[Security:090479]Certificate chain received from xxx.xxxhost.com - xxx.xxx.xxx.xxx failed date validity checks.

OSB(Oracle Service Bus)로 service provider로 라우팅을 하는도중, 아래와 같은 에러가 발생하였습니다.

[Security:090479]Certificate chain received from xxx.xxxhost.com - 195.xxx.xxx.xxx failed date validity checks.

weblogic(OSB) 구동시 아래 java option을 추가해서 로그를 살펴봤습니다.

-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true

아래와 같은 에러가 발생했습니다.

####<Aug 10, 2011 6:10:34 AM GMT> <Debug> <SecuritySSL> <euospoaf02> <Oaf41> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel >> <> <> <1312956634138> <BEA-000000> <28654733 received HANDSHAKE> ####<Aug 10, 2011 6:10:34 AM GMT> <Debug> <SecuritySSL> <euospoaf02> <Oaf41> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel >> <> <> <1312956634138> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello> ####<Aug 10, 2011 6:10:34 AM GMT> <Debug> <SecuritySSL> <euospoaf02> <Oaf41> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel >> <> <> <1312956634140> <BEA-000000> <isMuxerActivated: false> ####<Aug 10, 2011 6:10:34 AM GMT> <Debug> <SecuritySSL> <euospoaf02> <Oaf41> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel >> <> <> <1312956634140> <BEA-000000> <28654733 SSL3/TLS MAC> ####<Aug 10, 2011 6:10:34 AM GMT> <Debug> <SecuritySSL> <euospoaf02> <Oaf41> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel >> <> <> <1312956634140> <BEA-000000> <28654733 received HANDSHAKE> ####<Aug 10, 2011 6:10:34 AM GMT> <Debug> <SecuritySSL> <euospoaf02> <Oaf41> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel >> <> <> <1312956634140> <BEA-000000> <HANDSHAKEMESSAGE: Certificate> ####<Aug 10, 2011 6:10:34 AM GMT> <Debug> <SecuritySSL> <euospoaf02> <Oaf41> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel >> <> <> <1312956634142> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found> ####<Aug 10, 2011 6:10:34 AM GMT> <Debug> <SecuritySSL> <euospoaf02> <Oaf41> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel >> <> <> <1312956634143> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 100814661579714395741940582636013617327 Issuer:O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign Subject:C=KR, ST=Seoul, L=Jung-gu, O=Company A, OU=Company Fun Club(1), OU=Terms of use at www.crosscert.com/rpa (c) 04, OU=Authenticated by KECA, Inc., OU=Memb er, VeriSign Trust Network, CN=xxx.xxxhost.com Not Valid Before:Mon Aug 09 00:00:00 GMT 2010 Not Valid After:Tue Aug 09 23:59:59 GMT 2011 Signature Algorithm:SHA1withRSA >

<조치방법>
java directory의 security디렉토리에 다운 받은 인증서(https 통신을 위한 서버에서 제공하는 인증서)를 갱신하면됩니다.(overwrite)

아래 내용 참고

weblogic:/usr/java/jre/lib/security> ls -altr total 208 -r--r--r-- 1 root root 2469 Aug 19 2009 US_export_policy.jar -r--r--r-- 1 root root 753 Aug 19 2009 sunpkcs11-solaris.cfg -r--r--r-- 1 root root 2940 Aug 19 2009 local_policy.jar -r--r--r-- 1 root root 132 Aug 19 2009 javaws.policy -r--r--r-- 1 root root 10010 Aug 19 2009 java.security -r--r--r-- 1 root root 2221 Aug 19 2009 java.policy drwxr-xr-x 17 root root 1536 Aug 19 2009 ../ -rw-r--r-- 1 root root 848 Jul 27 2010 BuiltinObjectToken-VerisignClass3PublicPrimaryCertificationAuthority.crt -rw-r--r-- 1 root root 3902 Jul 27 2010 xxx.xxxhost.crt                               <----- 문제의 인증서 drwxr-xr-x 2 root root 512 Jul 27 2010 ./ -rw-r--r-- 1 root root 2150 Jul 27 2010 VeriSign,Inc..crt -r--r--r-- 1 root root 71415 Jul 27 2010 cacerts

OSB가 service provider의 client 입니다. 즉 OSB는 service provider를 호출하는 caller 였습니다.