XML Gateway Outbound POXML Shows Error: Java.security.cert.CertificateException Invalid Signatures After Configuring JDK Truststore With SHA2 SSL certificate Using IBM AIX Java

(Doc ID 2003001.1)

Last updated on SEPTEMBER 30, 2016

Applies to:

Oracle XML Gateway - Version to 12.2.4 [Release 11.5.10 to 12.2]
Information in this document applies to any platform.


The PO XML delivery is failing during SHA2 type SSL certificate authentication where the XML Gateway Transaction monitor shows the following error:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid signatures


The SSL Debug log shows:

Keystore type: jks
Keystore provider: IBMJCE

15/04/15 10:39:32 %% Invalidated:  [Session-7, SSL_RSA_WITH_RC4_128_SHA]
15/04/15 10:39:32 Thread-49, SEND TLSv1 ALERT:  fatal, description = certificate_unknown
15/04/15 10:39:32 Thread-49, WRITE: TLSv1 Alert, length = 2
15/04/15 10:39:32 Thread-49, called closeSocket()
15/04/15 10:39:32 Thread-49, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid signatures



The oc4j.properties was changed to point the java clients (such as OXTA) to a new jdk truststore.  This was to facilitate the SHA2 SSL certificate for the trading partner. 

These were the changes made:
--- these are example truststore names / passwords 

The certificates were imported into the new trust store and the oafm services restarted.  





Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms