Weblogic Server 12c SSL Errors

-
This post is focused on miscellaneous errors that encountered during SOA web services invocation/ Other SSL business requirements.

 Error 1
Server chose TLSv1, but that protocol version is not enabled or not supported by the client.

Error Code
oracle.fabric.common.FabricException: oracle.fabric.common.FabricException: Error in getting XML input stream: https://host:port/commercial/services/WebService?wsdl: Server chose TLSv1, but that protocol version is not enabled or not supported by the client.: Error in getting XML input stream: https://host:port/commercial/services/WebService?wsdl:  Server chose TLSv1, but that protocol version is not enabled or not supported by the client.
ERROR- Server chose TLSv1, but that protocol version is not enabled or not supported by the client.

Reason
There was an Oracle SOA Composite project that invokes an external SOAP web service which uses SSL TLSv1 and the client machine was having different version of the same.

Solution
1. Login to Weblogic console
2. From left navigation menu Navigate to Environment > Servers > <TARGET_SERVER>. In my case it is soa_server1 & soa_server2
3. Under right section navigate to Configuration Tab > Server Start
4. Go to arguments section and enter the below details
  -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1
5. Save 
6. Activate Changes
Below is the screenshot to showcase the above steps-


Error 2
Hostname verification failed

Error Code
oracle.fabric.common.FabricException: oracle.fabric.common.FabricException: Error in getting XML input stream: https://testpuvvnlidam.mpower.in/commercial/services/IdamUserMaster?wsdl: Hostname verification failed: HostnameVerifier=weblogic.security.utils.SSLWLSHostnameVerifier, hostname= pvt.demohost.in.: Error in getting XML input stream: https://pvt.demohost.in/commercial/services/WebService?wsdl: Hostname verification failed: HostnameVerifier=weblogic.security.utils.SSLWLSHostnameVerifier, hostname=pvt.demohost.in.

Reason
There was an Oracle SOA Composite project that invokes an external SOAP web service which uses SSL and having a hostname called pvt.demohost.in . This hostname is being used in a private network and accessible via MPLS connection. Now when it comes to weblogic, it uses a SSL HostNameVerifier property on each server. In my case I have been using 2 managed soa servers viz. soa_server1 & soa_server2. Since the domain is qualified internally and I have done the entry of host  pvt.demohost.in  on each managed server host files. So the problem is that the default SSL HostNameVerifier  BEA Hostname Verifier is not able to verify this domain.

Solution
1. Login to Weblogic console
2. From left navigation menu Navigate to Environment > Servers > <TARGET_SERVER>. In my case it is soa_server1 & soa_server2
3. Navigate to SSL tab.
4. Go to Advanced
5. Select 'None' the HostName Verification value dropdown
6. Save
7. Activate Changes
Below is the screenshot to showcase the above steps-














Comments

  1. Sandeep PachauriJune 28, 2019 at 9:39 AM

    In terms of security, try to avoid not to override host name verification

    ReplyDelete
  2. Kumar GauravJune 28, 2019 at 11:31 AM

    Hi Sandeep, thanks for your comment. Actually the hostname was resolved within the private network only and not over the internet so if I put the Hostname Verification BEA then it causes error as hostname verification failed. If you know any better option please suggest from security perspective.

    ReplyDelete
  3. AnaAugust 13, 2019 at 11:42 PM

    Radiologex is a next-gen medical network that is web accessible and downloadable as an APP on any device, MAC, PC, IOS, and Android. It is powered by blockchain technology and RDGX AI, allowing medical professionals all across the globe to connect, communicate, collaborate, transact, access content, and perform services on one comprehensive and complete medical ECOSYSTEM. It’s more intuitive, easier to operate, requires ZERO hardware purchases, and is equipped with leading security features—all for less cost. It’s the Evolution of Telemedicine AND Teleradiology.

    At the core, Radiologex is galvanized by a blockchain powered state-of-the art content delivery network (CDN) that is designed to not only replace redundant and unnecessary multiple platforms, both software and hardware, but to connect you with the global Medical community in an all-in-one platform that will drive all communication, business (buy/sell/network), with powerful medical imaging technology (PACS) and RIS/CIS capabilities. Unplug yourself from redundant hardware and various software and applications, usernames passwords and hassle, function seamlessly, with no intermediaries. The future of Enterprise Imaging and True Telemedicine™️ have arrived. With the renowned efficiency, security, decentralization of data, elimination of software fail points, transparency, and transparency and traceability of blockchain technology, Radiologex takes this core architecture to the next level to deliver a new way for the Medical Industry to interact and perform service.

    join : https://t.me/RadiologexOfficialGroup

    ReplyDelete
  4. UnknownMay 7, 2021 at 12:26 AM

    Simply wish to say your article is as astonishing. The clarity in your post is simply great, and I could assume you are an expert on this subject. Same as your blog i found another one Oracle Project Portfolio Management Cloud Software .Actually I was looking for the same information on internet for Oracle PPM and came across your blog. I am impressed by the information that you have on this blog. Thanks a million and please keep up the gratifying work.

    ReplyDelete
  5. UnknownMay 7, 2021 at 12:27 AM

    Simply wish to say your article is as astonishing. The clarity in your post is simply great, and I could assume you are an expert on this subject. Same as your blog i found another one Oracle Project Portfolio Management Cloud Software .Actually I was looking for the same information on internet for Oracle PPM and came across your blog. I am impressed by the information that you have on this blog. Thanks a million and please keep up the gratifying work.

    ReplyDelete

Post a Comment

Popular posts from this blog

Oracle SOA Suite- Implementing Email Notification

-
Image
In this post, I am going to show how to implement email notifications in Oracle SOA Suite using BPEL process. So let's get started- Implementing email notification in Oracle SOA Suite consists of below steps: Environment- IDE- Oracle jDeveloper 11g Weblogic Server 12c Oracle SOA Suite 12c High Level Steps Keep ready email server settings. Configure & enable usermessagingdriver-email for target SOA servers via console. Setting up Email driver (usermessagingdriver-email )with email server settings via enterprise manager. Enable notifications for SOA workflows(make sure either All or EMail option is selected).. Create SOA composite application Deploy it on SOA server. Testing & done. 1. Keep ready email server settings. Keep ready your below email server settings: Outgoing Mail Server          : smtp.domain.com Outgoing Mail Server Port   : xxx Default From Address         : username@doamin.com Outgoing Username            : actualemailid@doma
Read more

Oracle SOA Suite 12c- PKIX path building failed & unable to find valid certification path to requested target

-
Image
Hi Everyone, in this blog I'll be writing one of the strange issue that has been encountered while working with a Oracle SOA composite running in Oracle IDAM environment and trying to invoke a SSL based remote service where SSL certification based exception has been thrown during the service invocation. Environment Oracle SOA Suite 12c  (HA Mode) Oracle IDAM 12c (HA Mode) Oracle Linux 7 External Web Service (SOAP Service) Problem Below is the exception thrown when trying to invoke an external webservice (SSL Based) via BPEL process- <bpelFault><faultType>0</faultType><remoteFault xmlns="http://schemas.oracle.com/bpel/extension"><part name="summary"><summary>oracle.fabric.common.FabricInvocationException: Unable to invoke endpoint URI "https://idam.uppclonline.com/soa-infra/services/default/DefaultOperationalApproval!5.12*soa_69e4734b-d8fe-4edf-b44e-e287f61c2ddf/SMSNotification%23ApprovalProcess/SMSNotification" succe
Read more

Migration of Oracle SOA Suite Composite from 11g to 12c

-
Image
Recently I have came across a scenario where I have a business requirement of  migration of Oracle SOA Suite 11g(11.1.1.7.0) to 12c(12.1.3.0). Below are the different mechanisms I have tried to do, few of them failed and one succeeded. Working in Oracle SOA Suite 11g is completely different from 12c. In 11g, we need to install the jDeveloper(11.1.1.7) then SOA extension separately to be installed either via offline file  (download available at  https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/156082.xml ) or through jDeveloper top menu >>  Help >> Check for Updates >> SOA Extension.  While working with 12c doesn't involves such tedious job. Only single installer is required for jDeveloper/SOA/Weblogic and is available as QuickStart Installer(download available at https://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html). Approach 1- Compress(Zip) SOA composite code of 11g version (11.1.1.7.0) and unzip to a differe
Read more