This discussion is archived
1 Reply Latest reply: May 16, 2012 6:24 AM by 937375 RSS

Two way SSL in OSB

937375 Newbie
Currently Being Moderated
Hi
First of all, i know there are many threads about ssl in osb, but they didnt help me :(

I've read all documentation from Oracle about it, but my english isnt perfect so i may not understand (i know i dont) everything corectlly.

What I need to do:

connect from one server using business service to another server (proxy service) using client certificate and https.

What I have done:

Proxy service routing to business service which endpoint uri points to proxy service on second server. That proxy service have https required checked (https is working fine, authentication is my problem) and client certificate checked.

At the beginning i was trying doing it, using demo keystores but i got "unauthorized" error. Am I able do anything about this? or i really must use my own keystores?


Later, my co-worker have generated keystore for me. So i changed keystores at both servers to custom keystores. Then I got error saying "<con:reason>Tried all: 1 addresses, but could not connect over HTTPS to server: soasuite port: 8012</con:reason>"

Could you guys write what should i do step by step? Im new at this, but as i see Oracle will be my future at work, so i need to understand two way ssl.

I suppose I need to create service key provider? But how should I "attach" it to my services?
To create service key provider I need PKI Credential Mapping Provider. In "Provider Specific" i need to type "Keystore filename" but which keystore? Using demo keystore i have Identity and Trust.

Do i need anything else? I really appreciate any help other than documentation link (which im reading for few days, and still cant solve my problem).

Edited by: 934372 on 2012-05-15 01:47

Edited by: 934372 on 2012-05-15 02:50

When i switch "Two Way Client Cert Behavior:" to Client Certs Requested and Enforced i got:General runtime error: [Security:090482]BAD_CERTIFICATE alert was received from soasuite - 10.105.58.146. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.

instead of "unauthorized"

Edited by: 934372 on 2012-05-15 03:04

Edited by: 934372 on 2012-05-15 03:08

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points