'Jersey + Weblogic - javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE

I am sitting second whole day on a problem and giving up. I have written a jersey client which works on Jetty, and doesnt work on Weblogic. The reason is propably hidden in certificate: CN = "*.somecompany.com". Weblogic doesnt like wildcards in CN. Does anybody has working solution for that ?

I added these to Weblogic start params, but Weblogic uses many other clients, so I dont want to add these parameter: ignoreHostnameVerification: - 

-Dssl.debug=true -Dweblogic.security.SSL.ignoreHostnameVerification=true 
-Dweblogic.security.SSL.enforceConstraints=off 
-Dweblogic.nodemanager.sslHostNameVerificationEnabled=false
-Dweblogic.security.SSL.allowSmallRSAExponent=true
-Dweblogic.security.SSL.ignoreHostnameVerification=true

I also accessed a REST service using webbrowser and downloaded certificate to disk an then added it to truststore using keytool.. It still doesnt work.

The only and best way would be to write something custom that validate hostname?? Maybe this wildcard is a problem.. But I am newbie, no idea how to write it, a working example would be greatly appreciated, I won't be able to do it myself :/

Below are exceptions that I found (not sure which were present and when but it is still not working) I was trying to fix it by:

1) Importing whole certificate chain to truststore (Java and Weblogic truststores)

2) Adding starting parameters to Weblogic, but it is not a good solution

com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLKeyException: FATAL 
Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
com.sun.jersey.api.client.ClientHandlerException: 
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt 
or unuseable certificate was received.
         at 
    com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHa    ndler.java:131)
         at com.sun.jersey.api.client.Client.handle(Client.java:629)
     at 
com.sun.jersey.api.client.WebResource.handle(WebResource.java:601)
     at 
com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
     at 
com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:507)
     at

SECOND

with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
    at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
    at         com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
    at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
    at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
    at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown     Source)
    at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
    at java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
    at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
    at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
    at     weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
    at weblogic.net.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:702)
    at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:962)
    at      com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:217)
    at     com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:129)
    at com.sun.jersey.api.client.Client.handle(Client.java:629)
    at com.sun.jersey.api.client.WebResource.handle(WebResource.java:601)
    at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
    at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:507)
    at

THIRD

 E7C0E2529308F> <> <1387573464164> <BEA-000000> <Failure loading trusted CA list
java.security.cert.CertificateParsingException: Could not set value for ASN.1     string     object.
    at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
    at com.certicom.tls.interfaceimpl.CertificateSupport.addTrustedCertificate(Unknown      Source)
    at com.certicom.net.ssl.SSLContext.addTrustedCertificate(Unknown Source)
    at com.bea.sslplus.CerticomSSLContext.addTrustedCA(Unknown Source)
    at weblogic.security.utils.SSLContextWrapper.addTrustedCA(SSLContextWrapper.java:62)
    at weblogic.security.utils.SSLSetup.getSSLContext(SSLSetup.java:320)
    at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:334)
    at weblogic.net.http.HttpsClient.New(HttpsClient.java:566)
    at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:339)
    at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:408)
    at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
    at weblogic.net.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:702)
    at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:962)
    at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:217)
    at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:129)
    at com.sun.jersey.api.client.Client.handle(Client.java:629)
    at com.sun.jersey.api.client.WebResource.handle(WebResource.java:601)
    at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
    at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:507)
    at
jerseyweblogic


Solution 1:[1]

try to add the site certificate to you weblogic truststore and then add the below param in your weblogic startup

-DUseSunHttpHandler=true
-Dssl.SocketFactory.provider=sun.security.ssl.SSLSocketFactoryImpl 
-Dssl.ServerSocketFactory.provider=sun.security.ssl.SSLSocketFactoryImpl

i have a problem like yours and by this post i solve it Cannot access HTTPS from Weblogic

Solution 2:[2]

Issue fixed by adding these entry in JVM arguments

"-Dweblogic.security.SSL.nojce=true"
"-Dweblogic.ssl.JSSEEnabled=true"
"-Dweblogic.security.SSL.enableJSSE=true"

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Community
Solution 2 Andrei Sfat

Related Questions

Weblogic Ant JWSC task to generate a webservice war file

Why we need Weblogic Inactive Connection Timeout

JMSCMQ0001: IBM MQ call failed with compcode '2' ('MQCC_FAILED') reason '2400' ('MQRC_UNSUPPORTED_CIPHER_SUITE')

deploy ear file to weblogic 10g

How to configure/disable file caching in WebLogic 12.2

How to resolve exception "weblogic.application.ModuleException: Context path '' is already in use by the module: / application"?

Best practice: WebLogic SOAP service -- should WSDL be visible?

Forms12c Frm-42431 Unable to Initialize Debugger Debugger Error

Connect Weblogic server to Eclipse Error: "does not contain a valid WebLogic Server install or the installed version is not supported"

Authentication in Jersey [closed]

How do I create a Jersey FormDataContentDisposition object?

Serialize Java 8 Stream with Jersey

List<String> as input of GET method

org.eclipse.core.runtime.CoreException: Module named '_auto_generated_ear_' failed to deploy

why does tomcat show 404 response message for an existing resource?