You might be wondering where I left for so many days with no update in the blog. We were busy with 10gR2 database upgrade for some off our Instance and other issues like getting error whenever we try to upload Resume via iRec Job Search. Our Jserve.log shows this (After setting Debug ) :
=======================================
javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErrat oracle.security.ssl.OracleSSLSocketImpl.startHandshake(Native Method)at oracle.security.ssl.OracleSSLSocketImpl.startHandshake(OracleSSLSocketImpl.java)at HTTPClient.HTTPConnection.getSSLSocket(HTTPConnection.java:1969)at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:2938)at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java:2150)at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:3561)at HTTPClient.HTTPConnection.ExtensionMethod(HTTPConnection.java:1570)at HTTPClient.HttpURLConnection.connect(HttpURLConnection.java:758)at HTTPClient.HttpURLConnection.getInputStream(HttpURLConnection.java:477)======================================================
We did the following to resolve this issue :
1. ftp server.crt to end user workstation
2. opened server.crt in MSIE
3. Exported each level as an x509 certificate.
==> Upper line = server1.cer
==>2nd line = server2.cer
==> 3rd line = server3.cer
4. ftp [ bin] server3.cer server2.cer server1.cer back to middle tier in $COMMON_TOP/admin/certs/apache/verisign directory
5. touch ca.crt
6. cat server3.cer server2.cer server1.cer >> ca.crt
7. copied the ca-bundle.crt from $IAS_ORACLE_HOME/Apache/Apache/conf/ssl.crt to $COMMON_TOP/admin/certs/apache/ssl.crt
8. copied ca.crt and server.crt from $COMMON_TOP/admin/certs/apache/verisign to $COMMON_TOP/admin/certs/apache/ssl.crt
9. Verified date on server.key in ssl.key directory
10. Bounced Apache [ adapcctl.sh [stopstart]
11. Tested upload resume > success
Happy Troubleshooting !!!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment