Hi, I am currently facing issues due to wildcard hostname in SSL certificate. Every site gives the information about how to configure a Custom host name verifier in Weblogic console, but the .class file is neither present in weblogic.jar of 10g or 11g Weblogic server versions. Just this configuration change does not fix this problem. Any idea where can I find the .class file to include in my server classpath.
Exception received when invoking the webservice from my java source code:
Cannot create instance of Hostname Verifier weblogic.security.utils.SSLWLSWildcardHostnameVerifier
In WLS releases before WLS 188.8.131.52 (WLS 10.3.5), WebLogic Server's hostname verification code did not support wildcard certificates. Thus as per a product enhancement, we have created a separate hostname verification code, which allows wildcard certificates.
Thus in order to have this functionality on WLS 10.3.5 and below, we have Patch 10215257 for WLS 10.3.0, 10.3.4, and 10.3.5.
NOTE: This wildcard implementation is embedded in the binaries of WLS 10.3.6 and 184.108.40.206, thus there is no requirement for a patch on those versions and higher.
Once we apply the apprropriate patch we need to do the following:
Add the server start-up parameter (in the java_options):
Navigate to Admin Console -> server_name -> SSL -> Advanced. Check the checkbox Use JSSE.
This has to be done on all the servers where we are planning to use the wild card certificate. If you are using WLS 10.3.6+ or WLS 220.127.116.11+, do the following:
Enable "Use JSSE."
Navigate to Admin console -> server_name -> SSL -> Advanced ->. Check the checkbox Use JSSE.
Select the value "weblogic.security.utils.SSLWLSWildcardHostnameVerifier" from the dropdown list of "Hostname verfication" parameters.
Weblogic server by default implements certicom SSL. In release WLS 10.3.4 the JSSE is implemented and certcom deprecated. As mentioned above.
But wth previous version i.e. 10.3 which hasn't got this option available in the console, we can implement the following parameters to enable Sun SSL implementation instead of certicom: