Older WebLogic versions (10.3.2 and before) use "Certicom SSL" implementation, which does not trust certificates stronger that 128-bit. There is a known issue with WebLogic not being able to trust stronger signature certificates and you can find more details at http://webadm1n.blogspot.com/2010/04/oracle-jrockit-jdk-recent-cacerts.html
With WebLogic 10.3.3, we have "JSSE SSL" implementation, which trusts more stronger certificates. To enable JSSE SSL, please follow the below steps for all your managed servers.
1. Login to your admin console
2. Click "Environment" -> "Servers" -> "ManagedServerName" -> "Configuration" -> "SSL" -> "Advanced"
3. Select "Use JSSE SSL"
4. Click "Save"
5. Restart the managed server(s)
Subscribe to:
Post Comments (Atom)
I am facing very wierd issue. When I select use jsse . it will not work but when i didn't use jssse. SSL will work. any updates???
ReplyDeletewe use 10.3.0 weblogic server and recently CA has moved to SHA256RSA. hence weblogic is not supporting the signed certificate. cant we enable the jsse in weblogic server in 10.3.0 version itself.
ReplyDeleteSudhi, Did JSSE worked for you with weblogic 10.3.0? Or you upgraded your weblogic along with jdk?
DeleteJSSE is available as option from 10.3.3 and above
DeleteABSOLUTELY AMAZING WORK!!!
ReplyDeleteI have been trying to figure the issue with this, I was not able to for last couple of days and your efforts saved at last.
You can use below java options in 10.X version where JSSE option is not there
ReplyDelete-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
-Dssl.SocketFactory.provider=com.sun.net.ssl.internal.SSLSocketFactoryImpl
-DUseSunHttpHandler=true
-Dweblogic.wsee.client.ssl.usejdk=true
where exactly do you add this
DeleteThis comment has been removed by the author.
ReplyDelete