Bad Certificate SSL exception while trying to access https url

Question

I have a piece of code to download an excel from online and save it in the desired location. I have run the code in local (run as "Java Application") it works perfectly fine. But when I added it in the project code and deployed it in weblogic 10.3 it gets stuck after the authentication. Could you please help me out here.

public void saveFileFromUrlWithJavaIO(String fileName, String fileUrl) throws MalformedURLException, IOException {
WEBLOGGER.info("Going into this method...");
BufferedInputStream in = null;
FileOutputStream fout = null;
WEBLOGGER.info("Going into this method...");
try {
WEBLOGGER.info("trying to authenticate...");
authenticate();
WEBLOGGER.info("Authentication done...");
in = new BufferedInputStream(new URL(fileUrl).openStream());
WEBLOGGER.info("in operation done...");
fout = new FileOutputStream(fileName);
WEBLOGGER.info("Going into this method...");
byte data[] = new byte[1024];
int count;
WEBLOGGER.info("Going into this method...");
while ((count = in.read(data, 0, 1024)) != -1) {
fout.write(data, 0, count);
}
} finally {
if (in != null)
in.close();
if (fout != null)
fout.close();
}
}

I get the following error

javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.

After some digging, I have enabled Use JSSE SSL in weblogic server console. Now I get the following error.

javax.net.ssl.SSLHandshakeException: General SSLEngine problem

Answer 1

I removed all the authentication and proxy handling contents in the code and made following changes in the weblogic console.

1)
In setEnv file located in your weblogic server path(i.e /apps/appName/bin) added:
JAVA_OPTIONS="${JAVA_OPTIONS} -Dhttps.proxyHost=x.y.z"
JAVA_OPTIONS="${JAVA_OPTIONS} -Dhttps.proxyPort=port"
JAVA_OPTIONS="${JAVA_OPTIONS} -Dhttps.nonProxyHosts=*.y.z"

2) In weblogic console: servers-> keystores Change from “Demo identity and Demo trust” to “Custom Identity
and Java Standard Trust”

3) in weblogic console: servers-> SSL-> advanced-> Tick “Use JSSE SSL” and also set “Hostname Verification” to
none

Useful link: http://www.ateam-oracle.com/improve-ssl-support-for-your-weblogic-domains/

Answer 2

Had the same issue. And solved with one step:

On weblogic console: servers-> SSL-> advanced-> Enable “Use JSSE SSL”.

Reading the documentation of the weblogic version I am using ( 10.3.6 ), I believe this problem occurs that the default implementation of SSL supports an small amount of protocols... according to this:

If JSSE is enabled, this property value enables any protocol starting with "TLS" for messages that are sent and accepted; for example, TLS V1.0, TLS V1.1, and TLS V1.2. If the Certicom-based SSL implementation is enabled, only TLS V1 is enabled.