WebLogic 12 SSLKeyException: Hostname verification failed after restart

Asked 18/12, 2014 at 15:52 Answered 17/11, 2021 at 14:13

I have a WAR file deployed on WebLogic 12.1.2.0.0. Application calls a web service via HTTPS. Certificate is imported in DemoTrust.jks. All SSL related settings should be correct. And actually it works but after the server is restarted it does not work for about 15-20 minutes, after that it starts working again. During this period the following errors are printed in console:

<Warning> <Security> <BEA-090504> <Certificate chain received from xxx.xxxxxxxx.xxx.com - 
167.107.80.230 failed hostname verification check. Certificate contained xxx.xxxxxxxx.xxx.com 
but check expected xxx.xxxxxxxx.xxx.com>

After the warning I get:

javax.xml.ws.WebServiceException: javax.net.ssl.SSLKeyException: Hostname verification failed: 
HostnameVerifier=weblogic.security.utils.SSLWLSHostnameVerifier,hostname=xxx.xxxxxxxx.xxx.com.

In the warning above contained and expected domains are identical.

Thank you for your help!

-E

Wycoff answered 18/12, 2014 at 15:52 Comment(2)

Are you sure what is contained EXACTLY matches what was expected? Have you tried turning off hostname verification? In the admin console Servers -> server name -> Configuration SSL tab -> Advanced -> Change Hostname Verification dropdown to None – Vizierate 18/12, 2014 at 16:33

Hi, yes I'm sure. And yes, I've tried changing this dropdown to None. Still the same behavior. – Wycoff 19/12, 2014 at 9:47

If this is an issue with wildcards in the certificate name (e.g. weblogic default verifier doesn't think the certificate for *.salesforce.com covers cs86.salesforce.com), WebLogic actually provides a custom verifier to use: weblogic.security.utils.SSLWLSWildcardHostnameVerifier. This value should be entered in the SSL configuration for the server in Console -> Servers -> {Server Name} -> SSL -> Advanced -> Custom Hostname Verifier

Filmy answered 5/2, 2016 at 1:45 Comment(5)

This sounds like the preferable solution. Unfortunately I still get the error when setting the Verifier to custom using the weblogic.security.utils.SSLWLSWildcardHostnameVerifier. Weblogic seems to still use the default verifier weblogic.security.utils.SSLWLSHostnameVerifier. I restarted the server and I am using WLS 12.1.3 – Radian 3/2, 2017 at 14:54

Associated documentation can be found at blogs.oracle.com/sravansarraju/entry/… But did not work for me. – Radian 3/2, 2017 at 14:59

was the error message complaining on weblogic.security.utils.SSLWLSWildcardHostnameVerifier or weblogic.security.utils.SSLWLSHostnameVerifier? If the later, did you apply the changes in weblogic console after modification? – Filmy 4/2, 2017 at 18:35

This should be the solution in order to remains the verification active (instead of set the verifier to None, decreasing the security). – Ious 6/12, 2017 at 15:52

Excelente me funciono perfecto. – Gingrich 20/4, 2020 at 20:36

admin console Servers -> server name -> Configuration SSL tab -> Advanced -> Change Hostname Verification dropdown to None

This worked for me.

Impolitic answered 6/1, 2016 at 22:44 Comment(2)

This solution reduce the security level by not verifying the hostname. – Teutonic 24/5, 2018 at 8:35

But in developing or testing case it good – Guernica 23/2, 2023 at 9:58

set JAVA_OPTIONS=%JAVA_OPTIONS% -DUseSunHttpHandler=true helped me. Try to add this line to WebLogic setDomainEnv.(cmd|sh) file. The purpose of this parameter is to tell WebLogic to use Sun's HttpHandler and do not use WebLogic one.

Mini answered 20/1, 2015 at 12:21 Comment(0)

The change I made on Console didn't help me(Console -> Servers -> {Server Name} -> SSL -> Advanced -> Custom Hostname Verifier or None) After that edited JAVA_OPTIONS property on setDomainEnv file. No verification, I know it's not a nice solution but it saved my day. Added the following line

   -Dweblogic.security.SSL.ignoreHostnameVerification=true

Generator answered 17/11, 2021 at 14:13 Comment(0)

Recommended topics

Hot tags