In our composite, we tried to reference an external wsdl which is listening on HTTPS.
When we try to reference the wsdl, we receive the following error:
Error while reading wsdl file https://server/HelloWorld?wsdl. Exception: WSDLException: faultCode=PARSER_ERROR: Failed to read wsdl file at: "https://server/HelloWorld?wsdl", caused by: javax.net.ssl.SSLHandshakeException. : javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
Solution:
The reason behind the error above is because the SSL certificate on the target web server is signed by the customer's own CA (Certificate Authority). The idea is to configure JDeveloper 11g to trust this Certificate Authority.
1. Paste the URL of the external web service in Firefox
2. Click on the lock icon on the bottom of the browser
3. Click on View Certificate
4. Click on the Details tab
5. Under "Certificate Hierarchy", click on the issuing CA (beside the arrow)
6. Click on Export...
7. Save the file to JDeveloper's Java Home location, under ~/lib/security. If the ~/security subfolder doesn't exist, then create it. For example, this is my location:
C:\dev\jdev11g\jdk160_18\lib\security
8. Open a command prompt window and perform the following:
echo ----------------------------------------9. Open up JDeveloper 11g
echo Set the environment
echo ----------------------------------------
cd C:\dev\jdev11g\jdk160_18\lib\security
set JAVA_HOME=C:\dev\jdev11g\jdk160_18
set PATH=%JAVA_HOME%\bin;%PATH%
echo ----------------------------------------
echo Import the CA cert to a Java keystore (setting password to 'welcome1')
echo ----------------------------------------
keytool -import -trustcacerts -file IPNWeb-Issuing-CA.crt -keystore IPNWeb-Issuing-CA.jks -storepass welcome1
echo ----------------------------------------
echo List the CA certs in the Java keystore
echo ----------------------------------------
keytool -list -v -keystore IPNWeb-Issuing-CA.jks -storepass welcome1
10. Navigate to Tools -> Preferences -> Http Analyzer -> HTTPS Setup
11. Browse to the location of the Client Trusted Certificate Keystore as shown, and enter the password of 'welcome1' (which is what we used in step 8)
12. Click on OK then OK
13. Try again, and it should work now
Follow Up:
One of our developer's ran into the following error when trying to copy the schemas locally (after performing the steps above). The error appears as:
To avoid this error, perform the following:Artifact Localizer encountered exception: WSDLException: faultCode=parsing xml error: javax.net.ssl.SSLKeyException: [Security:090542]Certificate chain received from ipnweb.com - 192.168.20.2 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.
1. Open a command prompt window and run the following commands:
cd C:\dev\jdev11g\jdk160_18\lib\security2. Open the C:\dev\jdev11g\jdk160_18\lib\security folder and double-click on the "IPNWeb-Issuing-CA.crt" file, and accept all defaults.
set JAVA_HOME=C:\dev\jdev11g\jdk160_18
set PATH=%JAVA_HOME%\bin;%PATH%
keytool -import -keystore cacerts -file IPNWeb-Issuing-CA.crt -storepass welcome1
3. Try again, and the error above should be resolved.
Applicable Versions:
- Oracle SOA Suite 11g (11.1.1.3)
- Oracle JDeveloper 11g (11.1.1.3)
References:
- http://download.oracle.com/docs/cd/E14571_01/integration.1111/e10226/soacompapp_secure.htm#CHDHIBJF
- http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
4 comments:
The best of freelance writing jobs is here.
Thanks, this info was just what I was looking for.
this is what has been looking for online by many many people.
Thank you for sharing this valuable information.
Top Digital Marketing Services
How to Create A Dropshipping Website
Digital Marketing Services
Post a Comment