DOYENSYS Knowledge Portal




We Welcome you to visit our DOYENSYS KNOWLEDGE PORTAL : Doyensys Knowledge Portal




Thursday, December 29, 2016

Untrusted Certificate Issue in ECX (XML PO) transmission


When the XML Gateway (ECX) has been configured for XML PO Transmission ,  when https protocol has been configured in trading partner setup , valid certificates has to be uploaded to keystore , Else you will get untrusted certificate error in Exception text when you ran the ECX Diag script

This post provides you the steps to follow to setup and upload certificate (SHA2 certificate)

XML gateway configuration is done via the oc4j.properties file under the oc4j container:   $INST_TOP/ora/10.1.3/j2ee/oafm/config/oc4j.properties

1. Ensure and update the $INST_TOP/ora/10.1.3/j2ee/oafm/config/oc4j.properties file contains the values to point the oxta servelet to the new jdk keystore:

javax.net.ssl.trustStoreType=JKS
javax.net.ssl.trustStore=$AF_JRE_TOP/jre/lib/security/cacerts   ### preferred to be physical location
javax.net.ssl.trustStorePassword=changeit
test.trustmanager.algorithm = SunX509

2. copy the certificate (exported as base64) as (in text format) and .cer extension to $AF_JRE_TOP/jre/lib/security. 
(for this post example, staples_cert.cer)

3. Import the certificate into the cacerts file using keytool command:

keytool -import -alias <alias name> -file <certificate filename>.cer -trustcacerts -v -keystore cacerts -storepass changeit

For example :
alias name is staples_cert
ceriticate name (step 2) : staples_cert.cer

keytool -import -alias staples_cert -file staples_cert.cer -trustcacerts -v -keystore cacerts -storepass changeit


--Narasimha Rao


No comments: