My Oracle Support Banner

XML Gateway Outbound POXML Shows Error: Invalid Signatures After Configuring JDK Truststore With SHA2 SSL certificate Using IBM AIX Java (Doc ID 2003001.1)

Last updated on FEBRUARY 23, 2019

Applies to:

Oracle XML Gateway - Version to 12.2.4 [Release 11.5.10 to 12.2]
Information in this document applies to any platform.


The PO XML delivery is failing during SHA2 type SSL certificate authentication where the XML Gateway Transaction monitor shows the following error: Invalid signatures


The SSL Debug log shows:

Keystore type: jks
Keystore provider: IBMJCE

15/04/15 10:39:32 %% Invalidated:  [Session-7, SSL_RSA_WITH_RC4_128_SHA]
15/04/15 10:39:32 Thread-49, SEND TLSv1 ALERT:  fatal, description = certificate_unknown
15/04/15 10:39:32 Thread-49, WRITE: TLSv1 Alert, length = 2
15/04/15 10:39:32 Thread-49, called closeSocket()
15/04/15 10:39:32 Thread-49, handling exception: Invalid signatures



The was changed to point the java clients (such as OXTA) to a new jdk truststore.  This was to facilitate the SHA2 SSL certificate for the trading partner. 

These were the changes made:$OA_JRE/TOP/lib/security/server.jks
--- these are example truststore names / passwords 

The certificates were imported into the new trust store and the oafm services restarted.  





To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.