tags:

views:

515

answers:

3
Q: 

correct CA not accepted by weblogic 8.1

I have a very strange problemen when connecting to an https url:

 [Security:090548]The certificate chain received from services.rdc.nl - 217.115.224.68 contained a V3 CA certificate which was missing the basic constraints extension

There is almost no information availible about this error code. When testing the url with OpenSSL, all certificates have the basic constraints extension. Using standard Java gives no problems.

The error occurs both on weblogic 8.1 sp5 and sp6. We provide a keystore with the root certificate.

Has anyone experienced simular problems and have a solution?

A: 

Your certificate is missing the basic constraints, which most other SSL implementations don't care.

You can disable this check,

 -Dweblogic.security.SSL.enforceConstraints=off

Or get a new certificate.

ZZ Coder  2009-09-25 12:41:36
should have mentioned i already have found that solution. the certificate is from an supplier and the problems started when they renewed their server certificate
Salandur  2009-09-25 12:52:12
That's weird. All commercial CA should have that constraints. Is you supplier uses their own CA?
ZZ Coder  2009-09-25 13:32:38
A: 

Newer certifications from Verisign require both the root certificate and the intermediate certificate be available. Obviously JDK 1.4.2 predates those newer intermediate certificates. As the poster found, the newer certificates are renewed requiring both certs and if you are missing one it will fail. This is even a problem with weblogic 10.2.

John Liptak  2009-11-21 18:47:17
+1  A: 

This is an issue with Entrust SSL certificate missing the Basic Constraints extensions. Please check out the following article for a solution: http://blog.mythictechnologies.com/2010/06/04/weblogic-and-websphere-missing-basic-constraints-with-entrust-ssl-certificates/

Sasha  2010-06-04 20:32:57

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java