Error msg:
java.io.IOException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11
at weblogic.server.channels.DynamicSSLListenThread.<init>(DynamicSSLListenThread.java:64)
at weblogic.server.channels.DynamicListenThreadManager.createListener(DynamicListenThreadManager.java:289)
at weblogic.server.channels.AdminPortService.bindListeners(AdminPortService.java:76)
at weblogic.server.channels.EnableAdminListenersService.start(EnableAdminListenersService.java:39)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.CertificateSupport.addTrustedCertificate(Unknown Source)
at com.certicom.net.ssl.SSLContext.addTrustedCertificate(Unknown Source)
at com.bea.sslplus.CerticomSSLContext.addTrustedCA(Unknown Source)
at weblogic.security.utils.SSLContextWrapper.addTrustedCA(SSLContextWrapper.java:62)
at weblogic.security.utils.SSLContextManager.createServerSSLContext(SSLContextManager.java:424)
at weblogic.security.utils.SSLContextManager.getChannelSSLContext(SSLContextManager.java:336)
at weblogic.security.utils.SSLContextManager.getSSLServerSocketFactory(SSLContextManager.java:91)
at weblogic.server.channels.DynamicSSLListenThread.<init>(DynamicSSLListenThread.java:59)
... 6 more
After looking at the execption it seems that WLS 10.3 does not support cipher suite with Object ID 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
Please take a backup and replace the cacerts file located in JDK_HOME/jre/lib/security with the cacerts located file in WL_HOME/server/lib.
Looks like the 10.3.0.0 version of certicom is unable to read the cacerts of JDK 1.6 u29.
java.io.IOException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11
at weblogic.server.channels.DynamicSSLListenThread.<init>(DynamicSSLListenThread.java:64)
at weblogic.server.channels.DynamicListenThreadManager.createListener(DynamicListenThreadManager.java:289)
at weblogic.server.channels.AdminPortService.bindListeners(AdminPortService.java:76)
at weblogic.server.channels.EnableAdminListenersService.start(EnableAdminListenersService.java:39)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.CertificateSupport.addTrustedCertificate(Unknown Source)
at com.certicom.net.ssl.SSLContext.addTrustedCertificate(Unknown Source)
at com.bea.sslplus.CerticomSSLContext.addTrustedCA(Unknown Source)
at weblogic.security.utils.SSLContextWrapper.addTrustedCA(SSLContextWrapper.java:62)
at weblogic.security.utils.SSLContextManager.createServerSSLContext(SSLContextManager.java:424)
at weblogic.security.utils.SSLContextManager.getChannelSSLContext(SSLContextManager.java:336)
at weblogic.security.utils.SSLContextManager.getSSLServerSocketFactory(SSLContextManager.java:91)
at weblogic.server.channels.DynamicSSLListenThread.<init>(DynamicSSLListenThread.java:59)
... 6 more
After looking at the execption it seems that WLS 10.3 does not support cipher suite with Object ID 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
Please take a backup and replace the cacerts file located in JDK_HOME/jre/lib/security with the cacerts located file in WL_HOME/server/lib.
Looks like the 10.3.0.0 version of certicom is unable to read the cacerts of JDK 1.6 u29.
No comments:
Post a Comment