When you start working with the SOA Suite 11G the server has a default keystore set. Connecting to this setup over HTTPS usually doesn’t give any problem as the CA’s used are generally trusted by default by the JDK used. One of the things you maybe are going to encounter when you equip your server with a genuin certificate with CA’s in the chain which are not trusted by default, is that the deployment using JDeveloper is not going to work anymore. This is because the SSL handshake will cause an error as JDeveloper doesn’t trust the server. How to solve this……
To make the deployment work again you need to make sure JDeveloper trusts the server. The first thing you need is the CA certificate(s) from the server. You can get them by opening an url on the server over SSL….for example to a service you have build. Say: https://MY_SERVER/test/service/v1?wsdl. I’m using Firefox here as an example. The same can be done in IE but i is located somewhere else. You’ll figure it out 🙂
In the the browser click on the text in from of the URL. I’ll use the WordPress website as example. A popup should open like this:
Choose ‘More infomation’ and then ‘View Certificate’. Choose the ‘Details’ tab and then select the CA you want to export and press ‘Export’.
This gives you the option to save the CA certificate as a X.509 Certificate (PEM) file. Save all the CA certificates in the chain you need want to trust.
The next thing you will need to do is to tell the JDK which JDeveloper uses that these 2 CA are trusted. The truststore of the JDeveloper is located at /JDEV_HOME/jdk160_24/jre/lib/security for JDeveloper 11.1.1.5. In the security directory is a file named ‘cacerts’. This is actually a Java Key Store which holds all the trusted certificates. The thing to do now is to add you just downloaded certificates to this truststore. Do this by using the Keytool from the JDK. This works like this:
keytool -import -v –file YOUR_DOWNLOADED_CERT.crt -keypass KEYSTORE_PW -keystore JDEV_HOME/jdk160_24/jre/lib/security/cacerts -alias ALIAS_NAME.
The default password of the cacerts file is changeit.
After you have succesfully inserted your CA certificates, you now should be able to deploy to your weblogic server.
Thanks a lot for this post. I’ve been searching for that kind of explaination for days.