Users who are using either WebLogic Server 10.3.6 or WebLogic Server 12.1.1 on JDK 1.6.0_101+, JDK 1.7.0_40+, or JRockit R28.3.7+, have demo certificates and are using SSL will get an exception:
com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
There are four possible solutions:
- Create a new Demo Key with the larger key size
- Obtain your own certificate, by submiting a new request to your CA, increasing its certificate strength (i.e. >1024)
- Remove the key length restriction (not recommended but the fastest solution)
The java.security file is located in your client machine’s Java/JRE installed directory $JAVA_HOME/jre/lib/security/java.security.
In Java 1.7.0_40 the java.security by default has this setting:
java.security file Snippet
# Note: This property is currently used by Oracle's PKIX implementation. It # is not guaranteed to be examined and used by other implementations. # # Example: # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
Changing the 1024 to 512 will allow the existing certificate to work.
- Upgrade to WLS 12.1.2