Oracle Service Bus (OSB) SSL handshake failure

Question

Using various tutorials tried to make 2-way SSL connection in proxy service that process payments. Working with Weblogic server 10.3.5, where in trusted keystore 'cacerts' added certificates. From curl can test this payments - have ssl.key, ssl.cer and ssl.crt - everything was fine.

Added them to 'cacerts' with keytool utility as follows:

• converted ssl.key and ssl.cer to one file ssl.p12
• added ssl.crt to 'cacerts' with alias 'demo'
• added ssl.p12 to 'cacerts' with alias '1'

Imported keystore to Weblogic and restarted the server. In OSB service proxy set HTTP Transport configuration to Enabled with Client Certificate. In Business service HTTP method set to POST and added endpoint uri with https://.

While testing in sbconsole receiving such error:

General runtime error: [Security:090497]HANDSHAKE_FAILURE alert received from demo - *.*.*.*. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hostname verification settings.

Could you please tell me where i've made wrong?

Answer 1

Enable debugging! The only way to be able to track down the cause of these kind of issues. I added an environment variable JAVA_OPTIONS with this value: "-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true -Djavax.net.debug=all"

Also, in WLS I enabled debugging for these topics: ->Environment->Servers->AdminServer: tab ‘Debug’: - Default: DebugSSL - Weblogic, node 'Security': certpath, certrevocchecking, credmap, keystore and ssl

You will still need to do a lot of digging, but at least the error-messages are there!