XML Gateway Outbound POXML Shows Error: Java.security.cert.CertificateException Invalid Signatures After Configuring JDK Truststore With SHA2 SSL certificate Using IBM AIX Java (Doc ID 2003001.1)

Last updated on SEPTEMBER 30, 2016

Applies to:

Oracle XML Gateway - Version 11.5.10.4 to 12.2.4 [Release 11.5.10 to 12.2]
Information in this document applies to any platform.

Symptoms

The PO XML delivery is failing during SHA2 type SSL certificate authentication where the XML Gateway Transaction monitor shows the following error:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid signatures

 

The SSL Debug log shows:

Keystore type: jks
Keystore provider: IBMJCE

15/04/15 10:39:32 %% Invalidated:  [Session-7, SSL_RSA_WITH_RC4_128_SHA]
15/04/15 10:39:32 Thread-49, SEND TLSv1 ALERT:  fatal, description = certificate_unknown
15/04/15 10:39:32 Thread-49, WRITE: TLSv1 Alert, length = 2
15/04/15 10:39:32 Thread-49, called closeSocket()
15/04/15 10:39:32 Thread-49, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid signatures

 

Changes

The oc4j.properties was changed to point the java clients (such as OXTA) to a new jdk truststore.  This was to facilitate the SHA2 SSL certificate for the trading partner. 

These were the changes made:
javax.net.ssl.trustStoreType=JKS
javax.net.ssl.trustStore=$OA_JRE/TOP/lib/security/server.jks
javax.net.ssl.trustStorePassword=welcome
--- these are example truststore names / passwords 

The certificates were imported into the new trust store and the oafm services restarted.  

 

 

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms