Forum Stats

  • 3,768,303 Users
  • 2,252,772 Discussions
  • 7,874,521 Comments

Discussions

unable to find valid certification path to requested target

rmunene
rmunene Member Posts: 61 Blue Ribbon
edited Sep 11, 2018 4:32AM in SOA Suite Discusssions

Hi,

I'm testing a few composites where the external partner uses ssl. The certificates work on the test environment but on prod they generate failing/on recovery instances. See below error.

NB: The setup on prod and test in the same

oracle.fabric.common.FabricInvocationException: Unable to invoke endpoint URI "https://integrations.kra.go.ke:443/ws" successfully due to: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Unable to invoke endpoint URI "https://integrations.kra.go.ke:443/ws" successfully due to: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Also strange that after adding a certificate using below command

keytool -import -trustcacerts -alias krakey -file /export/home/applprod/IntegrationsRootCert.cer -keystore /usr/jdk/instances/jdk1.8.0/jre/lib/security/cacerts

I was still able to add the same certificate using the enterprise manager console and there was no conflict.

Weblogic Domain>Security>Keystore>trust>Manage>import certificate.

Jks location is  /usr/jdk/instances/jdk1.8.0/jre/lib/security/cacerts

How can I resolve this issue?

Your assistance is highly appreciated.

Tagged:

Answers

  • vladodias
    vladodias Member Posts: 2,283 Gold Trophy
    edited Sep 10, 2018 12:58AM

    Hi,

    Check the "Keystores" tab configuration for the SOA managed server... Navigate to <domain> --> Environment --> Servers --> click on the soa managed server --> Keystores tab

    The configuration of prod and test might be different on there...

    Cheers,

    Vlad

  • rmunene
    rmunene Member Posts: 61 Blue Ribbon
    edited Sep 11, 2018 4:32AM

    Hi Vladivoas,

    External partner made changes to ssl which cleared the error. Made no config changes to the soa environment.

    Thank you

This discussion has been closed.