fix weblogic error: Received fatal alert certificate_unknown

the problem: starting up weblogic and you get — Received fatal alert certificate_unknown

com.sun.xml.ws.client.ClientTransportException: HTTP transport error: 
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown

you might also be receiving

javax.net.ssl.SSLHandshakeException: General SSLEngine problem
...
weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:254)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA

the cause: release notes for Java SE Update 40 show that the Default Key Length has been increased. Starting from 7u40, the use of x.509 certificates with RSA keys less than 1024 bits in length is restricted.

fix it so you can startup weblogic without issues – perform ONE of the following:

  1. Create a new Demo Key with the larger key size (strength of 2048)

  2. Obtain your own certificate, by submiting a new request to your CA, increasing its certificate strength (i.e. >1024).

  3. Remove the key length restriction (not recommended but the fastest solution)

    • I did this just so I could startup without errors for the time being until #3 could be done
      edit $JAVA_HOME/jre/lib/security/java.security
      it looks like this

      jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

      change 1024 to 512

      jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 512
  4. Upgrade to WLS 12.1.2

Previous
Previous

the server is in incompatible state – weblogic

Next
Next

Unexpected exception from Plugin: java.lang.NullPointerException starting OHS HTTP Server