SSL issue deploying REST project on SOA 12c

Issue:

summary=<summary>oracle.fabric.common.FabricInvocationException: javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target</summary>

Thoughts:

The certificate provided by the service invoked is not available in the trust store.

From my previous experiences using SOA, there are two main certificate truststores

1- Weblogic level, which can be configured using weblogic console
2- Java level, which can configured using JVM arguments during startup

However, importing the certificates in both the trust stores did not solve my issue. On enabling ssl debugging using "-Djavax.net.debug=all" in WebLogic startup arguments I observed that when the service is invoked, SOA is loading only a couple of trusted cerrtificates during my invocation.

CN=CertGenCA,OU=FOR TESTING ONLY,O=MyOrganization,L=MyTown,ST=MyState,C=US.

CN=CertGenCAB,OU=FOR TESTING ONLY,O=MyOrganization,L=MyTown,ST=MyState,C=US.

On googling noticed that these two are the only certificates available in OPSS trust keystore which is being used.

On adding my certificate to OPSS trust keystore, I no longer faced the issue.

Comments

Post a Comment

Popular posts from this blog

weblogic.socket.NIOSocketMuxer$2 cannot be cast to javax.net.ssl.SSLSocket - OUAF application

Issue: weblogic.socket.NIOSocketMuxer$2 cannot be cast to javax.net.ssl.SSLSocket Note: This is applicable for OUAF based applications Analysis & Resolution: In configureEnv.sh(or cmd) - Menu block 3  3. Web Application Server Configuration        Web Server Host:                                   xxxxxx        WebLogic SSL Port Number:                7001        WebLogic Console Port Number:          7002        Web Context Root:                                 ouaf In the above-mentioned configuration Weblogic SSL Port number which will be used by OUAF application(SPLWeb) to start is http port on my AdminServer instance. C...
Read more

Invalid file name for use with -Xloggc: Filename can only contain the characters [A-Z][a-z][0-9]-_.%[p|t]

Issue: WebLogic manged server does not start with below error Error: Could not create the Java Virtual Machine. Error: A fatal exception has occurred. Program will exit. Invalid file name for use with -Xloggc: Filename can only contain the characters [A-Z][a-z][0-9]-_.%[p|t] but it has been /tmp/gc_wls$$.log Thoughts: I was passing '-Xloggc:/tmp/gc_wls$$.log' as part of Arguments under 'Server Start' under my managed server in WebLogic Console. Generally $$ evaluates to PID of the process for which the memory arguments are passed to. But the values that are sent using Arguments section for a server as i did above will be sent as Java Arguments instead of Memory Argument which then failed to evaluate to process ID. Resolution: The memory arguments which are passed in Arguments section should be refactored. In my case, i created a new executable file in my domain home  setUserOverrides.sh(A file if exists processed by startWeblogic.sh) and passed m...
Read more