XML Gateway Outbound SSL Handshake Fails With Error 'ecx.oxta.SSLConnection.getSSLConnection]:Handshake Failed :java.security.cert.CertificateException: Invalid signatures' when using SHA2 certificates

(Doc ID 2042654.1)

Last updated on SEPTEMBER 13, 2016

Applies to:

Oracle XML Gateway - Version 11.5.10.2 to 12.2.4 [Release 11.5.10 to 12.2]
Oracle Applications Technology Stack - Version 11.5.10.2 to 12.2.4 [Release 11.5.10 to 12.2]
Information in this document applies to any platform.

Symptoms

E-Business Suite, XML Gateway

 XML Gateway fails for outbound transmission with the following SSL handshake error:

ecx.oxta.SSLConnection.getSSLConnection]:Handshake Failed :java.security.cert.CertificateException: Invalid signatures


The XML gateway configuration files point to  the default SSO SSL certificate truststore which is not intended to handle SHA2 certificates prior to version 10.1.3.5.   

 This can also happen in conjunction with iProcurement punchout if autocreate to POXML is used,  but this is not a punchout configuration.   The XML Gateway uses a different certificate truststore from iProcurement. 

Changes

A trading partner or supplier renewed a certificate and the certificate used the SHA2 algorithm and TLS authentication. 

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms