All geek questions in one place

WebLogic 12 SSLKeyException: checking hostname after restart

I have a WAR file deployed to WebLogic 12.1.2.0.0. The application calls the web service via HTTPS. The certificate is imported into DemoTrust.jks. All SSL related settings must be correct. And actually it works, but after restarting the server it does not work for about 15-20 minutes, after which it starts working again. During this period, the following errors are printed in the console:

<Warning> <Security> <BEA-090504> <Certificate chain received from xxx.xxxxxxxx.xxx.com - 167.107.80.230 failed hostname verification check. Certificate contained xxx.xxxxxxxx.xxx.com but check expected xxx.xxxxxxxx.xxx.com>

After warning, I get:

 javax.xml.ws.WebServiceException: javax.net.ssl.SSLKeyException: Hostname verification failed: HostnameVerifier=weblogic.security.utils.SSLWLSHostnameVerifier,hostname=xxx.xxxxxxxx.xxx.com.

In the warning above, the domains contained and expected are identical.

Thank you for your help!

-E

+9
source share
3 answers

If this is a wildcard problem in the certificate name (for example, by default the weblogic verifier does not consider that the certificate for * .salesforce.com covers cs86.salesforce.com), WebLogic actually provides a special verifier for use: weblogic.security.utils.SSLWLSWildcardHostnameVerifier . This value must be entered in the SSL configuration for the server in Console -> Servers -> {Server Name} -> SSL -> Advanced -> Custom Hostname Verifier

+13
source

set JAVA_OPTIONS=%JAVA_OPTIONS% -DUseSunHttpHandler=true helps me. Try adding this line to the WebLogic file setDomainEnv.(cmd|sh) . The purpose of this parameter is to tell WebLogic to use the Sun HttpHandler and not to use its own WebLogic.

+6
source

admin console Servers → server name → SSL SSL tab → Advanced → Change proxy server name for the drop-down list to None

It worked for me.

+6
source

Source: https://habr.com/ru/post/1209467/

More articles:


All Articles