[Security:090477]Certificate chain received from yourhost – ip was not trusted causing SSL handshake failure

Issue:

OSB server has a proxy service which need to callout to another WS over ssl, and got the following issue.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <soapenv:Fault>
         <faultcode>soapenv:Server</faultcode>
         <faultstring>BEA-380000: General runtime error: [Security:090477]Certificate chain received from yourhost - ip was not trusted causing SSL handshake failure.</faultstring>
         <detail>
            <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
               <con:errorCode>BEA-380000</con:errorCode>
               <con:reason>General runtime error: [Security:090477]Certificate chain received from yourhost - ip was not trusted causing SSL handshake failure.</con:reason>
               <con:location>
                  <con:node>PipelinePairNode1</con:node>
                  <con:pipeline>PipelinePairNode1_request</con:pipeline>
                  <con:stage>stage1</con:stage>
                  <con:path>request-pipeline</con:path>
               </con:location>
            </con:fault>
         </detail>
      </soapenv:Fault>
   </soapenv:Body>
</soapenv:Envelope>

 

Solution:

need to import the certificate of yourhost to the OSB server.

1. to get the certificate, using browser browse the WSDL through https protocol and save the certificate file of the site.

2. using the following command to import certificate file saved from step 1 to truststore of weblogic.

keytool -import -v -noprompt -trustcacerts -alias rootcacert -file rootCA.cer -keystore /opt/bea/OSB1031_64/wlserver_1031_64/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase

keytool -list -v -keystore /opt/bea/OSB1031_64/wlserver_1031_64/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase

Trust store location %ORACLE_HOME%/weblogic/wlserver_10.3/ server/lib/DemoTrust.jks


Trust store password DemoTrustKeyStorePassPhrase


Key store location %ORACLE_HOME%/weblogic/wlserver_10.3/ server/lib/DemoIdentity.jks


Key store password DemoIdentityKeyStorePassPhrase


Private key password DemoIdentityPassPhrase

How to SCP a path with spaces

These instructions are assuming you're connecting from a unix-like system to a unix-like system (eg Linux or OSX).

scp -r myserver.com:"/path/with/a/Space\\ In\\ It" ./

This basically says "recursively copy the folder at myserver.com (using the local username) to the current folder using scp". Now the spaces need to be double escaped as the first escape only signifies that they're spaces on the LOCAL machine - by the time they got to the remote machine, they wouldn't be escaped anymore. By double escaping them locally, by the time the path makes it to the remote machine they are just single escaped.

Authentication denied: Boot identity not valid

goto $domaindir/config/ and check config.xml to the 


security-configuration/realm/sec:authentication-provider 
    xsi:type='wls:default-authenticatorType"
    xsi:type='wls:sql-authenticatorType"



security-configuration/realm/sec:authentication-provide/sec:control-flag

if the authentication-provider is default-authenticatorType then follow the following steps:
1: remove the boot.properties file completely from the managed server directory.
2: remove the ManagedServerDir/data/ldap directory completely.


if it is SQL then need to make sure if you have correctly set the database config to connect:


xpath to check: security-configuration/realm/sec:rdbms-security-store>
   to config username, password-encrypted (db password), connection-url, driver-name, connection-properties

WlwRuntimeAppScopedJMS#MSG_BUFFER_TOPIC

CR376380 
Please review: http://download.oracle.com/docs/cd/E13155_01/wlp/docs103/relnotes/relnotes.html

CR376380

A harmless warning is thrown by Message Driven Beans once during deployment in the WebLogic Portal Sample Application
The Message Driven Beans throw the following warnings when the deployer can’t obtain distribute destination information:
Message-DrivenEJB: MessageBufferTopicBean is unable to connect to the JMS destination: weblogic.portalApp.WlwRuntimeAppScopedJMS#MSG_BUFFER_TOPIC. The Error was:Can not get distribute destination information. The destination JNDI name is weblogic.portalApp.WlwRuntimeAppScopedJMS#MSG_BUFFER_TOPIC, the provider URL is null

This warning is thrown only once and can be safely ignored.

Platform: All

Workaround: None

This issue not only happens with Portal Application rather where ever you will use WLW Controls you may find this issue. Actually This is not an Issue...

sample error message:

portalApp.WlwRuntimeAppScopedJMS#MSG_BUFFER_TOPIC. The Error was:
The destination for the MDB MessageBufferTopicBean(Application: portalApp, EJBComponent: weblogic-messagebuffer-mdb.jar) could not be resolved at this time.  Please ensure the destination is available at the JNDI name weblogic.portalApp.WlwRuntimeAppScopedJMS#MSG_BUFFER_TOPIC.  The EJB container will periodically attempt to resolve this MDB destination and additional warnings may be issued.>