HELP:Regarding CAed SSL certificate!

Discussions

General J2EE: HELP:Regarding CAed SSL certificate!

  1. HELP:Regarding CAed SSL certificate! (1 messages)

    Hi, I have come across with following SSLHandshake error: D:\eserver1\bin>d:\eserver1\engine\jdk\bin\java.exe -cp d:/eserver1/share\system\cartridges\core\release\lib\core.jar;d:/eserver1/share\system\cartridges\ac_cxml\release\lib\ac_cxml.jar com.intershop.adapter.cxml.capi.util.Tester https://ebsi-dell08/is-bin/INTERSHOP.enfinity/WFS/PrimeTech-CorporateLarge-Site/en_US/-/USD/ProcessCXMLPunchOutSetup-Start POSetup1.xml "C:\Program Files\Internet Explorer\iexplore.exe" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:840) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230) at com.intershop.adapter.cxml.capi.util.Tester.start(Tester.java:78) at com.intershop.adapter.cxml.capi.util.Tester.main(Tester.java:40) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) at sun.security.validator.Validator.validate(Validator.java:203) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841) ... 13 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) ... 18 more The above error occured while working with one of our E-Commerce application and it requires "CAed SSL Certificate".Could anyone help me regarding this "CAed SSL Certificate". Regards Samir Swarup samir dot swarup at eperiumindia dot com samir.swarup07@gmail.com
  2. You JAVA JVM doesn't trust the CA for the URL you are accessing. You need to add the SSL Certificate of the URL you are trying to contact to the cacerts file in your Java JVM. First you need to get the certificate. To do this point your browser at the URL (https://ebsi-dell08/is-bin/INTERSHOP.enfinity/WFS/PrimeTech-CorporateLarge-Site/en_US/-/USD/ProcessCXMLPunchOutSetup-Start) then extract the certificate into a file on your PC using the browsers tools. For IE 7/8 you would click on the lock and show certificates. Find the highest certificate in the chain (the Root Certificate) and select it. Click on the Details tab and the 'Copy to File' button. Follow the wizard and save the file as DER encoded X.509. For example: enfinity.cer. Now you need to import it into cacerts. your JAVA is installed at D:\eserver1\engine\jdk. Lets say you saved the certificate at C:\enfinity.cer. Lets also say your cacerts file path is D:\eserver1\engine\jdk\security\cacerts, and your cacerts password is the 'changeit' (the default). Try this command to update cacert: D:\eserver1\engine\jdk\bin\keytool.exe -import -trustcacerts -alias enfinityrootca -keystore D:\eserver1\engine\jdk\security\cacerts -file C:\enfinity.cer -storepass changeit The prompts are pretty straight forward. You will need to restart your app server.