BC with HttpClient 4.5 and jdk1.6.0_45 Throwing error certificate Unknown (46)

[sampy2518]

I am using BC and flowwing below steps to configure.

1. Go to JAVA_HOME/jre/lib/security Take backup of “US_export_policy.jar” and “local_policy.jar”. copy it to some local directory for backup in case of Rollback.
2. Go to JAVA_HOME/jre/lib/security Replace the “US_export_policy.jar” and “local_policy.jar” with new jar provided in below path.
3. Copy bcprov-jdk15to18-165.jar and bctls-jdk15to18-165.jar from below path into JAVA_HOME /jre/lib/ext

4. Modify the file ${JAVA_HOME}/jre/lib/security/java.security commenting out the providers section and adding some extra lines

   Original security providers (just comment it)

   security.provider.1=sun.security.provider.Sun

   # security.provider.2=sun.security.rsa.SunRsaSign

   security.provider.3=com.sun.net.ssl.internal.ssl.Provider

   # security.provider.4=com.sun.crypto.provider.SunJCE
   # security.provider.5=sun.security.jgss.SunProvider
   # security.provider.6=com.sun.security.sasl.Provider
   # security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
   # security.provider.8=sun.security.smartcardio.SunPCSC
   
   # Add the Bouncy Castle security providers with higher priority
   security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
   security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
   
   # Original security providers with different priorities

   security.provider.3=sun.security.provider.Sun security.provider.4=sun.security.rsa.SunRsaSign security.provider.5=com.sun.net.ssl.internal.ssl.Provider security.provider.6=com.sun.crypto.provider.SunJCE security.provider.7=sun.security.jgss.SunProvider security.provider.8=com.sun.security.sasl.Provider security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI security.provider.10=sun.security.smartcardio.SunPCSC

While running it in standalone program with HttpClient 4.5 its running fine and getting my response. but while using the same code in my project and deploying it on Weblogic 11 . getting the below error. Please assist.

org.bouncycastle.tls.TlsFatalAlert: certificate_unknown(46) at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.checkServerTrusted(Unknown Source) at org.bouncycastle.jsse.provider.ProvTlsClient$1.notifyServerCertificate(Unknown Source) at org.bouncycastle.tls.TlsUtils.processServerCertificate(Unknown Source) at org.bouncycastle.tls.TlsClientProtocol.handleServerCertificate(Unknown Source) at org.bouncycastle.tls.TlsClientProtocol.handleHandshakeMessage(Unknown Source) at org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source) at org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source) at org.bouncycastle.tls.RecordStream.readRecord(Unknown Source) at org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source) at org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source) at org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source) at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(Unknown Source) at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(Unknown Source) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at com.celfocus.vfe.services.ocr.service.Ocr.sendFilesToOCR(Ocr.java:1217) at com.celfocus.vfe.services.ocr.service.Ocr.sendDocumentsToOCR(Ocr.java:1135) at com.celfocus.vfe.services.ocr.service.Ocr.readEmiratesId_aroundBody0(Ocr.java:146) at com.celfocus.vfe.services.ocr.service.Ocr.readEmiratesId_aroundBody1$advice(Ocr.java:28) at com.celfocus.vfe.services.ocr.service.Ocr.readEmiratesId(Ocr.java:1) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.celfocus.vfe.services.web.ServicesServlet.run(ServicesServlet.java:396) at com.celfocus.use.routes.action.JavaAction.runJavaAction(JavaAction.java:64) at com.celfocus.use.routes.action.JavaAction.run(JavaAction.java:28) at com.celfocus.use.routes.Route.execute(Route.java:131) at com.celfocus.use.routes.RouteExecutor.run(RouteExecutor.java:20) at com.celfocus.use.routes.RouteManagerImpl.executeRoute(RouteManagerImpl.java:214) at com.celfocus.use.routes.RouteManagerImpl.findAndExecuteRoute(RouteManagerImpl.java:81) at com.celfocus.use.routes.RouteManagerImpl.findAndExecuteRoute(RouteManagerImpl.java:66) at com.celfocus.use.server.servlet.UseServlet.processMessage(UseServlet.java:369) at com.celfocus.use.server.servlet.UseServlet.processDoPost(UseServlet.java:201) at com.celfocus.use.server.servlet.UseServlet.doPost(UseServlet.java:121) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:184) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3750) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3714) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2283) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2182) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1499) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263) at weblogic.work.ExecuteThread.run(ExecuteThread.java:221) Caused by: java.security.cert.CertificateException: Unable to construct a valid chain at org.bouncycastle.jsse.provider.ProvX509TrustManager.validateChain(Unknown Source) at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkTrusted(Unknown Source) at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkServerTrusted(Unknown Source) ... 58 more Caused by: java.security.cert.CertPathValidatorException: Certificate doesn't support 'digitalSignature' KeyUsage at org.bouncycastle.jsse.provider.ProvAlgorithmChecker.checkEndEntity(Unknown Source) at org.bouncycastle.jsse.provider.ProvAlgorithmChecker.checkCertPathExtras(Unknown Source) ... 61 more

[dghgit]

The cause appears to be at the bottom - the certificate in use doesn't support digitalSignature.

[peterdettman]

Inactive.

[Gomdori74]

I need your help. The system is operating in the same environment. How can I inactive digital signature checking?