Untrusted Certificate Issue in ECX (XML PO) transmission

When the XML Gateway (ECX) has been configured for XML PO Transmission ,  when https protocol has been configured in trading partner setup , valid certificates has to be uploaded to keystore , Else you will get untrusted certificate error in Exception text when you ran the ECX Diag script

This post provides you the steps to follow to setup and upload certificate (SHA2 certificate)

XML gateway configuration is done via the oc4j.properties file under the oc4j container:   $INST_TOP/ora/10.1.3/j2ee/oafm/config/oc4j.properties

1. Ensure and update the $INST_TOP/ora/10.1.3/j2ee/oafm/config/oc4j.properties file contains the values to point the oxta servelet to the new jdk keystore:

javax.net.ssl.trustStore=$AF_JRE_TOP/jre/lib/security/cacerts   ### preferred to be physical location
test.trustmanager.algorithm = SunX509

2. copy the certificate (exported as base64) as (in text format) and .cer extension to $AF_JRE_TOP/jre/lib/security. 
(for this post example, staples_cert.cer)

3. Import the certificate into the cacerts file using keytool command:

keytool -import -alias <alias name> -file <certificate filename>.cer -trustcacerts -v -keystore cacerts -storepass changeit

For example :
alias name is staples_cert
ceriticate name (step 2) : staples_cert.cer

keytool -import -alias staples_cert -file staples_cert.cer -trustcacerts -v -keystore cacerts -storepass changeit

–Narasimha Rao

  • December 29, 2016 | 20 views
  • Comments