ofbizssl.jks trusted certs not being found by framework

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

ofbizssl.jks trusted certs not being found by framework

Jeffl
Hi all,

I'm trying to access UPS and FedEx servers (ofbiz1104) and get certificate errors;  the ofbizssl.jks file is located in base/config.  

An error I see is:

2012-10-17 13:14:50,629 (http-0.0.0.0-8080-4) [         HttpClient.java:490:WARN ] Certificate error when accessing url [https://wwwcie.ups.com/ups.app/xml/Rate]: No trusted certificate found

If I list certs in the ofbizssl.jks keystore,  I see:

Alias name: wwwcie.ups.com (verisign class 3 secure server ca - g3)
Creation date: Oct 12, 2012
Entry type: trustedCertEntry

Owner: CN=wwwcie.ups.com, OU=J2EE, O=United Parcel Service, L=Mahwah, ST=New Jersey, C=US
Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Serial number: ...
Valid from: Thu Mar 01 16:00:00 PST 2012 until: Mon Apr 11 16:59:59 PDT 2016
Certificate fingerprints:
        ...
         Signature algorithm name: SHA1withRSA
         Version: 3

I tried exporting/reimporting to another .jks… no errors, all keys imported, but the new .jks doesn't work, either.

One curious thing I've discovered:  if I put a dummy env var into the keystoreFile value (in ofbiz-containers) such as "${flum}/...", I see an error in the log saying it can't find the path ".../runtime/catalina/${flum}/...". I tried putting a copy of the keystore in runtime/catalina/framework/base/config, but that didn't help.

Thanks,

Jeff
Reply | Threaded
Open this post in threaded view
|

Re: ofbizssl.jks trusted certs not being found by framework

Jacques Le Roux
Administrator
You might try these
https://cwiki.apache.org/confluence/display/OFBIZ/FAQ+-+Tips+-+Tricks+-+Cookbook+-+HowTo#FAQ-Tips-Tricks-Cookbook-HowTo-Certificate
https://cwiki.apache.org/confluence/display/OFBIZ/How+to+configure+authorize.net+certificates

Jacques

Jeff Lowery wrote:

> Hi all,
>
> I'm trying to access UPS and FedEx servers (ofbiz1104) and get certificate errors;  the ofbizssl.jks file is located in
> base/config.
>
> An error I see is:
>
> 2012-10-17 13:14:50,629 (http-0.0.0.0-8080-4) [         HttpClient.java:490:WARN ] Certificate error when accessing url
> [https://wwwcie.ups.com/ups.app/xml/Rate]: No trusted certificate found
>
> If I list certs in the ofbizssl.jks keystore,  I see:
>
> Alias name: wwwcie.ups.com (verisign class 3 secure server ca - g3)
> Creation date: Oct 12, 2012
> Entry type: trustedCertEntry
>
> Owner: CN=wwwcie.ups.com, OU=J2EE, O=United Parcel Service, L=Mahwah, ST=New Jersey, C=US
> Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust
> Network, O="VeriSign, Inc.", C=US
> Serial number: ...
> Valid from: Thu Mar 01 16:00:00 PST 2012 until: Mon Apr 11 16:59:59 PDT 2016
> Certificate fingerprints:
> ...
> Signature algorithm name: SHA1withRSA
> Version: 3
>
> I tried exporting/reimporting to another .jks… no errors, all keys imported, but the new .jks doesn't work, either.
>
> One curious thing I've discovered:  if I put a dummy env var into the keystoreFile value (in ofbiz-containers) such as
> "${flum}/...", I see an error in the log saying it can't find the path ".../runtime/catalina/${flum}/...". I tried putting a copy
> of the keystore in runtime/catalina/framework/base/config, but that didn't help.  
>
> Thanks,
>
> Jeff