My Oracle Support Banner

XML Gateway Outbound SSL Handshake Fails With Error 'ecx.oxta.SSLConnection.getSSLConnection]:Handshake Failed :java.security.cert.CertificateException: Invalid signatures' when using SHA2 certificates (Doc ID 2042654.1)

Last updated on FEBRUARY 16, 2018

Applies to:

Oracle XML Gateway - Version 11.5.10.2 to 12.2.4 [Release 11.5.10 to 12.2]
Oracle E-Business Suite Technology Stack - Version 11.5.10.2 to 12.2.4 [Release 11.5.10 to 12.2]
Information in this document applies to any platform.

Symptoms

E-Business Suite XML Gateway, XML Gateway Install, Design, Transport, and Setup related issues

 XML Gateway transactions fail for outbound transmissions with the following SSL handshake error:

ecx.oxta.SSLConnection.getSSLConnection]:Handshake Failed :java.security.cert.CertificateException: Invalid signatures


The XML gateway configuration files point to  the default SSO SSL certificate truststore which is not intended to handle SHA2 certificates prior to version 10.1.3.5.   

This can also happen with iProcurement punchout if autocreate to POXML is used,  but this is not a punchout configuration.  

The XML Gateway uses a different certificate truststore from iProcurement. 

Changes

A trading partner or supplier renewed a certificate and the certificate used the SHA2 algorithm and TLS authentication.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.