Scenario:
Oracle SOA calling secured service on Vordel Gateway. OWSM policy used is 'oracle/wsm_username_tokoen_with_messsageprotection_client'. Using this policy request message signed with SOA platform's certifacte along with UserNameToken.OWSM policy expects the response message also be signed. So we have configured the gateway the sign the response message with Root CA.
We have imported Root CA to SOA's Keystore as trust.
Issue:
The path to the certificate is invalid. [[
Validation failed for the
certificate "Subject DN:- CN=test.oprosoa.oprohome.com, OU=Information
Technology, O="ObjectPro LLC.", L=Atlanta, ST=Georgia, C=US, Serial Number:-
132780370344752896279323, Issuer DN:- CN=OPRO Enterprise Certification
Authority 01, DC=ObjectPro LLC, DC=com"
Certificates in cert path
used for validation are:-
"Subject DN:-
CN=test.oprosoa.oprohome.com, OU=Information Technology, O="ObjectPro LLC.", L=Atlanta, ST=Georgia, C=US, Issuer DN:- CN=OPRO Enterprise
Certification Authority 01, DC=ObjectPro LLC, DC=com"
]]
Solution:
According to Below Oracle Notes. We need to import if any intermediate chain of certificates as well, in order to successfully read the response.
We have imported the dependent ENT CA certificate and issue is resolved
Cause: The intermediate and root certificates of the certificate were not present in the keystore during verification.
Action: Make sure that the entire certificate chain is available in the keystore for verification.
Level: 1
Type: ERROR
Impact: Security
No comments:
Post a Comment