Oracle WebLogic Server performs certificate validation whenever it establishes an outbound SSL connection, or when a two-way SSL connection is established. As part of certificate validation, WebLogic Server checks if the certificate contains the Basic Constraints extension. Ensuring the presence of the Basic Constraints extension will prevent attackers from generating new certificates to aid in website spoofing.

Ensure the check for Basic Constraints extension is enabled, by verifying whether the following line is absent in the WebLogic Server startup command.

Figure 4-2 Check for Basic Constraints extension

Description of "Figure 4-2 Check for Basic Constraints extension"

Also verify if any messages have been logged at WebLogic server boot, providing information about the presence of certificates that could be rejected by clients.