本文解决了使用JDK 1.6.0_13和WebLogic Server 10.3时遇到的SSL配置问题。具体表现为不支持的OID错误导致无法启用SSL。通过删除特定的证书条目解决了该问题。
I am getting the following error enabling SSL, when I use the jkd 1.6.0_13 and WebLogic Server 10.3
Aug 21, 2009 11:30:16 AM GMT+00:00> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Aug 21, 2009 11:30:16 AM GMT+00:00> <Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11>
Resolution:
To output the keys affected from {JAVA_HOME}\bin (Windows):
[b]keytool -list -v -keystore ..\lib\security\cacerts -storepass changeit > list.txt[/b]
I ended up having to delete the following keys:
[b]keytool -delete -keystore ..\lib\security\cacerts -alias ttelesecglobalrootclass2ca -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias ttelesecglobalrootclass3ca -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias keynectisrootca -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias thawteprimaryrootcag3 -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias globalsignr3ca -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias secomscrootca2 -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias verisignuniversalrootca -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias geotrustprimarycag3 -storepass changeit
[/b]
Referrence:
http://forums.oracle.com/forums/thread.jspa?threadID=947219
Aug 21, 2009 11:30:16 AM GMT+00:00> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Aug 21, 2009 11:30:16 AM GMT+00:00> <Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11>
Resolution:
To output the keys affected from {JAVA_HOME}\bin (Windows):
[b]keytool -list -v -keystore ..\lib\security\cacerts -storepass changeit > list.txt[/b]
I ended up having to delete the following keys:
[b]keytool -delete -keystore ..\lib\security\cacerts -alias ttelesecglobalrootclass2ca -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias ttelesecglobalrootclass3ca -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias keynectisrootca -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias thawteprimaryrootcag3 -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias globalsignr3ca -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias secomscrootca2 -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias verisignuniversalrootca -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias geotrustprimarycag3 -storepass changeit
[/b]
Referrence:
http://forums.oracle.com/forums/thread.jspa?threadID=947219
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
