Wednesday, December 4, 2013

WLST: certificate parsing exception PKIX

"The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object"

it turned out that I had to add to the WLST trust store (wlsTrust.jks) the root certificate of the CA certifying the Identity Store of the domain

and add this to wlst.sh :

export WLST_PROPERTIES="-Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.TrustKeyStore=CustomTrust -Dweblogic.security.CustomTrustKeyStoreFileName=/opt/oracle/certs/wlsTrust.jks -Dweblogic.security.CustomTrustKeyStorePassPhrase=bla -Dweblogic.security.CustomTrustKeyStoreType=JKS"



No comments: