«

»

Print this Post

fix weblogic error: Received fatal alert certificate_unknown

the problem: starting up weblogic and you get — Received fatal alert certificate_unknown

com.sun.xml.ws.client.ClientTransportException: HTTP transport error: 
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown

you might also be receiving

javax.net.ssl.SSLHandshakeException: General SSLEngine problem
...
weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:254)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA

the cause: release notes for Java SE Update 40 show that the Default Key Length has been increased. Starting from 7u40, the use of x.509 certificates with RSA keys less than 1024 bits in length is restricted.

fix it so you can startup weblogic without issues – perform ONE of the following:

  1. Create a new Demo Key with the larger key size (strength of 2048)
  2. Obtain your own certificate, by submiting a new request to your CA, increasing its certificate strength (i.e. >1024).
  3. Remove the key length restriction (not recommended but the fastest solution)
    • I did this just so I could startup without errors for the time being until #3 could be done
      edit $JAVA_HOME/jre/lib/security/java.security
      it looks like this

      jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

      change 1024 to 512

      jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 512
  4. Upgrade to WLS 12.1.2

About devnumbertwo

IT consultant, software developer, technical writer, nba basketball spectator, tea (and occasionally coffee) drinker, cheese enthusiast, dog lover, and a person who once spotted heather locklear at the mall. chiggity check me out on twitter and
fix weblogic error: Received fatal alert certificate_unknown was last modified: June 16th, 2014 by devnumbertwo

Permanent link to this article: http://devnumbertwo.com/received-fatal-alert-certificate_unknown/