weblogic soa错误

TLS/SSL Certificate errors and warnings in WebLogic

<2012-04-22 18.13.16 EEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<2012-04-22 18.13.16 EEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<2012-04-22 18.13.16 EEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<2012-04-22 18.13.16 EEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<2012-04-22 18.13.16 EEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<2012-04-22 18.13.16 EEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<2012-04-22 18.13.16 EEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<2012-04-22 18.13.16 EEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<2012-04-22 18.13.16 EEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 

If you get similar output when starting your WebLogic server, you are prone to the same troubles as I was.
It doesn't matter if you imported required certificates to your keystore (trust/cacerts or other). Once you call a web service that is handled by a server using certain certificate (to be specific, certain encryption algorithms), you will get a nasty error:
"FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received".

As weblogic's documentation says, it does not support a lot of encryption algorithms. Errors stated by OP indicate that this is the case.


Documentation:
http://docs.oracle.com/cd/E21764_01/web.1111/e13707/ssl.htm#SECMG502

Solution:
Set "Enable JSSE" to true. Docs say how. I used Weblogic Console method:
[Select your Server] -> SSL -> check "Enable JSSE" to true.
Restart your weblogic.

Check if your web service client works as expected - mine worked as a charm.

2,

To output the keys affected from {JAVA_HOME}\bin (Windows): 

keytool -list -v -keystore ..\lib\security\cacerts -storepass changeit > list.txt

I ended up having to delete the following keys:

keytool -delete -keystore ..\lib\security\cacerts -alias ttelesecglobalrootclass2ca -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias ttelesecglobalrootclass3ca -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias keynectisrootca -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias thawteprimaryrootcag3 -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias globalsignr3ca -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias secomscrootca2 -storepass changeit
keytool -delete -keystore ..\lib\security\cacerts -alias verisignuniversalrootca -storepass

 changeit
keytool -delete -keystore ..\lib\security\cacerts -alias geotrustprimarycag3 -storepass changeit

解决:(记录下,对于空指针的问题,还没有确认)

检查jdk版本:

可能版本过高,可以通过 jdk版本匹配

或者修改证书