Archive

Archive for October, 2011

SSL issues with jDeveloper

2011-10-31 1 comment

In test environments it is common to use self-signed SSL certificates. In addition to being self-signed they tend to be less strict, for instance the CN may not match the host name. This will cause problems if jDeveloper 11.1.1.5 needs to read WSDL using SSL, for example.

The compiler will fail with a message similar to “Load of wsdl … failed”. The SOA log (scac.log) may contain:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

In this case the self-signed certificate must be added to the keystore for the JRE used by jDeveloper. Access the server with a browser and open the certificate. Export it as a file. DER format works. Close jDeveloper. Import the certificate:

set JAVA_HOME=c:\oracle\Middleware\jdk160_24
set PATH=%JAVA_HOME%\bin;%PATH%
keytool -import -trustcacerts -file certificate.der -keystore %JAVA_HOME%\jre\lib\security\cacerts

The default password is “changeit”. Start jDeveloper and try again. This time the certificate should be accepted, but there may still be problems. The SOA log (scac.log) may contain:

java.security.cert.CertificateException: No name matching hostname.domain.name found

In this case the SSL certificate uses the wrong CN. There are no options for ignoring hostname verification in JDeveloper (docs), so the names must match. Fix the certificate, there is no workaround.

Categories: SOA Suite