Users - Cybersource and SSL problems

>Charles,
>
>Cybersource's gateway's SSL certificate just expired.  Attached is the new
>cert we were given by them.  Add this to your truststore and you should be
>fine.
>
>$ keytool -import -v -file entrust_ssl_ca.cer -keystore
>OFBIZ_HOME/base/config/ofbiztrust.jks
>
> - Lon
>
>-----Original Message-----
>From: [hidden email] [mailto:[hidden email]]
>On Behalf Of Charles Johnson
>Sent: Wednesday, January 04, 2006 11:59 AM
>To: [hidden email]
>Subject: [OFBiz] Users - Cybersource and SSL problems
>
>I keep getting the following exceptions (from cybersource.log):
>
>2006-01-04 12:25:02.426 http-0.0.0.0-8443-Processor2 INFO     > Signing
>request...
>2006-01-04 12:25:09.606 http-0.0.0.0-8443-Processor2 EXCEPTION>
>ClientException details:
>innerException:
>javax.net.ssl.SSLHandshakeException:
>sun.security.validator.ValidatorException: No trusted certificate found
>        at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
>        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
>        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
>        at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
>        at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
>        at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
>        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
>        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
>        at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
>        at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275)
>        at
>sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA
>12275)
>        at
>sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnectio
>n.java:569)
>        at
>sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(DashoA1227
>5)
>        at
>com.cybersource.ws.client.BaseClient.sendRequest(BaseClient.java:56)
>        at com.cybersource.ws.client.Client.runTransaction(Client.java:106)
>        at com.cybersource.ws.client.Client.runTransaction(Client.java:53)
>        
>
>
>I wonder if someone with Cybersource working can verify their security
>settings vis-a-vis certificates?
>Mine are below for what it's worth:
>
>C:\j2sdk1.4.2_09\jre\lib\security>keytool -list -keystore cacerts | grep -A
>1 cyber Enter keystore password:  changeit gtecybertrustroot, 03-Jan-2006,
>trustedCertEntry, Certificate fingerprint (MD5):
>C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
>--
>gtecybertrustglobalca, 10-May-2002, trustedCertEntry, Certificate
>fingerprint (MD5):
>CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
>--
>gtecybertrustca, 10-May-2002, trustedCertEntry, Certificate fingerprint
>(MD5):
>C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
>--
>baltimorecybertrustca, 10-May-2002, trustedCertEntry, Certificate
>fingerprint (MD5):
>AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4
>--
>gtecybertrust5ca, 10-May-2002, trustedCertEntry, Certificate fingerprint
>(MD5):
>7D:6C:86:E4:FC:4D:D1:0B:00:BA:22:BB:4E:7C:6A:8E
>
>
>
>C:\ofbiz>keytool -list -keystore base\config\ofbizcerts.jks | grep -A 1
>cyber Enter keystore password:  changeit gtecybertrustroot, 04-Jan-2006,
>trustedCertEntry, Certificate fingerprint (MD5):
>C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
>
>
>CJ
>
>
>_______________________________________________
>Users mailing list
>[hidden email]
>http://lists.ofbiz.org/mailman/listinfo/users
>  
>
>------------------------------------------------------------------------
>
>
>_______________________________________________
>Users mailing list
>[hidden email]
>http://lists.ofbiz.org/mailman/listinfo/users
>
>------------------------------------------------------------------------
>
>No virus found in this incoming message.
>Checked by AVG Free Edition.
>Version: 7.1.371 / Virus Database: 267.14.12/220 - Release Date: 03/01/2006
>
>  
>

>Charles,
>
>Cybersource's gateway's SSL certificate just expired.  Attached is the
>new cert we were given by them.  Add this to your truststore and you
>should be fine.
>
>$ keytool -import -v -file entrust_ssl_ca.cer -keystore
>OFBIZ_HOME/base/config/ofbiztrust.jks
>
> - Lon
>
>-----Original Message-----
>From: [hidden email]
>[mailto:[hidden email]]
>On Behalf Of Charles Johnson
>Sent: Wednesday, January 04, 2006 11:59 AM
>To: [hidden email]
>Subject: [OFBiz] Users - Cybersource and SSL problems
>
>I keep getting the following exceptions (from cybersource.log):
>
>2006-01-04 12:25:02.426 http-0.0.0.0-8443-Processor2 INFO     > Signing
>request...
>2006-01-04 12:25:09.606 http-0.0.0.0-8443-Processor2 EXCEPTION>
>ClientException details:
>innerException:
>javax.net.ssl.SSLHandshakeException:
>sun.security.validator.ValidatorException: No trusted certificate found
>        at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
>        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
>        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
>        at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
>        at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
>        at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
>        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
>        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
>        at
>com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
>        at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275)
>        at
>sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(D
>ashoA
>12275)
>        at
>sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConn
>ectio
>n.java:569)
>        at
>sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Dasho
>A1227
>5)
>        at
>com.cybersource.ws.client.BaseClient.sendRequest(BaseClient.java:56)
>        at com.cybersource.ws.client.Client.runTransaction(Client.java:106)
>        at
>com.cybersource.ws.client.Client.runTransaction(Client.java:53)
>        
>
>
>I wonder if someone with Cybersource working can verify their security
>settings vis-a-vis certificates?
>Mine are below for what it's worth:
>
>C:\j2sdk1.4.2_09\jre\lib\security>keytool -list -keystore cacerts |
>grep -A
>1 cyber Enter keystore password:  changeit gtecybertrustroot,
>03-Jan-2006, trustedCertEntry, Certificate fingerprint (MD5):
>C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
>--
>gtecybertrustglobalca, 10-May-2002, trustedCertEntry, Certificate
>fingerprint (MD5):
>CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
>--
>gtecybertrustca, 10-May-2002, trustedCertEntry, Certificate fingerprint
>(MD5):
>C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
>--
>baltimorecybertrustca, 10-May-2002, trustedCertEntry, Certificate
>fingerprint (MD5):
>AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4
>--
>gtecybertrust5ca, 10-May-2002, trustedCertEntry, Certificate
>fingerprint
>(MD5):
>7D:6C:86:E4:FC:4D:D1:0B:00:BA:22:BB:4E:7C:6A:8E
>
>
>
>C:\ofbiz>keytool -list -keystore base\config\ofbizcerts.jks | grep -A 1
>cyber Enter keystore password:  changeit gtecybertrustroot,
>04-Jan-2006, trustedCertEntry, Certificate fingerprint (MD5):
>C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
>
>
>CJ
>
>
>_______________________________________________
>Users mailing list
>[hidden email]
>http://lists.ofbiz.org/mailman/listinfo/users
>  
>
>-----------------------------------------------------------------------
>-
>
>
>_______________________________________________
>Users mailing list
>[hidden email]
>http://lists.ofbiz.org/mailman/listinfo/users
>
>-----------------------------------------------------------------------
>-
>
>No virus found in this incoming message.
>Checked by AVG Free Edition.
>Version: 7.1.371 / Virus Database: 267.14.12/220 - Release Date:
>03/01/2006
>
>  
>

>CJ,
>
>Diff gateway? Diff cert? No SSL?
>
> - Lon
>
>-----Original Message-----
>From: [hidden email] [mailto:[hidden email]]
>On Behalf Of Charles Johnson
>Sent: Wednesday, January 04, 2006 12:31 PM
>To: OFBiz Users / Usage Discussion
>Subject: Re: [OFBiz] Users - Cybersource and SSL problems
>
>Thanks Lon, i'll give that a try. I wonder then why their (Cybersource)
>sample app appears to work?
>
>CJ
>
>Lon F. Binder wrote:
>
>  
>
>>Charles,
>>
>>Cybersource's gateway's SSL certificate just expired.  Attached is the
>>new cert we were given by them.  Add this to your truststore and you
>>should be fine.
>>
>>$ keytool -import -v -file entrust_ssl_ca.cer -keystore
>>OFBIZ_HOME/base/config/ofbiztrust.jks
>>
>>- Lon
>>
>>-----Original Message-----
>>From: [hidden email]
>>[mailto:[hidden email]]
>>On Behalf Of Charles Johnson
>>Sent: Wednesday, January 04, 2006 11:59 AM
>>To: [hidden email]
>>Subject: [OFBiz] Users - Cybersource and SSL problems
>>
>>I keep getting the following exceptions (from cybersource.log):
>>
>>2006-01-04 12:25:02.426 http-0.0.0.0-8443-Processor2 INFO     > Signing
>>request...
>>2006-01-04 12:25:09.606 http-0.0.0.0-8443-Processor2 EXCEPTION>
>>ClientException details:
>>innerException:
>>javax.net.ssl.SSLHandshakeException:
>>sun.security.validator.ValidatorException: No trusted certificate found
>>       at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
>>       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
>>       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
>>       at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
>>       at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
>>       at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
>>       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
>>       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
>>       at
>>com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
>>       at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275)
>>       at
>>sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(D
>>ashoA
>>12275)
>>       at
>>sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConn
>>ectio
>>n.java:569)
>>       at
>>sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Dasho
>>A1227
>>5)
>>       at
>>com.cybersource.ws.client.BaseClient.sendRequest(BaseClient.java:56)
>>       at com.cybersource.ws.client.Client.runTransaction(Client.java:106)
>>       at
>>com.cybersource.ws.client.Client.runTransaction(Client.java:53)
>>      
>>
>>
>>I wonder if someone with Cybersource working can verify their security
>>settings vis-a-vis certificates?
>>Mine are below for what it's worth:
>>
>>C:\j2sdk1.4.2_09\jre\lib\security>keytool -list -keystore cacerts |
>>grep -A
>>1 cyber Enter keystore password:  changeit gtecybertrustroot,
>>03-Jan-2006, trustedCertEntry, Certificate fingerprint (MD5):
>>C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
>>--
>>gtecybertrustglobalca, 10-May-2002, trustedCertEntry, Certificate
>>fingerprint (MD5):
>>CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
>>--
>>gtecybertrustca, 10-May-2002, trustedCertEntry, Certificate fingerprint
>>(MD5):
>>C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
>>--
>>baltimorecybertrustca, 10-May-2002, trustedCertEntry, Certificate
>>fingerprint (MD5):
>>AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4
>>--
>>gtecybertrust5ca, 10-May-2002, trustedCertEntry, Certificate
>>fingerprint
>>(MD5):
>>7D:6C:86:E4:FC:4D:D1:0B:00:BA:22:BB:4E:7C:6A:8E
>>
>>
>>
>>C:\ofbiz>keytool -list -keystore base\config\ofbizcerts.jks | grep -A 1
>>cyber Enter keystore password:  changeit gtecybertrustroot,
>>04-Jan-2006, trustedCertEntry, Certificate fingerprint (MD5):
>>C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
>>
>>
>>CJ
>>
>>
>>_______________________________________________
>>Users mailing list
>>[hidden email]
>>http://lists.ofbiz.org/mailman/listinfo/users
>>
>>
>>-----------------------------------------------------------------------
>>-
>>
>>
>>_______________________________________________
>>Users mailing list
>>[hidden email]
>>http://lists.ofbiz.org/mailman/listinfo/users
>>
>>-----------------------------------------------------------------------
>>-
>>
>>No virus found in this incoming message.
>>Checked by AVG Free Edition.
>>Version: 7.1.371 / Virus Database: 267.14.12/220 - Release Date:
>>03/01/2006
>>
>>
>>
>>    
>>
>
>
>_______________________________________________
>Users mailing list
>[hidden email]
>http://lists.ofbiz.org/mailman/listinfo/users
>
>
>_______________________________________________
>Users mailing list
>[hidden email]
>http://lists.ofbiz.org/mailman/listinfo/users
>
>
>  
>

>The first perhaps. Definitely not the second, and probably not the
>third. I might look into the first
>
>CJ
>
>Lon F. Binder wrote:
>
>  
>
>>CJ,
>>
>>Diff gateway? Diff cert? No SSL?
>>
>>- Lon
>>
>>-----Original Message-----
>>From: [hidden email] [mailto:[hidden email]]
>>On Behalf Of Charles Johnson
>>Sent: Wednesday, January 04, 2006 12:31 PM
>>To: OFBiz Users / Usage Discussion
>>Subject: Re: [OFBiz] Users - Cybersource and SSL problems
>>
>>Thanks Lon, i'll give that a try. I wonder then why their (Cybersource)
>>sample app appears to work?
>>
>>CJ
>>
>>Lon F. Binder wrote:
>>
>>
>>
>>    
>>
>>>Charles,
>>>
>>>Cybersource's gateway's SSL certificate just expired.  Attached is the
>>>new cert we were given by them.  Add this to your truststore and you
>>>should be fine.
>>>
>>>$ keytool -import -v -file entrust_ssl_ca.cer -keystore
>>>OFBIZ_HOME/base/config/ofbiztrust.jks
>>>
>>>- Lon
>>>
>>>-----Original Message-----
>>>From: [hidden email]
>>>[mailto:[hidden email]]
>>>On Behalf Of Charles Johnson
>>>Sent: Wednesday, January 04, 2006 11:59 AM
>>>To: [hidden email]
>>>Subject: [OFBiz] Users - Cybersource and SSL problems
>>>
>>>I keep getting the following exceptions (from cybersource.log):
>>>
>>>2006-01-04 12:25:02.426 http-0.0.0.0-8443-Processor2 INFO     > Signing
>>>request...
>>>2006-01-04 12:25:09.606 http-0.0.0.0-8443-Processor2 EXCEPTION>
>>>ClientException details:
>>>innerException:
>>>javax.net.ssl.SSLHandshakeException:
>>>sun.security.validator.ValidatorException: No trusted certificate found
>>>      at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
>>>      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
>>>      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
>>>      at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
>>>      at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
>>>      at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
>>>      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
>>>      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
>>>      at
>>>com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
>>>      at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275)
>>>      at
>>>sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(D
>>>ashoA
>>>12275)
>>>      at
>>>sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConn
>>>ectio
>>>n.java:569)
>>>      at
>>>sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Dasho
>>>A1227
>>>5)
>>>      at
>>>com.cybersource.ws.client.BaseClient.sendRequest(BaseClient.java:56)
>>>      at com.cybersource.ws.client.Client.runTransaction(Client.java:106)
>>>      at
>>>com.cybersource.ws.client.Client.runTransaction(Client.java:53)
>>>      
>>>
>>>
>>>I wonder if someone with Cybersource working can verify their security
>>>settings vis-a-vis certificates?
>>>Mine are below for what it's worth:
>>>
>>>C:\j2sdk1.4.2_09\jre\lib\security>keytool -list -keystore cacerts |
>>>grep -A
>>>1 cyber Enter keystore password:  changeit gtecybertrustroot,
>>>03-Jan-2006, trustedCertEntry, Certificate fingerprint (MD5):
>>>C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
>>>--
>>>gtecybertrustglobalca, 10-May-2002, trustedCertEntry, Certificate
>>>fingerprint (MD5):
>>>CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
>>>--
>>>gtecybertrustca, 10-May-2002, trustedCertEntry, Certificate fingerprint
>>>(MD5):
>>>C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
>>>--
>>>baltimorecybertrustca, 10-May-2002, trustedCertEntry, Certificate
>>>fingerprint (MD5):
>>>AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4
>>>--
>>>gtecybertrust5ca, 10-May-2002, trustedCertEntry, Certificate
>>>fingerprint
>>>(MD5):
>>>7D:6C:86:E4:FC:4D:D1:0B:00:BA:22:BB:4E:7C:6A:8E
>>>
>>>
>>>
>>>C:\ofbiz>keytool -list -keystore base\config\ofbizcerts.jks | grep -A 1
>>>cyber Enter keystore password:  changeit gtecybertrustroot,
>>>04-Jan-2006, trustedCertEntry, Certificate fingerprint (MD5):
>>>C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
>>>
>>>
>>>CJ
>>>
>>>
>>>_______________________________________________
>>>Users mailing list
>>>[hidden email]
>>>http://lists.ofbiz.org/mailman/listinfo/users
>>>
>>>
>>>-----------------------------------------------------------------------
>>>-
>>>
>>>
>>>_______________________________________________
>>>Users mailing list
>>>[hidden email]
>>>http://lists.ofbiz.org/mailman/listinfo/users
>>>
>>>-----------------------------------------------------------------------
>>>-
>>>
>>>No virus found in this incoming message.
>>>Checked by AVG Free Edition.
>>>Version: 7.1.371 / Virus Database: 267.14.12/220 - Release Date:
>>>03/01/2006
>>>
>>>
>>>
>>>  
>>>
>>>      
>>>
>>_______________________________________________
>>Users mailing list
>>[hidden email]
>>http://lists.ofbiz.org/mailman/listinfo/users
>>
>>
>>_______________________________________________
>>Users mailing list
>>[hidden email]
>>http://lists.ofbiz.org/mailman/listinfo/users
>>
>>
>>
>>
>>    
>>
>
>
>_______________________________________________
>Users mailing list
>[hidden email]
>http://lists.ofbiz.org/mailman/listinfo/users
>
>
>  
>