icon-arrow icon-check icon-mail icon-phone icon-facebook icon-linkedin icon-youtube icon-twitter icon-cheveron icon-download icon-instagram play close icon-arrow-uturn icon-calendar icon-clock icon-search icon-chevron-process icon-skills icon-knowledge icon-kite icon-education icon-languages icon-tools icon-experience icon-coffee-cup
Werken bij Whitehorses
Blog 12/12/2013

BEA-090898 – Unsupported OID in the AlgorithmIdentifier Object


This error shows up  in our OSB logs all the time:

<BEA-090898> <Ignoring the trusted CA certificate “CN=KEYNECTIS ROOT CA,  OU=ROOT,O=KEYNECTIS,C=FR”. The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>

There aren’t any relevant results when searching for the BEA-090898, but Oracle Support has a note that mentions the cause of the PKIX: Unsupported OID in the AlgorithmIdentifier object error. This is the cause according to support:

Recent updates to the Sun JDK (Java Developer Kit) (versions: 1.6.0_13 and 1.5.0_18) are incompatible with the SSL (Secure Socket Layer) implementation in the following versions of Oracle WebLogic Server:

  • 11gR1 (10.3.1)
  • 10gR3 (10.3.0)
  • 10.0 and all maintenance releases of 10.0
  • 9.0, 9.1, 9.2 and all maintenance releases of 9.2 prior to 9.2 MP4

Oracle JRockit versions from R27.6.4 (1.6.0_13 and 1.5.0_18) and higher also exhibit this issue.

The solution is to install one of the following patches after upgrading the Java JDK. Note: this issue should be fixed in Weblogic server 10.3.2 and above.

WLS Version Patch Number
9.1.0 Patch 8422724
9.2.0 Patch 9384535
9.2.1 Patch 9032735
9.2.2 Patch 9309512
9.2.3 Patch 8849418
10.0.0 Patch 8422724
10.0.1 Patch 8895699
10.0.2 Patch 8896127
10.3.0 Patch 8715553
10.3.1 Patch 9003716

If you still encounter the problem after patching, try one of the following solutions:

1) Select your Server in the Weblogic Console -> SSL -> Advanced -> set “Enable JSSE” to true. Restart your weblogic.
2) Replace the trust store file of jdkjrelibsecuritycacerts with one from earlier JDK (Oracle Doc ID 952078.1).
3) check the contents in the keystore file by issueing the following command: keytool -list -keystore .keystore
Delete the invalid certificates with “keytool -delete -alias mydomain -keystore keystore.jks”

Overzicht blogs

Geen reacties

Geef jouw mening

Reactie plaatsen

Reactie toevoegen

Jouw e-mailadres wordt niet openbaar gemaakt.


  • Geen HTML toegestaan.
  • Regels en alinea's worden automatisch gesplitst.
  • Web- en e-mailadressen worden automatisch naar links omgezet.

Wil je deel uitmaken van een groep gedreven en ambitieuze integratiespecialisten? Stuur ons jouw cv!