FIM Weblogic throws exception with new SSL cert - java.io.IOException: Cannot convert identity certificate
Originally Published: 2015-04-20
Article Number
Applies To
RSA Product/Service Type: Oracle Weblogic 10.0.1
Issue
java.io.IOException: Cannot convert identity certificate at weblogic.server.channels.DynamicSSLListenThread.<init>(DynamicSSLListenThread.java:59) at weblogic.server.channels.DynamicListenThreadManager.createListener(DynamicListenThreadManager.java:273) at weblogic.server.channels.AdminPortService.bindListeners(AdminPortService.java:76) at weblogic.server.channels.EnableAdminListenersService.start(EnableAdminListenersService.java:39) at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200) at weblogic.work.ExecuteThread.run(ExecuteThread.java:172) Caused by: java.lang.RuntimeException: Cannot convert identity certificate at com.certicom.tls.interfaceimpl.CertificateSupport.addAuthChain(Unknown Source) at com.certicom.net.ssl.SSLContext.addAuthChain(Unknown Source) at com.bea.sslplus.CerticomSSLContext.addIdentity(Unknown Source) at weblogic.security.utils.SSLContextWrapper.addIdentity(SSLContextWrapper.java:77) at weblogic.security.utils.SSLContextManager.createServerSSLContext(SSLContextManager.java:286) at weblogic.security.utils.SSLContextManager.getChannelSSLContext(SSLContextManager.java:239) at weblogic.security.utils.SSLContextManager.getSSLServerSocketFactory(SSLContextManager.java:89) at weblogic.server.channels.DynamicSSLListenThread.<init>(DynamicSSLListenThread.java:55) ... 6 more
Cause
Resolution
Enable JSSE SSL, which is under the advanced options of the weblogic console found under the SSL tab
Set “Use JSSE SSL” for Admin server after you import the certificate into the trust keystore on admin server. Otherwise, Admin server may fail to communicate with node manager, and you will see “javax.net.ssl.SSLKeyException” error when you check Node Manager Status from weblogic console.
Also modify the file $WL_HOME/server/bin/startNodeManager.sh
to add the following line:
JAVA_OPTIONS="-Dweblogic.security.SSL.enableJSSE=true ${JAVA_OPTIONS}"
Workaround
Related Articles
Edit an Identity Source SSL Certificate Number of Views How to generate an SSL certificate for tomcat. Number of Views Identity Source SSL Certificates Number of Views Add an Identity Source SSL Certificate Number of Views Error: 'AttributePluginException: error encountered while trying to convert a user property: samlattr6: java.lang.IllegalA… Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026) Deploying RSA Authenticator 6.2.2 for Windows Using DISM RSA MFA Agent 2.4 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
