Thursday, June 25, 2015

javax.xml.ws.WebServiceException: javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.

Webservice call fails with BAD certificate error SSL certificate cipher signed by SH256WITHRSA. 

This cipher is not supported in weblogic server by default.

Certicom is currently the default SSL implementation in Weblogic Server. However, JSSE may be enabled as an alternative SSL implementation.The Certicom SSL implementation is currently deprecated and will be replaced by the JSSE-based implementation in a future release.


Error Text

javax.xml.ws.WebServiceException: javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.



Resolution 

Use JSSE SSL Based Implementation by enabling JSSE under server_name--> SSL --> advanced



PKCS error

In case could not parse key values exception was thrown after enabling JSSE

weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.unwrap(ByteBuffer,ByteBuffer[]).

java.lang.RuntimeException: Could not parse key values


add -Dsun.security.pkcs11.enable-solaris=false to server start Reference


http://docs.oracle.com/cd/E23943_01/web.1111/e13707/ssl.htm#SECMG494

Oracle bug document number (2001812.1)