I just downloaded the sample java code from the Yodlee site and I incorporated that into my web application. When I try to run, I error out on the Cobrand login:
Validating Cobrand by Connecting to URL https://rest.developer.yodlee.com/services/srest/restserver/v1.0/authenticate/coblogin
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I believe the issue is that my development environment (JDeveloper) doesn't have Yodlee's SSL certificate. I've searched the Yodlee site but I don't see any mention of test SSL certificates that I can import/reference.
I created similar code for an OFX connection, and had the same issue. That solution was to create an EventListener and then ignore SSL:
public void SSLServerAuthentication(InvstatementSSLServerAuthenticationEvent invstatementSSLServerAuthenticationEvent) {
invstatementSSLServerAuthenticationEvent.accept = true;
}
I also can't find any information on a Yodlee event listener base class.
How is everyone else getting around this issue? I assume that once I deploy this to my production environment, I'll have to import the Yodlee SSL certificate into my WebLogic cert store... but one problem at a time for now :)
[EDIT] ANSWERED
I fixed this issue by changing the location that JDeveloper is using for it's keystore.
It was ..../DemoTrust.jks and I changed it to:
C:\Oracle\Middleware11116\jdk160_24\jre\lib\security\cacerts
This is under Tools / Preferences / Credentials
I was told that DemoTrust.jks doesn't have many signing authorities in it and cacerts does. I will also need to make sure my production WebLogic server is using cacerts and not DemoTrust. Apparently in the start up of WebLogic, you'll get a big warning if you're pointing to DemoTrust.
ANSWER [Sorry for the duplication, but I should have "Answered" my question and not edited the answer into the question]
I fixed this issue by changing the location that JDeveloper is using for it's keystore. It was ..../DemoTrust.jks and I changed it to: C:\Oracle\Middleware11116\jdk160_24\jre\lib\security\cacerts This is under Tools / Preferences / Credentials
I was told that DemoTrust.jks doesn't have many signing authorities in it and cacerts does. I will also need to make sure my production WebLogic server is using cacerts and not DemoTrust. Apparently in the start up of WebLogic, you'll get a big warning if you're pointing to DemoTrust.
Chris