Bo's blog: [Security:090477]Certificate chain received from yourhost – ip was not trusted causing SSL handshake failure

Issue:

OSB server has a proxy service which need to callout to another WS over ssl, and got the following issue.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <soapenv:Fault>
         <faultcode>soapenv:Server</faultcode>
         <faultstring>BEA-380000: General runtime error: [Security:090477]Certificate chain received from yourhost - ip was not trusted causing SSL handshake failure.</faultstring>
         <detail>
            <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
               <con:errorCode>BEA-380000</con:errorCode>
               <con:reason>General runtime error: [Security:090477]Certificate chain received from yourhost - ip was not trusted causing SSL handshake failure.</con:reason>
               <con:location>
                  <con:node>PipelinePairNode1</con:node>
                  <con:pipeline>PipelinePairNode1_request</con:pipeline>
                  <con:stage>stage1</con:stage>
                  <con:path>request-pipeline</con:path>
               </con:location>
            </con:fault>
         </detail>
      </soapenv:Fault>
   </soapenv:Body>
</soapenv:Envelope>

Solution:

need to import the certificate of yourhost to the OSB server.

1. to get the certificate, using browser browse the WSDL through https protocol and save the certificate file of the site.

2. using the following command to import certificate file saved from step 1 to truststore of weblogic.

keytool -import -v -noprompt -trustcacerts -alias rootcacert -file rootCA.cer -keystore /opt/bea/OSB1031_64/wlserver_1031_64/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase

keytool -list -v -keystore /opt/bea/OSB1031_64/wlserver_1031_64/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase

Trust store location %ORACLE_HOME%/weblogic/wlserver_10.3/ server/lib/DemoTrust.jks

Trust store password DemoTrustKeyStorePassPhrase

Key store location %ORACLE_HOME%/weblogic/wlserver_10.3/ server/lib/DemoIdentity.jks

Key store password DemoIdentityKeyStorePassPhrase

Private key password DemoIdentityPassPhrase

Labels: Web Service, Weblogic

2 Comments:

At 12:41 PM, sri said...: Hi,

Thanks for the blog . I am getting same exception when i am calling https webservice.

Can you please briefly explain here what are the use of the below commands. what steps we need to perform. If possible can you send any screen shots.
------------------------
Key store location %ORACLE_HOME%/weblogic/wlserver_10.3/ server/lib/DemoIdentity.jks

Key store password DemoIdentityKeyStorePassPhrase

Private key password DemoIdentityPassPhrase

regards,
Sri.
At 4:30 PM, lyonn said...: When you import the certificate, you have a password. Must be the same password that was done the certificate?

I tried with anyone password and it does not works.

Greetings.

<< Home

Bo's blog

Tuesday, October 25, 2011

[Security:090477]Certificate chain received from yourhost – ip was not trusted causing SSL handshake failure

2 Comments:

About Me

Previous Posts