DOYENSYS Knowledge Portal

We Welcome you to visit our DOYENSYS KNOWLEDGE PORTAL : Doyensys Knowledge Portal

Thursday, December 29, 2016

Untrusted Certificate Issue in ECX (XML PO) transmission

When the XML Gateway (ECX) has been configured for XML PO Transmission ,  when https protocol has been configured in trading partner setup , valid certificates has to be uploaded to keystore , Else you will get untrusted certificate error in Exception text when you ran the ECX Diag script

This post provides you the steps to follow to setup and upload certificate (SHA2 certificate)

XML gateway configuration is done via the file under the oc4j container:   $INST_TOP/ora/10.1.3/j2ee/oafm/config/

1. Ensure and update the $INST_TOP/ora/10.1.3/j2ee/oafm/config/ file contains the values to point the oxta servelet to the new jdk keystore:$AF_JRE_TOP/jre/lib/security/cacerts   ### preferred to be physical location
test.trustmanager.algorithm = SunX509

2. copy the certificate (exported as base64) as (in text format) and .cer extension to $AF_JRE_TOP/jre/lib/security. 
(for this post example, staples_cert.cer)

3. Import the certificate into the cacerts file using keytool command:

keytool -import -alias <alias name> -file <certificate filename>.cer -trustcacerts -v -keystore cacerts -storepass changeit

For example :
alias name is staples_cert
ceriticate name (step 2) : staples_cert.cer

keytool -import -alias staples_cert -file staples_cert.cer -trustcacerts -v -keystore cacerts -storepass changeit

--Narasimha Rao

No comments: