9 Replies Latest reply: Mar 15, 2013 5:58 AM by raghu katta RSS

    Certificate chain Error in JCS

    raghu katta
      Hi All,

      We deployed one of our product in cloud and got the following error.

      "Error Message: [Security:090504]Certificate chain received from crm-aufsn4x0iwf.oracleoutsourcing.com - 216.131.132.246 failed hostname verification check. Certificate contained *.oracleoutsourcing.com but check expected crm-aufsn4x0iwf.oracleoutsourcing.com"

      Please suggest us what could be wrong in my code.

      Thanks&Regards,
      Raghu
        • 1. Re: Certificate chain Error in JCS
          anandk
          Hi,

          We are trying to investigate this issue. Meanwhile, can you tell us more on when do you see the error? Is this a web-service call? Is it possible to provide the log file?

          thanks,
          -Anand.
          • 2. Re: Certificate chain Error in JCS
            anandk
            Also would it be possible to provide us the actual endpoint you are trying to access? Just the URL is sufficient at this point.

            Thanks,
            -Anand.
            • 3. Re: Certificate chain Error in JCS
              raghu katta
              Hi Anand,

              Thanks for your response. Yes it is a web service call. We are consuming fusion crm web services. We have taken the error message which we have shared earlier from the cloud loggers. We are using soap web services.

              Thanks&Regards,
              Raghu
              • 4. Re: Certificate chain Error in JCS
                raghu katta
                Hi Anand,

                Here is the end point URL for your reference.

                https://crm-aufsn4x0iwf.oracleoutsourcing.com:443/foundationParties/PersonService

                Thanks&Regards,
                Raghu
                • 5. Re: Certificate chain Error in JCS
                  anandk
                  Thanks. I have my developers looking into this. I will keep you posted.

                  Thanks,
                  -Anand.
                  • 6. Re: Certificate chain Error in JCS
                    anandk
                    Hi Raghu,

                    Quick question, what web-service security policy are you using?

                    thanks,
                    -Anand.
                    • 7. Re: Certificate chain Error in JCS
                      raghu katta
                      Hi Anand,

                      We are not using any security policys. To consume web service we are using the following code.

                      URL serviceurl = new java.net.URL(
                                               "endpoint url");
                      String authorization = new sun.misc.BASE64Encoder()
                                               .encode(("username" + ":" + "password").getBytes());
                      URLConnection wsConnection = serviceurl.openConnection();
                      wsConnection.setUseCaches(false);
                      wsConnection.setRequestProperty("Content-Type", "text/xml");
                                     wsConnection.setRequestProperty("Authorization", "Basic "
                                               + authorization);

                      Please let me know if you need more information. We have been working on this since 2 months. Please suggest solution as early as possible. Thanks in advance.

                      Thanks&Regards,
                      Raghu
                      • 8. Re: Certificate chain Error in JCS
                        anandk
                        Hi Raghu,

                        We tried your code, and unfortunately we are not able to reproduce. Firs,t are you sure that this is the exact code that you have deployed. The sun.misc.* is blacklisted API. So I am surprised that the you don't see an access denied on that API use. So can you please re-check.

                        I took your code, removed the sun.misc.* usage and create a simple test app. It has a text box to paste your URL. The code uses that URL to open the connection just the way you have here. I don't see the certificate chain error. Instead I see access error, obviously because I dont have the credentials to invoke the service endpoint.

                        I have hosted the app here -- https://java-trialabwe.java.us1.oraclecloudapps.com/url

                        Would it be possible to give us a simple reproducer app? If possible, upload somewhere and send me a link. Here is my code snippet.

                        URL serviceurl = new java.net.URL(url);
                        URLConnection wsConnection = serviceurl.openConnection();
                        wsConnection.setUseCaches(false);
                        wsConnection.setRequestProperty("Content-Type", "text/xml");
                        in = wsConnection.getInputStream();
                        BufferedReader br = new BufferedReader(new InputStreamReader(in));
                        String line = br.readLine();
                        while (line != null) {
                        out.write(line);
                        line = br.readLine();
                        }

                        Thanks,
                        -Anand.
                        • 9. Re: Certificate chain Error in JCS
                          raghu katta
                          Hi Anand,

                          Thanks for your quick response. I just want to alter my question. Sorry for that. We are using the code which we have shared in the last thread. sun.misc.* package is also used. In cloud this code is throwing "access denied (java.lang.RuntimePermission accessClassInPackage.sun.misc)".

                          Same code when we deploy in OEPE, its throwing exception " [Security:090504]Certificate chain received from crm-aufsn4x0iwf.oracleoutsourcing.com - 216.131.132.246 failed hostname verification check. Certificate contained *.oracleoutsourcing.com but check expected crm-aufsn4x0iwf.oracleoutsourcing.com" .

                          Same code in normal eclipse,tomcat server is working fine with out errors.

                          To summarise,

                          1) what is the alternate package for sun.misc.BASE64Encoder().encode() and it should support oracle cloud?

                          2) Once the above issue fixed we may get OEPE error "certificate chain issue". How to resolve this issue if we get this error?

                          3) We are not using any security policy related code in consuming fusion crm web services? is there any specific code for this in java?

                          4) Do we need to install/configure any security certificate in Oracle cloud?

                          I really thank for your effort in solving this issue.

                          Thanks&Regards,

                          Raghu