APPLIES TO:
Oracle XML Gateway – Version 12.0.0 to 12.1.3 [Release 12 to 12.1]
Information in this document applies to any platform.
SYMPTOMS
Setup xml gateway with trading partner for outbound transmission of Purchase Order to the Oracle Supplier Network. Generated approved purchase order. However transaction monitor shows Delivery Status or Error and Delivery Message of Invalid CACert File. The xml_sql output shows following error:
oracle.apps.ecx.oxta.ConnectionFailureException: Connection failure resulting from:
java.io.FileNotFoundException: /inst/apps/<$CONTEXT_NAME>/certs/Apache/cwallet.sso
CAUSE:
The cwallet.sso did not exist in the location specified in the $INST_TOP/ora/10.1.3/j2ee/oafm/config/oc4j.properties. This is the configuration file used by XML Gateway in EBS version 12.1.3.
SOLUTION:
This solution is applicable for EBS 12.1.3 only.
Configure XML Gateway to use the JKS wallet instead of the SSO wallet. This allows for TLS authentication.
1. Ensure that the JDK version is 1.7.131 or higher in order to support TLS authentication for EBS 12.1.3.
2. Update the autoconfig $CONTEXT_FILE parameters:
s_ssl_truststore = $AF_JRE_TOP/jre/lib/security/cacerts
– Be sure to confirm the path to the cacerts file and insert the correct path here.
– You will need to import your trading partner certificates into this wallet.
s_ssl_truststoretype = JKS
s_ssl_trustmanageralgorithm = SunX509
Note: By default, the keystore is set to the cwallet.sso which is also the same as the default truststore. These are SSO storetypes.
While this configuration will work in most cases, our guidance is to setup and configure a JKS keystore in addition to the truststore, but either case should work.
s_ssl_keystore=<path to the server key certificate keystore>
s_ssl_keystoretype=JKS
s_ssl_keymanageralgorithm=SunX509
Note: s_ssl_trustmanageralgorithm and s_ssl_keymanageralgorithm default to the SSO value of OracleX509. If you are using JKS keystore types then use SunX509.
3. Run Autoconfig.
4. Restart the OAFM container or middle tier.
5. Retest the connection to verify that it works.