Service Bus 12c– Two way SSL

In this post, we will see how to enable two-way SSL in Service Bus 12c. The steps mentioned here have to be performed in addition to steps mentioned in the previous post.

Navigate to Servers –> osb_server1 –> SSL in WLS Admin Console. Expand Advanced section and set Two Way Client Cert Behavior as shown below. This would enforce WLS to request the Client certificate during SSL handshake and will result into an error if the client certificate is not present in trust store.


Now create a keystore clientkeystore1.jks using following command and will  be used in SOAP UI.

keytool -genkeypair -keyalg RSA -alias localclient1 -keystore clientkeystore1.jks -storepass cljks123 -validity 360 -keysize 2048

Set global SSL Settings in SOAP UI as shown below by navigating to File –> Preferences. Specify the above created keystore and  password.


Restart OSB managed server. Now if you test your Proxy Service from SOAP UI, you would see an error like below in the server log as the trust store does not have the client certificate.


So export and import corresponding Client Certificate into the OSB trust store using following commands.

keytool -exportcert -alias localclient1 -keystore clientkeystore1.jks -file localclient1.cer

keytool -importcert -alias localclient1 -keystore osbkeystore.jks -file localclient1.cer


Now test your Proxy Service from SOAP UI and you would see the response as expected without any error. And now the server log will be shown like below.


Please note that above logs are generated when following JVM options are set in setDomainEnv.cmd file for EXTRA_JAVA_PROPERTIES.

           -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true


3 Responses to “Service Bus 12c– Two way SSL”

  1. 1 Ashley Leonard November 8, 2017 at 2:36 PM

    I am trying this in 12.2.1 for inbound proxy service OSB and getting 403 forbidden.

  1. 1 Service Bus 12c – Series of Articles | Siva's Blog Trackback on March 31, 2015 at 6:01 PM

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 379 other subscribers

Enter your email address to follow this blog and receive notifications of new posts by email.

%d bloggers like this: