Weblogic server is configured to use Java Key Store and Set up to use Internal PKI certs (Not authorized by CA). Deployment of SOA composite failed with "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: " error.
[deployComposite] Creating HTTPS connection to host:<hostname>,:<port>
[deployComposite] javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[deployComposite] at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
[deployComposite] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1623)
[deployComposite] at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:198)
[deployComposite] at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:192)
[deployComposite] at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1074)
[deployComposite] at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:128)
[deployComposite] at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:529)
[deployComposite] at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:465)
[deployComposite] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
[deployComposite] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)
[deployComposite] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
[deployComposite] at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
[deployComposite] at java.io.ByteArrayOutputStream.writeTo(ByteArrayOutputStream.java:109)
[deployComposite] at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3366)
[deployComposite] at HTTPClient.HttpOutputStream.closeImpl(HttpOutputStream.java:461)
[deployComposite] at HTTPClient.HttpOutputStream.access$000(HttpOutputStream.java:99)
[deployComposite] at HTTPClient.HttpOutputStream$1.run(HttpOutputStream.java:417)
[deployComposite] at HTTPClient.HttpClientConfiguration.doAction(HttpClientConfiguration.java:666)
[deployComposite] at HTTPClient.HttpOutputStream.close(HttpOutputStream.java:415)
[deployComposite] at java.util.zip.DeflaterOutputStream.close(DeflaterOutputStream.java:149)
[deployComposite] at java.util.zip.ZipOutputStream.close(ZipOutputStream.java:321)
[deployComposite] at oracle.integration.platform.blocks.deploy.servlet.client.DeployerHttpClient.sendCompositeArchives(DeployerHttpClient.java:385)
Root and Resolution:
The above error means that the URL that you are trying to access does not have a Valid Certificate or the Certificate used by the URL provider is not issued by a Trusted Certificate Authority. In order to fix the above error verify the below listed two scenarios and accordingly import intermediate certs.
1: If Client which is trying to access the URL is a Java Standalone Client then import the root certificate of the URL into the "cacerts" file present in the JAVA/jdk/jre/lib/security/ directory.
2: If the Client is the WLS server trying to access the URL, then we need to determine what is the Trust Store used by the Weblogic Server and then import the root certificates into "Demotrust" file present in "/apps/mywebapps/wlserver_10.3/server/lib/DemoTrust.jks"
Note: You can also verify if the client is using cacerts/DemoTrust by verifying in setDomain.sh/startManaged.sh scripts.
Learned a lot of new things from your post ,It's amazing blog
ReplyDeleteOracle SOA Online Training India