I am writing an application that uses OAuth for 3rd party login. However, Weblogic 10.3.5 does not by default accept the way Facebook uses a wildcard in their SSL Certificate.
Caused By: javax.net.ssl.SSLKeyException: [Security:090504]Certificate chain received from graph.facebook.com - 220.127.116.11 failed hostname verification check.
Certificate contained *.facebook.com but check expected graph.facebook.com
So I am attempting to use a Custom Hostname Verifier that implements the weblogic.security.SSL.HostnameVerifier interface, to use instead of the standard BEA Hostname Verifier. I have packaged into a jar, my CustomHostnameVerifier class that implements the weblogic.security.SSL.HostnameVerifier interface. Here's where I might be running into trouble. To make this class available on the weblogic classpath, I have tried placing the jar in various weblogic lib directories on my development machine. (%WL_HOME%\wlserver_10.3\server\lib) And then in the weblogic console's advanced settings for SSL on the DefaultServer, I select that I want to use a Custom Hostname verifier, and provide the full class name of my class: my.package.prefix.CustomHostnameVerifier.
Now when I reboot and try connecting with Facebook, a ClassNotFoundException is thrown:
, instead of and in addition to the SSL tab settings in the console. I've found no luck so far using suggestions from documentation and the web. I was just hoping someone might know what I'm doing wrong here, or be able to point me in the right direction for properly making classes available to weblogic.