OFBiz › OFBiz - User

UPS connection SSL Certificate Error

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

6 messages Options

Robert Gan

UPS connection SSL Certificate Error

HEy guys,

I am just testing the UPS implementation. I get an log error that the certificate is not trusted. Is a fully trusted cert needed? Cause I am still on testings and implementations, and do not want to put the site online on a real TLD.

So I am working from localhost, so its difficult to get a cert for localhost :)

Is that the reason for the UPS error, or should UPS work without an SSL Cert, so that I can test it?

3396933 [http-bio-0.0.0.0-443-exec-20] WARN org.ofbiz.base.util.HttpClient -
---- exception report ----------------------------------------------------------
Exception: java.security.cert.CertificateException
Message: No trusted certificate found
---- stack trace ---------------------------------------------------------------
java.security.cert.CertificateException: No trusted certificate found
org.ofbiz.base.util.MultiTrustManager.checkServerTrusted(MultiTrustManager.java:70)
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1160)
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
sun.security.ssl.Handshaker.processLoop(Handshaker.java:609)
sun.security.ssl.Handshaker.process_record(Handshaker.java:545)
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:963)
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1208)
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1235)
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1219)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:979)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
org.ofbiz.base.util.HttpClient.sendHttpRequestStream(HttpClient.java:478)
org.ofbiz.base.util.HttpClient.sendHttpRequestStream(HttpClient.java:398)
org.ofbiz.base.util.HttpClient.sendHttpRequest(HttpClient.java:340)
org.ofbiz.base.util.HttpClient.post(HttpClient.java:260)
org.ofbiz.shipment.thirdparty.ups.UpsServices.sendUpsRequest(UpsServices.java:1991)
org.ofbiz.shipment.thirdparty.ups.UpsServices.upsShipmentConfirm(UpsServices.java:648)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:616)

....end so on ...

Robert Gan

Re: UPS connection SSL Certificate Error

edit:

the error ends with the following:

3397373 [http-bio-0.0.0.0-443-exec-20] INFO org.ofbiz.base.util.SSLUtil - Trusting (un-trusted) server certificate chain:
3397373 [http-bio-0.0.0.0-443-exec-20] INFO org.ofbiz.base.util.SSLUtil - ---- CN=wwwcie.ups.com,OU=J2EE,O=United Parcel Service,L=Mahwah,ST=New Jersey,C=US valid: Tue Apr 12 01:59:59 CEST 2016
3397373 [http-bio-0.0.0.0-443-exec-20] INFO org.ofbiz.base.util.SSLUtil - ---- CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US valid: Sat Feb 08 00:59:59 CET 2020
3397373 [http-bio-0.0.0.0-443-exec-20] INFO org.ofbiz.base.util.SSLUtil - ---- CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US valid: Mon Nov 08 00:59:59 CET 2021
3398427 [http-bio-0.0.0.0-443-exec-20] ERROR org.ofbiz.service.ServiceDispatcher - Error in Service [upsShipmentConfirm]: FacilityShipmentUpsShipmentConfirmFailed, FacilityShipmentUpsErrorMessage.
3398474 [http-bio-0.0.0.0-443-exec-20] ERROR org.ofbiz.webapp.control.RequestHandler - Request upsShipmentConfirm caused an error with the following message: [FacilityShipmentUpsShipmentConfirmFailed, FacilityShipmentUpsErrorMessage. ]

Rajbir Saini

Re: UPS connection SSL Certificate Error

Hi,

Generally this happens when no root CA certificate is found in JDK key
store. This also means if UPS server is not using a certificate sign by
well known CA, you will see this error. One way to verify the
certificates to open the URL you are trying to connect in the browser
and check if you see an error. If you do, it means this certificate s
either self signed or not signed by well known CA or the Root CA is
missing even in the browser certificate store.

To make it work in test environment (This is not advised for
production), you can export the certificate with browser export function
and then import it in your JDK using keytool.

Thanks,

Raj

On Monday 04 March 2013 08:22 PM, Robert G. wrote:

> edit:
>
> the error ends with the following:
> /
> 3397373 [http-bio-0.0.0.0-443-exec-20] INFO org.ofbiz.base.util.SSLUtil -
> Trusting (un-trusted) server certificate chain:
> 3397373 [http-bio-0.0.0.0-443-exec-20] INFO org.ofbiz.base.util.SSLUtil -
> ---- CN=wwwcie.ups.com,OU=J2EE,O=United Parcel Service,L=Mahwah,ST=New
> Jersey,C=US valid: Tue Apr 12 01:59:59 CEST 2016
> 3397373 [http-bio-0.0.0.0-443-exec-20] INFO org.ofbiz.base.util.SSLUtil -
> ---- CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at
> https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\,
> Inc.,C=US valid: Sat Feb 08 00:59:59 CET 2020
> 3397373 [http-bio-0.0.0.0-443-exec-20] INFO org.ofbiz.base.util.SSLUtil -
> ---- CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c)
> 2006 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust
> Network,O=VeriSign\, Inc.,C=US valid: Mon Nov 08 00:59:59 CET 2021
> 3398427 [http-bio-0.0.0.0-443-exec-20] ERROR
> org.ofbiz.service.ServiceDispatcher - Error in Service [upsShipmentConfirm]:
> FacilityShipmentUpsShipmentConfirmFailed, FacilityShipmentUpsErrorMessage.
> 3398474 [http-bio-0.0.0.0-443-exec-20] ERROR
> org.ofbiz.webapp.control.RequestHandler - Request upsShipmentConfirm caused
> an error with the following message:
> [FacilityShipmentUpsShipmentConfirmFailed, FacilityShipmentUpsErrorMessage.
> ]
> /
>
>
>
> --
> View this message in context: http://ofbiz.135035.n4.nabble.com/UPS-connection-SSL-Certificate-Error-tp4639681p4639682.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
>

Robert Gan

Re: UPS connection SSL Certificate Error

I see, thank you.

The problem is, that I am working localy, so the certificate would not fit to my localhost, so this is not trusted eather. What can I do?
Or do I really have to put it on my TLD and buy the cert, cause I think a self signed is not trusted as well.

Robert Gan

Re: UPS connection SSL Certificate Error

In reply to this post by Rajbir Saini

hey guys,

it seems that it works also without the encryption. The error still occurs but I am a step further.

Now I get the error from UPS:

Error in Service [upsShipmentConfirm]: The UPS ShipmentConfirm failed, An error occurred [code:120542] with severity Hard: Package/ReferenceNumber is not allowed for this shipment.

I ship from Germany to a destination in germany. SO it says me that a reference number is not allowed. I use the service code 11 for standard shippment.

In production environment we still use Worldship 12 and we can set reference numbers there for standard service, so what is going wrong here?

do someone know sth?

Robert Gan

Re: UPS connection SSL Certificate Error

UPS just told me, that the ref no. on xml package layer is only valid for US, so I have to us the shippment layer in xml.

thats it