Home > SOA Suite > SSL issues with jDeveloper

SSL issues with jDeveloper

In test environments it is common to use self-signed SSL certificates. In addition to being self-signed they tend to be less strict, for instance the CN may not match the host name. This will cause problems if jDeveloper needs to read WSDL using SSL, for example.

The compiler will fail with a message similar to “Load of wsdl … failed”. The SOA log (scac.log) may contain:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

In this case the self-signed certificate must be added to the keystore for the JRE used by jDeveloper. Access the server with a browser and open the certificate. Export it as a file. DER format works. Close jDeveloper. Import the certificate:

set JAVA_HOME=c:\oracle\Middleware\jdk160_24
keytool -import -trustcacerts -file certificate.der -keystore %JAVA_HOME%\jre\lib\security\cacerts

The default password is “changeit”. Start jDeveloper and try again. This time the certificate should be accepted, but there may still be problems. The SOA log (scac.log) may contain:

java.security.cert.CertificateException: No name matching hostname.domain.name found

In this case the SSL certificate uses the wrong CN. There are no options for ignoring hostname verification in JDeveloper (docs), so the names must match. Fix the certificate, there is no workaround.

Categories: SOA Suite
  1. siddtharth
    2012-10-10 at 17:43

    Well I have a workaround in case the host name and the CN are different. What I did is get the IP address for that host and add an entry in you hosts file with that IP and CN as the name. Now use CN as the hostname in the WSDL URL. This way the new host name [CN] will map to an IP and match with the CN on the certificate.

    • 2018-02-05 at 22:55

      did u use the host file for windows , did i miss any thing i tried it but it didnt work

  2. 2018-02-08 at 09:24

    Anzo, if your question is to siddtharth it is unlikely that you will get an answer as that comment is six years old.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: