Java utils.ValidateCertChain -pem pemcertificatefilename The following is the syntax for the ValidateCertChain command-line utility: java utils.ValidateCertChain -file pemcertificatefilename The utility validates certificate chains from PEM files, PKCS-12 files, PKCS-12 keystores, and JKS keystores.Ī complete certificate chain must be used with the utility. Use the WebLogic Server ValidateCertChain command-line utility to confirm whether an existing certificate chain will be rejected by WebLogic Server. CA certificates from most commercial certificate authorities should work with the default strong option. Instead, purchase new CA certificates that comply with the IETF RFC 2459 standard. Oracle does not recommend using this option in a production environment. The rest of the certificate is still validated. Use this option to turn off checking for the Basic Constraints extension. This option is not the default because a number of commercially available CA certificates do not conform to the IETF RFC 2459 standard.įunctions the same as the strict option, described in the preceding row, with the additional constraint that X.509 version 1 CA certificates are rejected. This option enforces the IETF RFC 2459 standard. Use this option to ensure the Basic Constraints extension on the CA certificate is defined as CA and set to critical. =trueīy default, WebLogic Server performs this level of certificate validation.įunctions the same as the strong option, described in the preceding row, with the additional constraint that X.509 version 1 CA certificates are rejected. Use this option to ensure that the Basic Constraints extension on the CA certificate is defined as CA.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |