Wednesday, October 23, 2013

Workflow mailer logs shwoing SSL handshake failed: X509CertChainIncompleteErr

This issue is due to java store certs are not proper .

Create you cacerts as below .
Also make sure that cacerts path is properly defined in the mailer .

Before running these steps Make sure that your CA.crt file is proper and it has intermediate certificate included .


1. Validate you mailer has correct cacerts locations

Execute $FND_TOP/sql/afsvcpup.sql

update Notification mailer truststore parameter to path of cacert


10243 SSL Trust store  /util/jdk1.6.0_21/jre/lib/security/cacerts



2. Create your java cacerts as below (default password will be changeit )


cd ssl.crt

mv $OA_JRE_TOP/jre/lib/security/cacerts $OA_JRE_TOP/jre/lib/security/cacerts.orig
$OA_JRE_TOP/jre/bin/keytool -import -alias ApacheServer -file server.crt -trustcacerts -v -keystore $OA_JRE_TOP/jre/lib/security/cacerts
$OA_JRE_TOP/jre/bin/keytool -import -alias ApacheCA -file ca.crt -trustcacerts -v -keystore $OA_JRE_TOP/jre/lib/security/cacerts


3. Bounce all services including CM .



Hope this resolves .

No comments:

Post a Comment