My Oracle Support Banner

XML Gateway Outbound SSL Handshake Fails With Error 'ecx.oxta.SSLConnection.getSSLConnection]:Handshake Failed Invalid signatures' when using SHA2 certificates (Doc ID 2042654.1)

Last updated on FEBRUARY 17, 2023

Applies to:

Oracle XML Gateway - Version to 12.2.4 [Release 11.5.10 to 12.2]
Oracle E-Business Suite Technology Stack - Version to 12.2.4 [Release 11.5.10 to 12.2]
Information in this document applies to any platform.


E-Business Suite XML Gateway, XML Gateway Install, Design, Transport, and Setup related issues





 XML Gateway transactions fail for outbound transmissions with the following SSL handshake error:

ecx.oxta.SSLConnection.getSSLConnection]:Handshake Failed Invalid signatures

The XML gateway configuration files point to  the default SSO SSL certificate truststore which is not intended to handle SHA2 certificates prior to version   

This can also happen with iProcurement punchout if autocreate to POXML is used,  but this is not a punchout configuration.  

The XML Gateway uses a different certificate truststore from iProcurement. 


A trading partner or supplier renewed a certificate and the certificate used the SHA2 algorithm and TLS authentication.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 Requirements for EBS 12.2:
 NEW Requirements for EBS 12.1.3:
 Requirements for 11.5.10:

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.