E-IB: After Enabling SNI for SCM e-Pro's PunchOut Service for One Vendor, a Different PunchOut Vendor Returns an "Untrusted Server Certificate Chain" Error
(Doc ID 3000563.1)
Last updated on FEBRUARY 01, 2024
Applies to:
PeopleSoft Enterprise PT PeopleTools - Version 8.58 and laterInformation in this document applies to any platform.
Symptoms
Site has FSCM eProcument's "PunchOut" functionality working for multiple vendors. One vendor (call it Vendor 1) began using SNI.
After enabling SNI in the Integration Broker (IB) integrationGateway.properties file, PunchOut continued to work successfully for all vendors, except one (call it Vendor 2).
PunchOut requests to Vendor 2 began failing with the errors shown below. These errors were found in the IB errorLog.html.
___________________________________________________________________________
HttpTargetConnector:ExternalSystemContactException Untrusted Server Certificate Chain
javax.net.ssl.SSLHandshakeException: Untrusted Server Certificate Chain
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:376)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:319)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:478)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:456)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:199)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1383)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1296)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:416)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:388)
at psft.pt8.pshttp.https.HttpsClient.doConnect(HttpsClient.java:248)
at psft.pt8.pshttp.https.HttpClient.openServer(HttpClient.java:402)
at psft.pt8.pshttp.https.HttpClient.openServer(HttpClient.java:520)
at psft.pt8.pshttp.https.HttpClient.(HttpClient.java:341)
at psft.pt8.pshttp.https.HttpsClient.(HttpsClient.java:78)
at psft.pt8.pshttp.https.HttpsClient.newClient(HttpsClient.java:134)
at psft.pt8.pshttp.https.HttpsClient.newClient(HttpsClient.java:102)
at psft.pt8.pshttp.https.HttpsURLConnection.connect(HttpsURLConnection.java:488)
at psft.pt8.pshttp.https.HttpsURLConnection.getOutputStream(HttpsURLConnection.java:534)
at psft.pt8.pshttp.PSHttp.createOutputStream(PSHttp.java:397)
at psft.pt8.pshttp.PSHttp.send(PSHttp.java:387)
...
Steps to replicate:
1. Set up the PunchOut integration with 3rd party vendor (Vendor1) that is using SNI, and another with a different 3rd party vendor (Vendor 2) that has just begun using SNI.
2. Perform the necessary steps so the PunchOut request message is sent to Vendor2.
3. Open the errorLog.html, and observe the errors above.
Sample Environment:
PeopleTools 8.59.13
FSCM 9.20
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| References |