Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

WebLogic 12 SSLKeyException: Hostname verification failed after restart

I have a WAR file deployed on WebLogic 12.1.2.0.0. Application calls a web service via HTTPS. Certificate is imported in DemoTrust.jks. All SSL related settings should be correct. And actually it works but after the server is restarted it does not work for about 15-20 minutes, after that it starts working again. During this period the following errors are printed in console:

<Warning> <Security> <BEA-090504> <Certificate chain received from xxx.xxxxxxxx.xxx.com - 
167.107.80.230 failed hostname verification check. Certificate contained xxx.xxxxxxxx.xxx.com 
but check expected xxx.xxxxxxxx.xxx.com>

After the warning I get:

javax.xml.ws.WebServiceException: javax.net.ssl.SSLKeyException: Hostname verification failed: 
HostnameVerifier=weblogic.security.utils.SSLWLSHostnameVerifier,hostname=xxx.xxxxxxxx.xxx.com.

In the warning above contained and expected domains are identical.

Thank you for your help!

-E

like image 216
enoch_wallace Avatar asked Dec 18 '14 15:12

enoch_wallace


3 Answers

If this is an issue with wildcards in the certificate name (e.g. weblogic default verifier doesn't think the certificate for *.salesforce.com covers cs86.salesforce.com), WebLogic actually provides a custom verifier to use: weblogic.security.utils.SSLWLSWildcardHostnameVerifier. This value should be entered in the SSL configuration for the server in Console -> Servers -> {Server Name} -> SSL -> Advanced -> Custom Hostname Verifier

like image 70
lovelywib Avatar answered Nov 09 '22 22:11

lovelywib


admin console Servers -> server name -> Configuration SSL tab -> Advanced -> Change Hostname Verification dropdown to None

This worked for me.

like image 13
JavaGeek Avatar answered Nov 09 '22 20:11

JavaGeek


set JAVA_OPTIONS=%JAVA_OPTIONS% -DUseSunHttpHandler=true helped me. Try to add this line to WebLogic setDomainEnv.(cmd|sh) file. The purpose of this parameter is to tell WebLogic to use Sun's HttpHandler and do not use WebLogic one.

like image 8
m190 Avatar answered Nov 09 '22 20:11

m190