration->server start->arguments but I get the same error. Is this the way to set correctly the flag? I'm trying on a intergrated wls

    ReplyDelete

Post a Comment

Popular posts from this blog

NullPointerException

java.lang.NullPointerException NullPointerException is described in the javadoc comments as: Thrown when an application attempts to use null in a case where an object is required. These include: Calling the instance method of a null object. Accessing or modifying the field of a null object. Taking the length of null as if it were an array. Accessing or modifying the slots of null as if it were an array. Throwing null as if it were a Throwable value. Applications should throw instances of this class to indicate other illegal uses of the null object. author: unascribed version: 1.19, 12/19/03 since: JDK1.0 Where is this exception thrown? Following, is a list of exception messages cross-referenced to the source code responsible for throwing them. Click on the method link to view the code and see how the exception is thrown. The message ' java.lang.NullPointerException: ' is thrown within the method: com.sun.corba.se.impl.interceptors.ClientRequestInfoImpl.get_r...
Post a Comment
Read more

Connection refused: No available router to destination

This is a simple symptom-cause-solution blog entry only. I hope these blogs will help fellow administrators. Symptom The following exception occurs in WebLogic server logs. Most likely to occur during WebLogic server start-up, but similar exceptions may occur at other times. java.net.ConnectException: t3://myserver:8000: Destination unreachable; nested exception is: java.net.ConnectException: Connection refused: connect; No available router to destination] at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:49) at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:773) at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:363) at weblogic.jndi.Environment.getContext(Environment.java:307) at weblogic.jndi.Environment.getContext(Environment.java:277) Cause This message (Connection refused: connect; No available ...
Post a Comment
Read more

Recovering WebLogic Passwords

In one of my previous articles ( here ) I explained that the SerializedSystemIni.dat file in WebLogic contains the key used to encrypt and decrypt passwords. If you're not currently keeping this file secure I suggest you do, as with it someone can (to name a few things): Decrypt the WebLogic admin username and password from boot.properties. Recover database passwords, if JDBC Connection pools are configured, from config.xml. Recover the keystore passwords from config.xml and obtain SSL certificates stored in the jks keystores. Essentially, they can do whatever they want, so if you don't know who can read your SerializedSystemIni.dat files, look... now. In this article I will show how easy it is for this file to be used to recover lost passwords via a simple WLST script. The Script The script I use to decrypt passwords is incredibly short, and it works with WebLogic 8, 9 and 10 (probably for version 7 too). To use it, just create a new file called decryptpwd.py and paste the fol...
16 comments
Read more