illegal Key Size exception when u do SSL authentication

By W.ZH Mar 2010

Issue:  When you try to do  a SSL authentication to an http site by user name and password. You get this in your weblogic server log: Key Size

Reason: For security reason, default JVM product such as weblogic use it too, has the key size limitation to meet the US export law. So you get this error.

Solution:  Sun has a  Unlimited Strength Java(TM) Cryptography Extension Policy Files for the Java(TM) Platform,  for defferent version J2SE. you need to go to sun web site to download it.  the last download in the page.

After download the jce_policy*.zip. you unzip to get two jar files: US_export_policy.jar  and local_policy.jar.. copy this file to your JRE’s lib/security folder to replace the old two files (Remember to back up them). For WLS,, norally it is in sth like: ****Middleware\jdk160**\jre\lib\security

Then , restart your weblogic server, try to access SSL auth website again. works!

If still can not solve the problem, you maybe try to change the WLS’s SSL configuration to see :

Open your weblogic console

Go to : servers -> configuration -> SSL -> Advanced -> Hostname verification

The value of this field should be “none” instead of “BEA hostname verifier”

Refer to