XML Gateway Outbound SSL Handshake Fails With Error 'ecx.oxta.SSLConnection.getSSLConnection]:Handshake Failed :java.security.cert.CertificateException: Invalid signatures' when using SHA2 certificates

(Doc ID 2042654.1)

Last updated on SEPTEMBER 13, 2016

Applies to:

Oracle XML Gateway - Version to 12.2.4 [Release 11.5.10 to 12.2]
Oracle Applications Technology Stack - Version to 12.2.4 [Release 11.5.10 to 12.2]
Information in this document applies to any platform.


E-Business Suite, XML Gateway

 XML Gateway fails for outbound transmission with the following SSL handshake error:

ecx.oxta.SSLConnection.getSSLConnection]:Handshake Failed :java.security.cert.CertificateException: Invalid signatures

The XML gateway configuration files point to  the default SSO SSL certificate truststore which is not intended to handle SHA2 certificates prior to version   

 This can also happen in conjunction with iProcurement punchout if autocreate to POXML is used,  but this is not a punchout configuration.   The XML Gateway uses a different certificate truststore from iProcurement. 


A trading partner or supplier renewed a certificate and the certificate used the SHA2 algorithm and TLS authentication. 



Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms