“Internal Server Error” while invoking https service from Oracle API CS platform
In this blog, we are going to handle such a situation and show how to resolve this.
Issue: “Internal Server Error” while invoking the SSL enabled services in API CS
So before we get into the detailed solution, we’ll describe the problem statement
Consider the https enabled service (Image-1) which we have configured in API CS and the same has been deployed on API CS physical gateway. While hitting the service either from the browser (Image-2) or POSTMAN the error will be occurred as shown in the below screenshot:
Image-1
Image-2
SSL handshake exception (“javax.net.ssl.SSLHandshakeException”) exception can be found in the log {GW_Install_DIR}/domain/gateway1/servers/managedServer1/trace/default.log
Solution:
The solution of the issue is to import the back-end service SSL certificate chain into the WebLogic Keystore of API CS physical Gateway node.
So first is to export the back-end service SSL certificate chain via the browser. To export the certificate of back-end service follow the below steps:
- Hit the back-end service using firefox browser
- Click on Security Report and More Information
- Go to Security Tab and Click on View Certificate button
- Click on Details tab and click on the Export button
- Select X.509 Certificate with Chain (PEM) (*.crt, *.pem) from Save as type list
- Click on Save button
In above screenshot we’ll notice that WebLogic is using two keystore files to validate what is cert Weblogic needs to trust. We can import downloaded cert into either of DemoTrust.jks or cacerts file.
In that case, we are importing the downloaded certificate into DemoTrust.jks file.
- Login into the gateway node via Putty and navigate to the path of DemoTrust.jks
- Take a backup of the original file DemoTrust.jks
- keytool command will be used to import the certificate into the keystore. Use below command to import certificate
- After importing the certificate, just restart the GW node. Please see the article how to restart GW node