This discussion is archived
6 Replies Latest reply: Aug 9, 2013 3:09 PM by 1002644 RSS

Calling HTTPS service from OSB

863275 Newbie
Currently Being Moderated
We have a requirement where I need to invoke a HTTPS service from OSB ..the end system has given me 3 certificates ..

I am receiving the below error when I invoke the backend service ..

The invocation resulted in an error: [Security:090477]Certificate chain received from - (servername here ) was not trusted causing SSL handshake failure..



Can some body tell me how can i use the 3 certificates provided by the end system while calling the HTTPS service from Business service..



I created a single certificate file( AllCertificates.cer) with the contents of all the three certificates provided by the target system.I tried below commond assuming that we need to import the certificate into jdk so at runtime osb will check with jkd for certificate

keytool -import -keystore C:\Oracle\Middleware\jdk160_24\jre\lib/security/cacerts -file C:\Oracle\Middleware\jdk160_24\jre\bin\mycertificates\AllCertificates.cer



but i am still facing the same error..might be I am not doing it correctly or I am missing some more conifguration
  • 1. Re: Calling HTTPS service from OSB
    863275 Newbie
    Currently Being Moderated
    I think my scenario might be a simple one ..i jus want to know how to import the certifcate into OSB ..so that when Osb BS makes a HTTPS call to target service it will use the certificate so that i may not get the below error

    The invocation resulted in an error: [Security:090477]Certificate chain received from - (servername here ) was not trusted causing SSL handshake failure

    can some body let me know how can i do this
  • 2. Re: Calling HTTPS service from OSB
    687626 Expert
    Currently Being Moderated
    Since you have selected to use jdk keystore as your trust keystore, you need to change the keystore setting in Admin console --> <OSB Server> --> keystore tab. Set Keystores to Custom Identity and Java Standard Trust.
  • 3. Re: Calling HTTPS service from OSB
    863275 Newbie
    Currently Being Moderated
    I resolved it already...thanks for your reply..

    I have a problem ,when i use the same java keystore which was updated with the target system certificate into SOAP UI its not wroking ..i went into preference->ssl setting and browsed to the java keystore and given the keystore password as changeit(which is the default one)
    one more question i have is ..when i want to configure keystore in a cluster environment do i need to configure it for both admin and managed severs or is that ok if we configure the Custom Identity and Java Standard Trust on admin server only.
  • 4. Re: Calling HTTPS service from OSB
    Abhinav Journeyer
    Currently Being Moderated
    Hi ,
    I order to import certificates into osb, you can create Service Key provider as a resource in your project folder to import your certificates and then click on the proxyservice, go to security tab and then browse to certificates location .
    But u need to create
    • PKI credential mapper provider configured in your security realm.Otherwise Service key provider management will be disabled.
    Configure a PKI credential mapper provider if you need service provider support.
    This is typically the case if you have Oracle Service Bus proxy services with web service security enabled or outbound 2-way SSL connections.


    Abhinav !!
  • 5. Re: Calling HTTPS service from OSB
    687626 Expert
    Currently Being Moderated
    do i need to configure it for both admin and managed severs or is that ok if we configure the Custom Identity and Java Standard Trust on admin server only
    in cluster you need to do only for the managed servers, admin is not required. This is because OSB code gets executed on the managed servers and not on admin server.
  • 6. Re: Calling HTTPS service from OSB
    1002644 Newbie
    Currently Being Moderated

    Hi,

     

    I am also facing same issue .

     

    Here is the my requirement is also same (We have a requirement where I need to invoke a HTTPS service from OSB ..the end system has given me 3 certificates ..)

     

    Same as above mentioned  error only i am getting (The invocation resulted in an error: [Security:090477]Certificate chain received from - (servername here ) was not trusted causing SSL handshake failure..)

     

    1.Can you please guide me how to create a one certificate with the given 3 certificates . steps and keytool commands.

     

    2.Second point after changing to the given point (Admin console --> <OSB Server> --> keystore tab. Set Keystores to Custom Identity and Java Standard Trust.)


    Changed Keystores as :- Custom Identity and Java Standard Trust

    Under Identity
    -------------------------
    Custom Identity KeyStore:

    Custom Identity KeyStore Type:

    Custom Identity KeyStore PassPhrase:

    Confirm Custom Identity KeyStore PassPhrase:
    ---------------------------------------

    Under Trust

    -------------------------------------

    Java Standard Trust KeyStore: C:\ORACLE~1\MIDDLE~1\JDK160~1\jre\lib\security\cacerts

    Java Standard Trust KeyStore Type:jks

    Java Standard Trust KeyStore PassPhrase:

    Confirm Java Standard Trust KeyStore PassPhrase:
    ---------------------------------------

    Java Standard Trust KeyStore: C:\ORACLE~1\MIDDLE~1\JDK160~1\jre\lib\security\cacerts
    Java Standard Trust KeyStore Type: jks

    are already filled with  the above values

    Can you please let me know what are the values need to be entered in IDENTITY and TRUST for the rest of the values?

    Regards,
    Sri.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points