Forum Stats

  • 3,827,873 Users
  • 2,260,836 Discussions
  • 7,897,401 Comments

Discussions

Getting error while using certificate chain

Anuj Dwivedi--Oracle
Anuj Dwivedi--Oracle Member Posts: 7,077 Employee
edited Nov 24, 2008 8:02AM in Integration - B2B
Hi,

I am using a certificate chain for SSL security and while sending message I am geting error. This error is coming when B2B tries to fetch private key from the wallet to sign the message. It says "certificate alias found" but then while creating message it gives error. Please find below the log for that particular portion

2008.11.24 at 09:19:24:150: Thread-13: B2B - (DEBUG) oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin:getPrivateKeyFromWallet Enter
2008.11.24 at 09:19:24:154: Thread-13: B2B - (DEBUG) oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin:getPrivateKeyFromWallet certificate alias found: [email protected],CN=BTGS B2BONRAMP,OU=Digital ID Class 1 - Microsoft Full Service,OU=Persona Not Validated,OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,OU=VeriSign Trust Network,O=VeriSign\, Inc.
2008.11.24 at 09:19:24:159: Thread-13: B2B - (DEBUG) oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin:createMessage An exception during building create message
2008.11.24 at 09:19:24:161: Thread-13: B2B - (DEBUG) oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin:createMessage exception msg: null
2008.11.24 at 09:19:24:163: Thread-13: B2B - (DEBUG) oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin:createMessage exception stack trace: java.lang.NullPointerException
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.getPrivateKeyFromWallet(EBMSExchangePlugin.java:5967)
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.getPrivateKeyForSigning(EBMSExchangePlugin.java:5322)
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.signAttachment(EBMSExchangePlugin.java:5160)
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.createMessage(EBMSExchangePlugin.java:2130)
at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequestPostColab(Request.java:1641)
at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequest(Request.java:968)
at oracle.tip.adapter.b2b.engine.Engine.processOutgoingMessage(Engine.java:1147)
at oracle.tip.adapter.b2b.transport.AppInterfaceListener.onMessage(AppInterfaceListener.java:137)
at oracle.tip.transport.basic.jms.JMSMonitor.processMessages(JMSMonitor.java:610)
at oracle.tip.transport.basic.jms.JMSMonitor.run(JMSMonitor.java:236)

2008.11.24 at 09:19:24:168: Thread-13: B2B - (ERROR) java.lang.Exception: java.lang.NullPointerException
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.createMessage(EBMSExchangePlugin.java:2289)
at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequestPostColab(Request.java:1641)
at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequest(Request.java:968)
at oracle.tip.adapter.b2b.engine.Engine.processOutgoingMessage(Engine.java:1147)
at oracle.tip.adapter.b2b.transport.AppInterfaceListener.onMessage(AppInterfaceListener.java:137)
at oracle.tip.transport.basic.jms.JMSMonitor.processMessages(JMSMonitor.java:610)
at oracle.tip.transport.basic.jms.JMSMonitor.run(JMSMonitor.java:236)
Caused by: java.lang.NullPointerException
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.getPrivateKeyFromWallet(EBMSExchangePlugin.java:5967)
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.getPrivateKeyForSigning(EBMSExchangePlugin.java:5322)
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.signAttachment(EBMSExchangePlugin.java:5160)
at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.createMessage(EBMSExchangePlugin.java:2130)
... 6 more


Does anyone have any idea that what could be the reason behind this error?

Please help.

Thanks & Regards,
Anuj Dwivedi
Tagged:

Best Answer

  • 558353
    558353 Member Posts: 175
    Answer ✓
    Hi,

    You may have to have the entire chain.

    One side note on the original issue reported - if you do conversion like this for some reason things doesn't work out well. The work around is as follows,

    1. Export user certifcate to a file say, user.cer
    2. Remove the user cetificate from the ewallet.p12
    3. Import the user certifcate from the file which you created in the step 1.

    This should work smooth. HTH.

    Regards,
    Sinkar
    [From Ramesh Team]

Answers

  • 558353
    558353 Member Posts: 175
    edited Nov 24, 2008 5:11AM
    Hi,

    You may get this if you have the copy of user certifcate as an trusted entry. Please remove the trusted entry and try it out.


    Regards,
    Sinkar
    [From Ramesh Team]
    558353
  • Anuj Dwivedi--Oracle
    Anuj Dwivedi--Oracle Member Posts: 7,077 Employee
    Hi Sinkar,

    Thanks a lot for reply.

    I have checked it already and I do not have user certificate in trusted certificate list. But I have VeriSign's (who is the issuer) two certificate in trusted certificate list. Should I remove those?

    Thanks & Regards,
    Anuj Dwivedi
  • 558353
    558353 Member Posts: 175
    If VeriSign is the CA then you should retain it in the wallet as this is required for certificate chain validation as part of SSL. Just curious to know, how did you create a wallet and generated user certificate. This process may help us to understand things little deeper. Please send all the details over email and if possible attach you ewallet also.

    P.S. Please get Suhas help to reach us if anything urgent

    Thanks,
    Sinkar
    [From Ramesh Team]
    558353
  • Anuj Dwivedi--Oracle
    Anuj Dwivedi--Oracle Member Posts: 7,077 Employee
    Hi Sinkar,

    Suhas is busy in a call and I am not having your e-mail Id so I am replying back on thread itself. Please find below the process by which we created the wallet-

    As we have received the certificate in .pfx format from our client, we converted it into PKCS12 using below procedure-

    1. created an empty wallet using Orapki and converted it into PEM format using open-ssl.(say PEM1)

    2. converted the received PFX file into PEM format using open-ssl.(say PEM2)

    3. copied and pasted the content of PEM2 to PEM 1.

    4. converted PEM1 back to PKCS12 format using open-ssl.

    By following above procedure we created the wallet and same we are using.

    Cann't mail you the wallet because of privacy policy.

    Please help.

    Thanks & Regards,
    Anuj Dwivedi
  • 558353
    558353 Member Posts: 175
    Not sure, things might have gone wrong somewhere during the conversion. Please get the ewallet.p12 to us [email protected] and [email protected]
    558353
  • 633871
    633871 Member Posts: 57
    Hi Sinkar,

    Thanks for your reply. As of now we have converted that wallet into p12 format using Browser and renaming. I just wanted to ask that at other side should we import only our client's trust certificate or the entire chain (VeriSign's Two Cert+ Client Trust cert) ?
    I will test with this and update you the same.

    Thanks & Regards,
    Anuj Dwivedi
    633871
  • 558353
    558353 Member Posts: 175
    Answer ✓
    Hi,

    You may have to have the entire chain.

    One side note on the original issue reported - if you do conversion like this for some reason things doesn't work out well. The work around is as follows,

    1. Export user certifcate to a file say, user.cer
    2. Remove the user cetificate from the ewallet.p12
    3. Import the user certifcate from the file which you created in the step 1.

    This should work smooth. HTH.

    Regards,
    Sinkar
    [From Ramesh Team]
  • Anuj Dwivedi--Oracle
    Anuj Dwivedi--Oracle Member Posts: 7,077 Employee
    Hi Sinkar,

    It worked. Thank you so much for the help.
    I am very curious to know that why this exporting and importing is required.
    Thnaks again for your timely response and help.

    Warm Regards,
    Anuj Dwivedi
This discussion has been closed.