SSL issues with jDeveloper
In test environments it is common to use self-signed SSL certificates. In addition to being self-signed they tend to be less strict, for instance the CN may not match the host name. This will cause problems if jDeveloper 22.214.171.124 needs to read WSDL using SSL, for example.
The compiler will fail with a message similar to “Load of wsdl … failed”. The SOA log (scac.log) may contain:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
In this case the self-signed certificate must be added to the keystore for the JRE used by jDeveloper. Access the server with a browser and open the certificate. Export it as a file. DER format works. Close jDeveloper. Import the certificate:
keytool -import -trustcacerts -file certificate.der -keystore %JAVA_HOME%\jre\lib\security\cacerts
The default password is “changeit”. Start jDeveloper and try again. This time the certificate should be accepted, but there may still be problems. The SOA log (scac.log) may contain:
java.security.cert.CertificateException: No name matching hostname.domain.name found
In this case the SSL certificate uses the wrong CN. There are no options for ignoring hostname verification in JDeveloper (docs), so the names must match. Fix the certificate, there is no workaround.