Skip to Main Content

Integration

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Getting error while using certificate chain

Anuj Dwivedi-OracleNov 24 2008 — edited Nov 24 2008
Hi,

I am using a certificate chain for SSL security and while sending message I am geting error. This error is coming when B2B tries to fetch private key from the wallet to sign the message. It says "certificate alias found" but then while creating message it gives error. Please find below the log for that particular portion

2008.11.24 at 09:19:24:150: Thread-13: B2B - (DEBUG) oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin:getPrivateKeyFromWallet Enter
2008.11.24 at 09:19:24:154: Thread-13: B2B - (DEBUG) oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin:getPrivateKeyFromWallet certificate alias found: Email=bis.business.solutions@bt.com,CN=BTGS B2BONRAMP,OU=Digital ID Class 1 - Microsoft Full Service,OU=Persona Not Validated,OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,OU=VeriSign Trust Network,O=VeriSign\, Inc.
2008.11.24 at 09:19:24:159: Thread-13: B2B - (DEBUG) oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin:createMessage An exception during building create message
2008.11.24 at 09:19:24:161: Thread-13: B2B - (DEBUG) oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin:createMessage exception msg: null
2008.11.24 at 09:19:24:163: Thread-13: B2B - (DEBUG) oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin:createMessage exception stack trace: java.lang.NullPointerException
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.getPrivateKeyFromWallet(EBMSExchangePlugin.java:5967)
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.getPrivateKeyForSigning(EBMSExchangePlugin.java:5322)
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.signAttachment(EBMSExchangePlugin.java:5160)
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.createMessage(EBMSExchangePlugin.java:2130)
at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequestPostColab(Request.java:1641)
at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequest(Request.java:968)
at oracle.tip.adapter.b2b.engine.Engine.processOutgoingMessage(Engine.java:1147)
at oracle.tip.adapter.b2b.transport.AppInterfaceListener.onMessage(AppInterfaceListener.java:137)
at oracle.tip.transport.basic.jms.JMSMonitor.processMessages(JMSMonitor.java:610)
at oracle.tip.transport.basic.jms.JMSMonitor.run(JMSMonitor.java:236)

2008.11.24 at 09:19:24:168: Thread-13: B2B - (ERROR) java.lang.Exception: java.lang.NullPointerException
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.createMessage(EBMSExchangePlugin.java:2289)
at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequestPostColab(Request.java:1641)
at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequest(Request.java:968)
at oracle.tip.adapter.b2b.engine.Engine.processOutgoingMessage(Engine.java:1147)
at oracle.tip.adapter.b2b.transport.AppInterfaceListener.onMessage(AppInterfaceListener.java:137)
at oracle.tip.transport.basic.jms.JMSMonitor.processMessages(JMSMonitor.java:610)
at oracle.tip.transport.basic.jms.JMSMonitor.run(JMSMonitor.java:236)
Caused by: java.lang.NullPointerException
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.getPrivateKeyFromWallet(EBMSExchangePlugin.java:5967)
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.getPrivateKeyForSigning(EBMSExchangePlugin.java:5322)
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.signAttachment(EBMSExchangePlugin.java:5160)
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.createMessage(EBMSExchangePlugin.java:2130)
... 6 more


Does anyone have any idea that what could be the reason behind this error?

Please help.

Thanks & Regards,
Anuj Dwivedi
This post has been answered by 558353 on Nov 24 2008
Jump to Answer

Comments

558353
Hi,

You may get this if you have the copy of user certifcate as an trusted entry. Please remove the trusted entry and try it out.


Regards,
Sinkar
[From Ramesh Team]
Anuj Dwivedi-Oracle
Hi Sinkar,

Thanks a lot for reply.

I have checked it already and I do not have user certificate in trusted certificate list. But I have VeriSign's (who is the issuer) two certificate in trusted certificate list. Should I remove those?

Thanks & Regards,
Anuj Dwivedi
558353
If VeriSign is the CA then you should retain it in the wallet as this is required for certificate chain validation as part of SSL. Just curious to know, how did you create a wallet and generated user certificate. This process may help us to understand things little deeper. Please send all the details over email and if possible attach you ewallet also.

P.S. Please get Suhas help to reach us if anything urgent

Thanks,
Sinkar
[From Ramesh Team]
Anuj Dwivedi-Oracle
Hi Sinkar,

Suhas is busy in a call and I am not having your e-mail Id so I am replying back on thread itself. Please find below the process by which we created the wallet-

As we have received the certificate in .pfx format from our client, we converted it into PKCS12 using below procedure-

1. created an empty wallet using Orapki and converted it into PEM format using open-ssl.(say PEM1)

2. converted the received PFX file into PEM format using open-ssl.(say PEM2)

3. copied and pasted the content of PEM2 to PEM 1.

4. converted PEM1 back to PKCS12 format using open-ssl.

By following above procedure we created the wallet and same we are using.

Cann't mail you the wallet because of privacy policy.

Please help.

Thanks & Regards,
Anuj Dwivedi
558353
Not sure, things might have gone wrong somewhere during the conversion. Please get the ewallet.p12 to us sinkarbabu.kirubanithi@oracle.com and ramesh.anantharamaiah@oracle.com
633871
Hi Sinkar,

Thanks for your reply. As of now we have converted that wallet into p12 format using Browser and renaming. I just wanted to ask that at other side should we import only our client's trust certificate or the entire chain (VeriSign's Two Cert+ Client Trust cert) ?
I will test with this and update you the same.

Thanks & Regards,
Anuj Dwivedi
558353
Answer
Hi,

You may have to have the entire chain.

One side note on the original issue reported - if you do conversion like this for some reason things doesn't work out well. The work around is as follows,

1. Export user certifcate to a file say, user.cer
2. Remove the user cetificate from the ewallet.p12
3. Import the user certifcate from the file which you created in the step 1.

This should work smooth. HTH.

Regards,
Sinkar
[From Ramesh Team]
Marked as Answer by Anuj Dwivedi-Oracle · Sep 27 2020
Anuj Dwivedi-Oracle
Hi Sinkar,

It worked. Thank you so much for the help.
I am very curious to know that why this exporting and importing is required.
Thnaks again for your timely response and help.

Warm Regards,
Anuj Dwivedi
1 - 8
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Dec 22 2008
Added on Nov 24 2008
8 comments
625 views