Integration

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Connecting to a secure webservice with a client certificate

805038Mar 1 2011 — edited Mar 2 2011

Hey all,

I'm struggling with Oracle Service Bus (10.3.0) to get a connection with a another webservice using client certificates. I've received a certificate and a private key from the external party that i should use to connect to their webservice. I tested the key using a regular browser and authentication works fine.

In WebLogic i created a "PKI Credential Mapping Provider" pointing to the JKS store where my key and certificate lives.
In the service bus i created a "Service Key Provider" and set the "SSL Client Authentication Key" to the alias in the JKS file for my certificate and key. I configured the business service to connect to an https URL and configured the authentication to be "Client Certificate". In the proxy service (just a plain service nothing fancy going on yet) i configure the "Service Key Provider" mentioned above.

From the documenation i get the idea that this should be enough to get things working, however it is not. A i see the following message is the logs right after the verification of the remote host (SSL debug enabled):

####<Mar 1, 2011 8:01:43 PM CET> <Debug> <SecuritySSL> <XX> <XX> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>>
<> <> <1299006103214> <BEA-000000> <weblogic user specified trustmanager validation status 0>
####<Mar 1, 2011 8:01:43 PM CET> <Debug> <SecuritySSL> <XX> <XX> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>>
<> <> <1299006103214> <BEA-000000> <SSLTrustValidator returns: 0>
####<Mar 1, 2011 8:01:43 PM CET> <Debug> <SecuritySSL> <XX> <XX> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>>
<> <> <1299006103214> <BEA-000000> <Trust status (0): NONE>
####<Mar 1, 2011 8:01:43 PM CET> <Debug> <SecuritySSL> <XX> <XX> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>>
<> <> <1299006103214> <BEA-000000> <Performing hostname validation checks: XX>
####<Mar 1, 2011 8:01:43 PM CET> <Debug> <SecuritySSL> <XX> <XX> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>>
<> <> <1299006103214> <BEA-000000> <HANDSHAKEMESSAGE: CertificateRequest>
####<Mar 1, 2011 8:01:43 PM CET> <Debug> <SecuritySSL> <XX> <XX> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>>
<> <> <1299006103214> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
####<Mar 1, 2011 8:01:43 PM CET> <Debug> <SecuritySSL> <XX> <XX> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>>
<> <> <1299006103215> <BEA-000000> <No suitable identity certificate chain has been found.>
####<Mar 1, 2011 8:01:43 PM CET> <Debug> <SecuritySSL> <XX> <XX> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>>
<> <> <1299006103215> <BEA-000000> <write HANDSHAKE, offset = 0, length = 7>

"No suitable identity certificate chain has been found." this is the only indication of something going wrong. Does anyone have an idea what might be going on here or what i'm missing in the configuration?

Cheers,

Hugo

Locked Post

New comments cannot be posted to this locked post.

Locked on Mar 30 2011

Added on Mar 1 2011

#soa-process-management, #soa-suite-discusssions

5 comments

1,424 views