6 Replies Latest reply: Aug 9, 2013 5:09 PM by 1002644 RSS

    Calling HTTPS service from OSB

    863275
      We have a requirement where I need to invoke a HTTPS service from OSB ..the end system has given me 3 certificates ..

      I am receiving the below error when I invoke the backend service ..

      The invocation resulted in an error: [Security:090477]Certificate chain received from - (servername here ) was not trusted causing SSL handshake failure..



      Can some body tell me how can i use the 3 certificates provided by the end system while calling the HTTPS service from Business service..



      I created a single certificate file( AllCertificates.cer) with the contents of all the three certificates provided by the target system.I tried below commond assuming that we need to import the certificate into jdk so at runtime osb will check with jkd for certificate

      keytool -import -keystore C:\Oracle\Middleware\jdk160_24\jre\lib/security/cacerts -file C:\Oracle\Middleware\jdk160_24\jre\bin\mycertificates\AllCertificates.cer



      but i am still facing the same error..might be I am not doing it correctly or I am missing some more conifguration
        • 1. Re: Calling HTTPS service from OSB
          863275
          I think my scenario might be a simple one ..i jus want to know how to import the certifcate into OSB ..so that when Osb BS makes a HTTPS call to target service it will use the certificate so that i may not get the below error

          The invocation resulted in an error: [Security:090477]Certificate chain received from - (servername here ) was not trusted causing SSL handshake failure

          can some body let me know how can i do this
          • 2. Re: Calling HTTPS service from OSB
            687626
            Since you have selected to use jdk keystore as your trust keystore, you need to change the keystore setting in Admin console --> <OSB Server> --> keystore tab. Set Keystores to Custom Identity and Java Standard Trust.
            • 3. Re: Calling HTTPS service from OSB
              863275
              I resolved it already...thanks for your reply..

              I have a problem ,when i use the same java keystore which was updated with the target system certificate into SOAP UI its not wroking ..i went into preference->ssl setting and browsed to the java keystore and given the keystore password as changeit(which is the default one)
              one more question i have is ..when i want to configure keystore in a cluster environment do i need to configure it for both admin and managed severs or is that ok if we configure the Custom Identity and Java Standard Trust on admin server only.
              • 4. Re: Calling HTTPS service from OSB
                Abhinav
                Hi ,
                I order to import certificates into osb, you can create Service Key provider as a resource in your project folder to import your certificates and then click on the proxyservice, go to security tab and then browse to certificates location .
                But u need to create
                • PKI credential mapper provider configured in your security realm.Otherwise Service key provider management will be disabled.
                Configure a PKI credential mapper provider if you need service provider support.
                This is typically the case if you have Oracle Service Bus proxy services with web service security enabled or outbound 2-way SSL connections.


                Abhinav !!
                • 5. Re: Calling HTTPS service from OSB
                  687626
                  do i need to configure it for both admin and managed severs or is that ok if we configure the Custom Identity and Java Standard Trust on admin server only
                  in cluster you need to do only for the managed servers, admin is not required. This is because OSB code gets executed on the managed servers and not on admin server.
                  • 6. Re: Calling HTTPS service from OSB
                    1002644

                    Hi,

                     

                    I am also facing same issue .

                     

                    Here is the my requirement is also same (We have a requirement where I need to invoke a HTTPS service from OSB ..the end system has given me 3 certificates ..)

                     

                    Same as above mentioned  error only i am getting (The invocation resulted in an error: [Security:090477]Certificate chain received from - (servername here ) was not trusted causing SSL handshake failure..)

                     

                    1.Can you please guide me how to create a one certificate with the given 3 certificates . steps and keytool commands.

                     

                    2.Second point after changing to the given point (Admin console --> <OSB Server> --> keystore tab. Set Keystores to Custom Identity and Java Standard Trust.)


                    Changed Keystores as :- Custom Identity and Java Standard Trust

                    Under Identity
                    -------------------------
                    Custom Identity KeyStore:

                    Custom Identity KeyStore Type:

                    Custom Identity KeyStore PassPhrase:

                    Confirm Custom Identity KeyStore PassPhrase:
                    ---------------------------------------

                    Under Trust

                    -------------------------------------

                    Java Standard Trust KeyStore: C:\ORACLE~1\MIDDLE~1\JDK160~1\jre\lib\security\cacerts

                    Java Standard Trust KeyStore Type:jks

                    Java Standard Trust KeyStore PassPhrase:

                    Confirm Java Standard Trust KeyStore PassPhrase:
                    ---------------------------------------

                    Java Standard Trust KeyStore: C:\ORACLE~1\MIDDLE~1\JDK160~1\jre\lib\security\cacerts
                    Java Standard Trust KeyStore Type: jks

                    are already filled with  the above values

                    Can you please let me know what are the values need to be entered in IDENTITY and TRUST for the rest of the values?

                    Regards,
                    Sri.