'WSM-00138 : The path to the certificate is invalid' when using WSS-X509 policy
(Doc ID 2324781.1)
Last updated on MAY 15, 2023
Applies to:Oracle Service Bus - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
Troubles exposing service through a WSS-X509 policy
When exposing a service through a WSS-X509 policy. We were given a key store which contained the x509 certificate to use, but after the configuration is done the following error occurs:
The issue can be reproduced at will with the following steps:
1.The certificates contained in the keystore provided were imported to DemoIdentity.jks and DemoTrust.jks
2.We import the CA_Entrust to jks provided as in the same way to DemoIdentity.jks and the DemoTrust.jks
3.CA_Entrust imported to /u01/jdk1.7.0_101/jre/lib/security/cacerts/
4.creation of the key for the jks provided in the Enterprise Manager
5.Keystore Configuration in EM is assigned codepde.jks (alias: codepde password: codepde)
6.the following policies were created in the Enterprise Manager for the webservice:
7.Assigning key codepde in keystore.sig.csf.key to the created policies.
8.Definition of keystore to OSB servers
9.SSL configuration to OSB servers by assigning private key to DemoIdentity
10.Web Server Security Configuration
Changing the variable of UseX509ForIdentity property to TRUE
11.Creation of Credential Mapping TestPKI by assigning DemoTrust.jks data
12.Weblogic IDefaultIdentity Assertion setting on the DefaultIdentityAsserter was enabled for the use of x509, Default user mapper type CN
13.setting the oracle / wss10_x509_token_with_message_protection_service_policy_Copy Policy to the Proxy Service
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document