3

I have a web service which returns a Unique ID when I provide a valid request. This web service is username/password protected and I have the credentials for the same.

The Service request returns a expected response in SOAP UI where I added the username password fields in the resource properties.

Now I want to access the same web service in OSB. I get the error: 

'The invocation resulted in an error: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received..'

How do I access this web service?

I added the following code in the request part of the operation I am trying to invoke in the wsdl.

<wsp:Policy wsu:Id="WS-Policy-UNT"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-    wssecurity-utility-1.0.xsd">
<wssp:Identity xmlns:wssp="http://www.bea.com/wls90/security/policy">
<wssp:SupportedTokens>
<wssp:SecurityToken TokenType="http://docs.oasis-open.org/wss/2004/01/oasis- 200401-wss-username-token-profile-1.0#UsernameToken">
<wssp:UsePassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
</wssp:SecurityToken>
</wssp:SupportedTokens>
</wssp:Identity>
</wsp:Policy>

I also added a Service account with the username password in the security tab of the same.

I am still getting the same error. Please guide me...

HeisenBerg
  • 127
  • 10
  • Have you tried configuring SSL with certs like this: http://stackoverflow.com/questions/16290992/two-way-ssl-with-tomcat-as-client-to-weblogic or http://www.ateam-oracle.com/2-way-ssl-between-soa-and-osb/ – Display Name is missing Feb 17 '15 at 18:55

2 Answers2

1

You have to install or update the certificate of the server where is installed your webservice in the OSB. Here are some steps that can help you :

  1. get the certificate of the server your webservice is installed in (from your browser for example). this link can help you , see the second answer : https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file

  2. Add the certificate in the keystore of the OSB (using keytool command)

  3. Restart SSL in weblogic, Environment -> Servers -> Control, check your instance and click on restart SSL
Community
  • 1
  • 1
Asy
  • 181
  • 8
  • The secure web service in my case is from a third party. Moreover, the endpoint URI prompts for a username/password in the browser. After authentication it gives an Error 405 message. – HeisenBerg Feb 20 '15 at 02:59
  • According to the message error, you have a problem in the certificate which is not or badly installed. – Asy Feb 20 '15 at 09:17
  • for the username/passowrd , did you configure your service account in your business service? – Asy Feb 20 '15 at 09:18
  • Yes, I have added a Service account with the username/password and attached a WS-Policy. I have edited my question and added the ws-policy – HeisenBerg Feb 20 '15 at 10:09
  • No. I havent. Can u please elaborate on the "get the certificate" part? Sorry for being such a noob. :\ – HeisenBerg Feb 21 '15 at 16:00
  • I did an edit to my answer , make know if it's clear enough or not :) – Asy Feb 22 '15 at 20:03
  • I did so as you suggested. But it hasn't solved the same problem. Should I set a PKI credential mapper and a service key provider? – HeisenBerg Mar 03 '15 at 04:32
  • I did so as you suggested. But it hasn't solved the same problem. Should I set a PKI credential mapper and a service key provider? I get this alert when I try to do so! "There is no PKI credential mapper provider configured in your security realm. Service key provider management will be disabled. Configure a PKI credential mapper provider if you need service provider support. This is typically the case if you have Oracle Service Bus proxy services with web service security enabled or outbound 2-way SSL connections." – HeisenBerg Mar 03 '15 at 04:32
  • 1
    we have faced this error and the origin was that the certificate was generated in jdk 1.7. Can you suggest to the admin of your server (where your webservice are in) to generate with jdk version lower than 1.7? then rexecute the actions descriped in the answer – Asy Mar 03 '15 at 16:53
1

Finally, I was able to get the solution. Phew.!

I used openssl to download the certificate.

This Command here from Server Fault made it a piece of cake.

echo -n | openssl s_client -connect HOST:PORTNUMBER | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >[PATH_TO_SAVE_CERTIFICATE]

I then checked the USE JSSE SSL in Advanced Part of SSL Tab in the admin Console.

After a complete Server Restart it worked as expected.

starball
  • 20,030
  • 7
  • 43
  • 238
HeisenBerg
  • 127
  • 10