weblogic证书导入问题
[英]weblogic certificate import issue
问题描述
I am using jdk 1.8 for weblogic 12.2.1.3 with the SOA suite.
我将 jdk 1.8 用于带有 SOA 套件的 weblogic 12.2.1.3。 I have to import one certificate from the webserver to the application server.我必须将一个证书从网络服务器导入应用程序服务器。 I have downloaded the certificate from the webserver and tried to import it in default cacerts .我已从网络服务器下载证书并尝试将其导入默认cacerts 。 Path is /u01/oracle/products/jdk/jre/lib/security/cacerts路径是/u01/oracle/products/jdk/jre/lib/security/cacerts
My certificate is imported as I am getting a message saying certificate is added.我的证书已导入,因为我收到一条消息,说证书已添加。 But when i am trying to call the soap URL I am getting an error as below但是当我尝试调用soap URL时,出现如下错误
<bpelFault><faultType>0</faultType><remoteFault xmlns="http://schemas.oracle.com/bpel/extension"><part name="summary"><summary>oracle.fabric.common.FabricInvocationException: Unable to invoke endpoint URI "https://stageosb.au.ar/restricted/soasession" successfully due to: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
So I went to check the certificate I have imported by listing them with alias name with below command所以我去检查我导入的证书,用下面的命令列出它们的别名
keytool -list -v -keystore cacerts -storepass changeit | grep "Alias name:"
I got list of certificates installed.我安装了证书列表。 In that list I saw my certificate also mentioned there with one weird thing: All certificates installed from previously have jdk at the end.在那个列表中,我看到我的证书也提到了一件奇怪的事情:以前安装的所有证书最后都有jdk 。 But for my certificates which I am importing it is not showing jdk at last of it.但是对于我正在导入的证书,它最后没有显示jdk 。 please see below请看下面
Alias name: popcasca
Alias name: verisignclass1g2ca [jdk]
Alias name: comodoaaaca [jdk]
Alias name: geotrustprimarycag2 [jdk]
Alias name: globalsignr3ca [jdk]
popcasca is my certificate installed in cacerts but there is no jdk mentioned here. popcasca 是我安装在 cacerts 中的证书,但这里没有提到jdk 。 What could be the reason for this.这可能是什么原因。 Any help.任何帮助。
Regards问候
1 个解决方案
解决方案1
1 2019-01-22 19:37:22
Your server will be referring to DemoTrust.jks.您的服务器将引用 DemoTrust.jks。 So just updating cacerts will not help.因此,仅更新 cacerts 将无济于事。
You need to remove below line from setDomainEnv[.cmd|.sh].您需要从 setDomainEnv[.cmd|.sh] 中删除以下行。
“-Djavax.net.ssl.trustStore=%WL_HOME%\server\lib\DemoTrust.jks”
For more details refer: https://sswaro.wordpress.com/pkix-path-building-failed-in-soa/有关更多详细信息,请参阅: https : //sswaro.wordpress.com/pkix-path-building-failed-in-soa/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.