Skip to Main Content
Forums

Integration

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

OSB 11.1.1.5 use of sha256RSA certificates and checking Use JSSE SSL not working

951803Jul 19 2015 — edited Aug 25 2015

Hi,

We have OSB 11.1.1.5 / WLS 10.3.5. We trying to call one of our client web service over https. We imported the certificate into our keystore. Certificate is of type

signature alogirithm: sha256RSA

public key: RSA (2048 Bits)

Inside weblogic console under OSB Managed Server/Keystores tab we selected Custom Identity and Custom Trust and pointed to the keystore with type as jks

under SSL Tab we selected "Use JSSE SSL"

Now the issue is when we invoke the webservice we getting the below

<<WLS Kernel>> <> <c7442c5c783cffd3:-5937b48:14e9f9330d3:-8000-0000000000000548> <1437196520011> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer[]) called: result=Status = OK HandshakeStatus = NOT_HANDSHAKING


bytesConsumed = 145 bytesProduced = 124.>


####<Jul 18, 2015 12:15:20 AM CDT> <Info> <OSB Kernel> <L5CB3111LDL> <AdminServer> <[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <c7442c5c783cffd3:-5937b48:14e9f9330d3:-8000-0000000000000548> <1437196520051> <BEA-398203> <




[OSB Tracing] Outbound response was received.




Service Ref = osbservices/services/business/cp


 URI = https://<hostname>:443/uri/WebServices


Error code = BEA-380000


Error Message = Found


Message ID = 2542523210519779030--5937b48.14e9f9330d3.-7fe9


Response metadata =


<xml-fragment>


   <tran:headers xsi:type="http:HttpResponseHeaders" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">


     <http:Connection>close</http:Connection>


     <http:Date>Sat, 18 Jul 2015 05:15:19 GMT</http:Date>


     <http:Location>http://<host>.com/ab.htm</http:Location>


   </tran:headers>


   <tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">1</tran:response-code>


   <tran:response-message xmlns:tran="http://www.bea.com/wli/sb/transports">Found</tran:response-message>


   <tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">iso-8859-1</tran:encoding>


   <http:http-response-code xmlns:http="http://www.bea.com/wli/sb/transports/http">302</http:http-response-code>


</xml-fragment>


Payload =




>

This is what we have set in setDomainEnv file

set EXTRA_JAVA_PROPERTIES=-Dcommon.components.home=%COMMON_COMPONENTS_HOME% -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=%DOMAIN_HOME% -Djrockit.optfile=%COMMON_COMPONENTS_HOME%\modules\oracle.jrf_11.1.1\jrocket_optfile.txt -Doracle.server.config.dir=%ORACLE_DOMAIN_CONFIG_DIR%\servers\%SERVER_NAME% -Doracle.domain.config.dir=%ORACLE_DOMAIN_CONFIG_DIR%  -Digf.arisidbeans.carmlloc=%ORACLE_DOMAIN_CONFIG_DIR%\carml  -Digf.arisidstack.home=%ORACLE_DOMAIN_CONFIG_DIR%\arisidprovider -Doracle.security.jps.config=%DOMAIN_HOME%\config\fmwconfig\jps-config.xml -Doracle.deployed.app.dir=%DOMAIN_HOME%\servers\%SERVER_NAME%\tmp\_WL_user -Doracle.deployed.app.ext=\- -Dweblogic.ssl.JSSEEnabled=true -Dweblogic.wsee.skip.async.response=true -Dweblogic.wsee.client.ssl.stricthostchecking=false -Dweblogic.webservice.client.ssl.adapterclass=weblogic.webservice.client.JSSEAdapter -Dweblogic.security.SSL.enableJSSE=true -Dweblogic.security.SSL.HostnameVerifier=weblogic.security.utils.SSLWLSWildcardHostnameVerifier -Dweblogic.transaction.blocking.rollback=true -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true -Dweblogic.security.SSL.enable.renegotiation=true -Djavax.net.debug=all -Dweblogic.security.SSL.enforceConstraints=off -Dweblogic.alternateTypesDirectory=%ALT_TYPES_DIR% -Djava.protocol.handler.pkgs=%PROTOCOL_HANDLERS%  %WLS_JDBC_REMOTE_ENABLED% %EXTRA_JAVA_PROPERTIES%

For testing we created a Webservice client in JDeveloper and calling the the client's webservice directly through JDeveloper it works fine. We use the same Keystore in JDeveloper the one we using on the server. Also testing the same in OSB 11.1.1.7 works fine with the same settings as in OSB 11.1.1.5. Plus testing the webservice through SOAUI works fine. It's only when we deploy the OSB Service which inturn calls the client service doesn't work.

Some how weblogic 10.3.5/OSB 11.1.1.5 SHA256 certs are not handled properly as they are of higher security and selecting "Use JSSE SSL" is not making any difference either

We have opened SR also but looks like Oracle is struggling also for last one week to make it work without any luck so wondering if anyone encounter such an issue and how to get pass by that. We really in a time crucnh and have tried almost everything.

Thanks
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Sep 22 2015
Added on Jul 19 2015
#soa-process-management, #soa-suite-discusssions
8 comments
1,537 views