'WSM-00138 : The path to the certificate is invalid' when using WSS-X509 policy (Doc ID 2324781.1)

Last updated on MAY 15, 2023

Applies to:

Symptoms

Troubles exposing service through a WSS-X509 policy

When exposing a service through a WSS-X509 policy. We were given a key store which contained the x509 certificate to use, but after the configuration is done the following error occurs:

ERROR
-----------------------
WSM-00138

STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1.The certificates contained in the keystore provided were imported to DemoIdentity.jks and DemoTrust.jks
2.We import the CA_Entrust to jks provided as in the same way to DemoIdentity.jks and the DemoTrust.jks
3.CA_Entrust imported to /u01/jdk1.7.0_101/jre/lib/security/cacerts/
4.creation of the key for the jks provided in the Enterprise Manager
5.Keystore Configuration in EM is assigned codepde.jks (alias: codepde password: codepde)
6.the following policies were created in the Enterprise Manager for the webservice:
  oracle/wss10_x509_token_with_message_protection_service_policy_Copy
  oracle/wss10_x509_token_with_message_protection_client_policy_Copy
7.Assigning key codepde in keystore.sig.csf.key to the created policies.
8.Definition of keystore to OSB servers
  Identity: DemoIdentity-jks
  Trust: DemoTrust.jks
9.SSL configuration to OSB servers by assigning private key to DemoIdentity
10.Web Server Security Configuration
  Changing the variable of UseX509ForIdentity property to TRUE
11.Creation of Credential Mapping TestPKI by assigning DemoTrust.jks data
12.Weblogic IDefaultIdentity Assertion setting on the DefaultIdentityAsserter was enabled for the use of x509, Default user mapper type CN
13.setting the oracle / wss10_x509_token_with_message_protection_service_policy_Copy Policy to the Proxy Service

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.