"Server Certificate not trusted" error when Publishing a service to Discovery Registry. Is Host Name Verification Occurring? (Doc ID 1490976.1)

Last updated on FEBRUARY 24, 2017

Applies to:

Oracle Service Registry - Version 11.1.1.2.0 and later
Information in this document applies to any platform.

Symptoms

Updated the SSL Certificate used in OSR Publication and Discovery Registries.
Now, when trying to promote services from Publication Registry to Discovery Registry, in the Publication Registry log file, the following is seen:

 "Server Certificate not trusted"

The certificate that is not trusted is that of the one updated in the Discovery Registry.

The documentation has been followed from the OSR Install guide with regards to the changing of the certificates.  

The following steps were performed:

In the Publication Registry -
 
1. Updated the pstore.xml in the $INSTALL_HOME/conf/pstore.xml with the PStoreTool utility found in the $INSTALL_HOME/bin directory, where $INSTALL_HOME represents the installation location specified during the installation of OSR.
2. Updated the same pstore.xml file where .war has been exploded under ..../war/conf/pstore.xml.
3. The WLS Managed Server Keystore and SSL tabs on the Weblogic Console have been updated with the new certificate used.

In the Discovery Registry-
 
1. No changes were made to the pstore.xml files, as there was no reference to default WLS keys in these files.
2. The WLS Managed Server Keystore and SSL tabs have been updated with the new certificate used.

Also, it may be worth noting that the new certificates do not have a CN that agrees with the host name of the servers on which they are being used.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms