Sunday, May 22, 2016

WLS : FATAL Alert:BAD_CERTIFICATE

SOA 11.1.1.7.0

Last week, I faced below error when I tried to deploy a composite pointed to another remote web service WSDL URL from SOA Server.

Error:
<May 17, 2016 4:14:40 AM CDT> <Error> <oracle.integration.platform> <SOA-20003> <Unable to register service.
oracle.fabric.common.FabricException: Error in getting XML input stream: https://abc.xyz.com/Customer/ProxyServices/getCustomer?WSDL: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
    at oracle.fabric.common.metadata.MetadataManagerImpl.getInputStreamFromAbsoluteURL(MetadataManagerImpl.java:288)
    at oracle.integration.platform.common.MDSMetadataManagerImpl.getInputStreamFromAbsoluteURL(MDSMetadataManagerImpl.java:624)

Caused By: javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
        at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
        at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)

Cause:
The root cause of  the problem was that, the remote web service URL was signed with the SHA-256 hash algorithm and WebLogic Server default settings does not support stronger algorithms like SHA-256.

Fix:
To remedy this, Java secure sockets extension (JSSE) must be enabled in Oracle Weblogic and JDK version needs to be upgraded to latest to avoid any runtime issues.

Enable JSSE:

Login to Weblogic Admin console -> server_name -> SSL -> Advanced ->. Check the checkbox Use JSSE. -> Reboot.

Note: Check "Hostname Verfication" drop down values as well if you have any other issues.