Print this Post

Weblogic Node Manager using Demo cert gives error: certificate_unknown

Users who are using either WebLogic Server 10.3.6 or WebLogic Server 12.1.1 on JDK 1.6.0_101+, JDK 1.7.0_40+, or JRockit R28.3.7+, have demo certificates and are using SSL will get an exception:

com.sun.xml.ws.client.ClientTransportException: HTTP transport error: 
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown

There are four possible solutions:

  1. Create a new Demo Key with the larger key size
  2. Obtain your own certificate, by submiting a new request to your CA, increasing its certificate strength (i.e. >1024)
  3. Remove the key length restriction (not recommended but the fastest solution)
    The java.security file is located in your client machine’s Java/JRE installed directory $JAVA_HOME/jre/lib/security/java.security.

    In Java 1.7.0_40 the java.security by default has this setting:

    java.security file Snippet

    # Note: This property is currently used by Oracle's PKIX implementation. It
    # is not guaranteed to be examined and used by other implementations.
    # Example:
    #   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
    jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

    Changing the 1024 to 512 will allow the existing certificate to work.

  4. Upgrade to WLS 12.1.2

About devnumbertwo

IT consultant, software developer, technical writer, nba basketball spectator, tea (and occasionally coffee) drinker, cheese enthusiast, dog lover, and a person who once spotted heather locklear at the mall. chiggity check me out on twitter and
Weblogic Node Manager using Demo cert gives error: certificate_unknown was last modified: December 14th, 2017 by devnumbertwo

Permanent link to this article: http://devnumbertwo.com/weblogic-node-manager-using-demo-cert-gives-error-certificate_unknown/