Sunday, 29 July 2018

CASDK-0007 Unable to establish a secure connection to oracleebs.com. SSL protocol related exception occurred

When we are trying to make Oracle E-Business connection leveraging Oracle EBS adapter in Oracle OIC / ICS, we may face below error:

CASDK-0007: Unable to establish a secure connection to ebs.com. SSL protocol related exception occurred. Verify that the URL is reachable and the certificate for the same is available.
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
unable to find valid certification path to requested target

This error occurs because of SSL certificate issues. If Oracle E-Business Suite requires a specific SSL certificate, ensure that we must import or upload the Oracle E-Business Suite SSL certificate to Oracle ICS Agent

Below are the steps to upload Oracle E-Business Suite to ICS Agent:
  • Download Oracle E-Business Certificate chain using firefox browser
  • Import Oracle E-Business certificate chain to Oracle ICS agent
Download Oracle E-Business certificate chain using firefox browser
  • Login into EBS suite using firebox browser
  • Click on Security Report and More Information
  • Go to Security Tab and Click on View Certificate button
  • Click on Details tab and click on Export button
  • Select X.509 Certificate with Chain (PEM) (*.crt, *.pem) from Save as type list
  • Click on Save button
Import Oracle E-Business certificate chain to Oracle ICS agent
  • Transfer the Certificate chain to the machine where ICS agent is installed
  • Login into the ICS agent machine and move to the <AGENT_HOME>/oracle_common/common/bin directory
  • Create a new file let’s say importCert.py file and  paste below content in the file
hostname="<agent_host_name>"
port="<Port number which was given during Agent installation, Default is 7001 if not provided>"
username="<User Name which was given during Agent installation, Default is weblogic if not provided>"
password="<Password which was given during Agent installation, Default is welcome2 if not provided >"
cert_file="<Certificate path which was downloaded in previous step> "
connect(username,password,"t3://"+hostname+":"+port)
svc=getOpssService(name='KeyStoreService')
svc.importKeyStoreCertificate(appStripe='system', name='trust', password='password',
alias='<alias_name>', keypassword='keypassword', type='TrustedCertificate',filepath=cert_file)

Note: Replace the values in <> bracket as per the agent environment

Consider below command which was used to install ICS agent

./cloud-connectivity-agent-installer.bsx -h=https://icsinstance-a12122.integration.us2.oraclecloud.com:443 -u=ankurjain -p=myics@098 -ad= AGENT_GROUP -au=ebsagent -ap=agent@ICSagent1 -ph=111.40.10.111 -pp=5520

As per command, the file importCert.py will look like

Hostname=123.21.11.11
Port=7001
Username=ebsagent 
Password=agent@ICSagent1
cert_file=/u01/ebscert.crt
connect(username,password,"t3://"+hostname+":"+port)
svc=getOpssService(name='KeyStoreService')
svc.importKeyStoreCertificate(appStripe='system', name='trust', password='password',
alias=ebsCert, keypassword='keypassword', type='TrustedCertificate',filepath=cert_file)


Run below command to import the certificate

./wlst.sh importCert.py

Test EBS connection, this time EBS connection should be established successfully.

No comments:

Post a Comment