Hi gurus,
I created a BPEL process on SOA Suite 10.1.3.4 + MLR#8. This process will be invoked by a 3rd party application, over HTTPS.
The private keys were given to me in the form of a PFX file (vivawebcert.pfx).
Following are the steps done by me to expose my BPEL process over HTTPS:
1. Download jetty-6.1.1.jar
2. Import PFX to a new JKS file:
>java -classpath jetty-6.1.1.jar org.mortbay.jetty.security.PKCS12Import D:\vivawebcert28dec\vivawebcert.pfx D:\vivawebcert28dec\vivawebstore.jks
3. Move this JKS file and PFX file to the SOA machine (Linux), and store it in location /aiaapp/EFTSIntegration/certnew/
3. Import PFK to cacerts:
>java -classpath jetty-6.1.1.jar org.mortbay.jetty.security.PKCS12Import D:\vivawebcert28dec\vivawebcert.pfx D:\vivawebcert28dec\cacerts
4. Copy cacerts to /aiaapp/product/10.1.3.1/OracleAS_1/jdk/jre/lib/security/
5. Add the following to ompn.xml
<process-type id="oc4j_soa" module-id="OC4J" status="enabled">
<module-data>
<category id="start-parameters">
<data id="java-options" value="-server -mx2048M -ms1024M -Djavax.net.ssl.keyStore=/aiaapp/EFTSIntegration/certnew/vivawebstore.jks -Djavax.net.ssl.keyStorePassword=viva123 -Djavax.net.ssl.keyStoreType=JKS
6. Restart server (./opmnctl shutdown and startall)
However, when the 3rd party application calls by service it is not able to connect. I can see the following error in /aiaapp/product/10.1.3.1/OracleAS_1/Apache/Apache/logs/ssl_engine_log
[29/Dec/2015 09:42:31 09077] [error] SSL call to NZ function nzos_Handshake failed with error 29049 (server sttbsit4:4443, client 10.120.32.41)
[29/Dec/2015 09:42:31 09077] [error] SSL protocol error [Hint: the client probably speaks HTTPS over HTTP protocol]
Do I have to import anything to the default Wallet? I tried importing vivawebcert.pfx to /aiaapp/product/10.1.3.1/OracleAS_1/Apache/Apache/conf/ssl.wlt/default/ using /aiaapp/product/10.1.3.1/OracleAS_1/bin/owm. However, it fails saying "some trusted certificates could not be installed"
Regards,
Arindam