Monday, November 21, 2011

certicom is unable to read cacerts

Error msg:
java.io.IOException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11
       at weblogic.server.channels.DynamicSSLListenThread.<init>(DynamicSSLListenThread.java:64)
       at weblogic.server.channels.DynamicListenThreadManager.createListener(DynamicListenThreadManager.java:289)
       at weblogic.server.channels.AdminPortService.bindListeners(AdminPortService.java:76)
       at weblogic.server.channels.EnableAdminListenersService.start(EnableAdminListenersService.java:39)
       at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11
       at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
       at com.certicom.tls.interfaceimpl.CertificateSupport.addTrustedCertificate(Unknown Source)
       at com.certicom.net.ssl.SSLContext.addTrustedCertificate(Unknown Source)
       at com.bea.sslplus.CerticomSSLContext.addTrustedCA(Unknown Source)
       at weblogic.security.utils.SSLContextWrapper.addTrustedCA(SSLContextWrapper.java:62)
       at weblogic.security.utils.SSLContextManager.createServerSSLContext(SSLContextManager.java:424)
       at weblogic.security.utils.SSLContextManager.getChannelSSLContext(SSLContextManager.java:336)
       at weblogic.security.utils.SSLContextManager.getSSLServerSocketFactory(SSLContextManager.java:91)
       at weblogic.server.channels.DynamicSSLListenThread.<init>(DynamicSSLListenThread.java:59)
       ... 6 more



After looking at the execption it seems that WLS 10.3 does not support cipher suite with Object ID 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
Please take a backup and replace the cacerts file located in JDK_HOME/jre/lib/security with the cacerts located file in WL_HOME/server/lib.

Looks like the 10.3.0.0 version of certicom is unable to read the cacerts of JDK 1.6 u29.

1 comment:

Blogger said...

If you want your ex-girlfriend or ex-boyfriend to come crawling back to you on their knees (even if they're dating somebody else now) you need to watch this video
right away...

(VIDEO) Why your ex will NEVER come back...