3 Replies Latest reply on Oct 10, 2008 4:53 PM by 652358

    Issue with Digital Certificates

    652358
      Has Anyone encountered this error before?
      We bought a certificate from Verisign and used it to get our TP certificate. Then i imported the TP Cert as Trusted Cert into Oracle B2B Default wallet. I have the bought Verisign Cert as user certificate
      Then i configured the B2B setups to use the secure channel but i get the following.
      -Codean

      2008.10.08 at 21:48:37:058: Thread-10: B2B - (ERROR) java.security.cert.CertificateParsingException: signed overrun, bytes = 67
           at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1662)
           at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:173)
           at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:90)
           at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:389)
           at oracle.tip.adapter.b2b.utility.Utility.getX509Certificate(Utility.java:1743)
           at oracle.tip.adapter.b2b.packaging.SmimeSecureMessaging.sign(SmimeSecureMessaging.java:961)
           at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.createSignedMimeBodyPart(MimePackaging.java:392)
           at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.applySecurity(MimePackaging.java:1699)
           at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.createMimeMessage(MimePackaging.java:262)
           at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.pack(MimePackaging.java:110)
           at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequestPostColab(Request.java:1165)
           at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequest(Request.java:701)
           at oracle.tip.adapter.b2b.engine.Engine.processOutgoingMessage(Engine.java:832)
           at oracle.tip.adapter.b2b.data.MsgListener.onMessage(MsgListener.java:531)
           at oracle.tip.adapter.b2b.data.MsgListener.run(MsgListener.java:344)
           at java.lang.Thread.run(Thread.java:534)

      2008.10.08 at 21:48:37:059: Thread-10: B2B - (ERROR) Error -: AIP-51083: General failure creating S/MIME digital signature: java.security.cert.CertificateParsingException: signed overrun, bytes = 67
           at oracle.tip.adapter.b2b.packaging.SmimeSecureMessaging.sign(SmimeSecureMessaging.java:1054)
           at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.createSignedMimeBodyPart(MimePackaging.java:392)
           at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.applySecurity(MimePackaging.java:1699)
           at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.createMimeMessage(MimePackaging.java:262)
           at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.pack(MimePackaging.java:110)
           at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequestPostColab(Request.java:1165)
           at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequest(Request.java:701)
           at oracle.tip.adapter.b2b.engine.Engine.processOutgoingMessage(Engine.java:832)
           at oracle.tip.adapter.b2b.data.MsgListener.onMessage(MsgListener.java:531)
           at oracle.tip.adapter.b2b.data.MsgListener.run(MsgListener.java:344)
           at java.lang.Thread.run(Thread.java:534)
      Caused by: java.security.cert.CertificateParsingException: signed overrun, bytes = 67
           at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1662)
           at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:173)
           at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:90)
           at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:389)
           at oracle.tip.adapter.b2b.utility.Utility.getX509Certificate(Utility.java:1743)
           at oracle.tip.adapter.b2b.packaging.SmimeSecureMessaging.sign(SmimeSecureMessaging.java:961)
           ... 10 more

      2008.10.08 at 21:48:37:060: Thread-10: B2B - (ERROR) Error -: AIP-51083: General failure creating S/MIME digital signature
           at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.createSignedMimeBodyPart(MimePackaging.java:434)
           at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.applySecurity(MimePackaging.java:1699)
           at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.createMimeMessage(MimePackaging.java:262)
           at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.pack(MimePackaging.java:110)
           at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequestPostColab(Request.java:1165)
           at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequest(Request.java:701)
           at oracle.tip.adapter.b2b.engine.Engine.processOutgoingMessage(Engine.java:832)
           at oracle.tip.adapter.b2b.data.MsgListener.onMessage(MsgListener.java:531)
           at oracle.tip.adapter.b2b.data.MsgListener.run(MsgListener.java:344)
           at java.lang.Thread.run(Thread.java:534)

      2008.10.08 at 21:48:37:060: Thread-10: B2B - (ERROR) Error -: AIP-51083: General failure creating S/MIME digital signature: Error -: AIP-51083: General failure creating S/MIME digital signature: java.security.cert.CertificateParsingException: signed overrun, bytes = 67
           at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.createSignedMimeBodyPart(MimePackaging.java:434)
           at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.applySecurity(MimePackaging.java:1699)
           at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.createMimeMessage(MimePackaging.java:262)
           at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.pack(MimePackaging.java:110)
           at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequestPostColab(Request.java:1165)
           at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequest(Request.java:701)
           at oracle.tip.adapter.b2b.engine.Engine.processOutgoingMessage(Engine.java:832)
           at oracle.tip.adapter.b2b.data.MsgListener.onMessage(MsgListener.java:531)
           at oracle.tip.adapter.b2b.data.MsgListener.run(MsgListener.java:344)
           at java.lang.Thread.run(Thread.java:534)
      Caused by: Error -: AIP-51083: General failure creating S/MIME digital signature: java.security.cert.CertificateParsingException: signed overrun, bytes = 67
           at oracle.tip.adapter.b2b.packaging.SmimeSecureMessaging.sign(SmimeSecureMessaging.java:1054)
           at oracle.tip.adapter.b2b.packaging.mime.MimePackaging.createSignedMimeBodyPart(MimePackaging.java:392)
           ... 9 more
      Caused by: java.security.cert.CertificateParsingException: signed overrun, bytes = 67
           at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1662)
           at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:173)
           at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:90)
           at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:389)
           at oracle.tip.adapter.b2b.utility.Utility.getX509Certificate(Utility.java:1743)
           at oracle.tip.adapter.b2b.packaging.SmimeSecureMessaging.sign(SmimeSecureMessaging.java:961)
           ... 10 more
        • 1. Re: Issue with Digital Certificates
          652358
          Quick Gist of steps taken
          1. Created a Certificate Request
          2. Exported it to a file
          3. Sent this to CA and got it signed
          4. Imported the signed certificate as user certificate
          5. Exported this to file HOST.cer
          6. Saved and exported the Wallet to C:\Certs\wallet.txt
          7. Changed tip.props and added the correct wallet location only up to the folder file:C:\\Certs
          8. Configured B2B Host to use HOST.cer file for encryption

          Did the similar thing on the Dummy Remote TP setup as well.
          • 2. Re: Issue with Digital Certificates
            Ramesh Nittur Anantharamaiah-Oracle
            As discussed , make sure it is valid cert from the expiry perspective.
            • 3. Re: Issue with Digital Certificates
              652358
              Following are the outline steps that you have to do for using certificate. I assume that you have setup a simple B2B channel without certificates that is working

              1. Create a New Wallet / Open and existing wallet using Oracle Wallet Manager
              2. Set AutoLogin Mode
              3. Create a Certificate Request giving in the necessary Details
              4. Export the request to a file and send the File to CA Auth to get signed. (This could be a third party or another in house signing auth)
              5. Get the Signed Certificate and import it into wallet as a User Certificate. (Verify that the Cert Req now becomes 'ready')
              6. If you are using an internal CA Auth then you would also need to get the CA Cert and import it as a Trusted Certificate
              7. If you are using a Third Party CA Auth which is not already Trusted then get the CA Cert and import it as Trusted Certificate
              8. Export the User Certificate to a file.
              9. Most TP would take your Certificate and give you theirs in exchange. So do that.
              10. Import the TP certificate as a trusted certificate.
              11. Now you have two trusted certificates in your wallet and one user certificate. Save and Export the wallet to a file say ewallet.p12
              12. Copy this file in your B2B installation under 'B2B_HOME'/Apache/Apache/conf/ssl.wlt/default
              13. Add the following line to tip.properties (change appropriately to point to your install directory)
              oracle.tip.adapter.b2b.WalletLocation = file:C:\\product\\10.1.3.1\\as_b2b\\Apache\\Apache\\conf\\ssl.wlt\\default
              14. Create Certificates on the Trading Partners screen in B2B for both Host and remote TP using the corresponding certificates
              15. Create a new Secure Channel for both the TPs [ trading partners > Capabilities > Create Communication Capability]
              16. Set Non Repudiation of Origin, Receipt and Encryption to True
              17. In Doc Ex select the Certificates you configure with appropriate values of Digital Envelope and Signature
              18. Create a new agreement with these new channel for the Host and Remote TP

              Once you deploy this new agreement you should be using the new secure channel for data transfer.