Can not deploy SOA composite with SSL External Web Service Partner Link (Doc ID 1345684.1)

Last updated on JULY 13, 2017

Applies to:

Oracle Fusion Application Toolkit - Version 11.1.1.5.1 and later
Information in this document applies to any platform.
***Checked for relevance on 01-03-2013***
***Checked for relevance on 11-08-2014***

Symptoms

Users built a composite CallGetPerson2 with a BPEL process and adjusted input and output with types from getperson.xsd.  This project built and deployed successfully from JDeveloper.

The partner link to the Fusion web service PersonService was added without any invocation . The WSDL is https://<host><domain>/foundationParties/PersonService?WSDL. 


The deployment of the project with the partner link errors with the message below.

There was an error deploying the composite on soa_server1: Update Failed: Unable to find a WSDL that has a definition for service {http://xmlns.xyz.org/customer/person/getperson}getperson2_client_ep and port GetPerson2_pt. Please make sure that the port attribute for the binding defined in the composite file is correct by checking the namespace, service name, and port name. In addition, check that the WSDL associated with the binding namespace is imported and currently reachable (check the import nodes at the top of the composite file). Finally, validate the HTTP proxy settings for the server..


Users tried to correct the error by making local copy of the target WSDL file in the BPEL project.  When creating the web service partner link in the composite, using the wizard, the option "Copy WSDL and its dependent artifacts into the project" was checked. 

When the project was deployed via JDeveloper the following error displayed.


[03:21:25 PM] Error deploying archive sca_FusionGetPerson_rev1.0.jar to partition "default" on server soa_server1 [http://<host><domain>:<port>]
[03:21:25 PM] HTTP error code returned [500]
[03:21:25 PM] Error message from server:
There was an error deploying the composite on soa_server1: Deployment Failed: Unable to register service..

[03:21:25 PM] Check server log for more details.
[03:21:25 PM] Error deploying archive sca_FusionGetPerson_rev1.0.jar to partition "default" on server soa_server1 [http://<host><domain>:<port>]
[03:21:25 PM] #### Deployment incomplete. ####
[03:21:25 PM] Error deploying archive file:/D:/oracle/Middleware/jdev_111150/jdeveloper/SOA_APP2/FusionGetPerson/deploy/sca_FusionGetPerson_rev1.0.jar
(oracle.tip.tools.ide.fabric.deploy.common.SOARemoteDeployer)


The SOA Server Log contained the errors below.


[2011-08-01T15:05:02.676-04:00] [soa_server1] [ERROR] [SOA-20003] [oracle.integration.platform] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: 4496859cf93daf8e:-72e034ce:13104da79e8:-8000-00000000002af06e,0] [APP: soa-infra] Unable to register service.[[
oracle.webservices.provider.ProviderException: oracle.webservices.mdds.MddsException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at oracle.j2ee.ws.server.provider.ProviderConfigImpl.addService(ProviderConfigImpl.java:455)
...
....

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
....
...

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
...


The user logged into the Web Logic Server console. Environment --> Servers--> Admin Server --> was selected.  The Debug tab was chosen  and "weblogic" --->"Deploy" was expanded.    All debug flags under deploy were enabled. After running the deploy again from JDeveloper, the following message was observed in the SOA log.


javax.naming.NamingException: javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://[host]:[port] Destination unreachable; nested exception is:
javax.net.ssl.SSLKeyException: [Security:090542]Certificate chain received from [host] was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.; No available router to destination]



Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms