Manualshelf

Technical data

ManualsBrandsBEA ManualsComputer equipmentWebLogic Server 7
311312313314315316317318319320
SSL Certificate Validation
Administration Guide 14-79
Troubleshooting Problems with Certificates
If SSL communications were working before the patch but are failing after installing
the patch, the problem is mostly likely because the certificate chain used by WebLogic
Server is failing the validation.
Determine where the certificate chain is being rejected, and decide whether to update
the certificate chain with one that will be accepted or change the setting of the
-Dweblogic.security.SSL.enforceConstraints command-line argument.
To troubleshoot problems with certificates, use one of the following methods:
n If you know where the certificate chains for the processes using SSL
communication are located, use the ValidateCertChain command-line utility to
check whether the certificate chains will be accepted.
n Turn on SSL debug tracing on the processes using SSL communication. The
syntax for SSL debug tracing is:
-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
The following message indicates the SSL failure is due to problems in the
certificate chain:
<CA certificate rejected. The basic constraints for a CA
certificate were not marked for being a CA, or were not marked
as critical>
When using one-way SSL, look for this error in the client log. When using
two-way SSL, look for this error in the client and server logs.