We where trying to connect from BPEL to a HTTPS service but we ran into SSL problems. After checking all the keystores and it’s locations, it still didn’t seem to pick our keystore up.
The error we found in the log looked like this:
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
After some digging we found out that this is a nice feature. When you don’t remove the DemoTrust.jks from the setDomainEnv.sh, it will not load your defined keystore. Remove the DemoTrust.jks entry and it works like a charm. For the release notes see:
Please follow section “21.2.1 Removing References to the Demo Certificates When Using Your Own SSL Certificates” in the following document:
Oracle Fusion Middleware Release Notes
11g Release 1 (11.1.1) for Linux x86-64
Part Number E14770-11
Un-be-f–king-lievable. Thank you Hugo for digging this up, you saved me, I would have never found this on my own.
Oracle, you are a bunch of turds.
For SOA to work, it all just has to WORK, and this is just one more example of the hot, sloppy mess that is SOA Suite, OSB, and the rest. FYI to anyone that reads this: SOA Suite ain’t hardly worth the trouble.