Re: Users - Cybersource and SSL problems
Posted by Lon F. Binder-2 on Jan 04, 2006; 5:21pm
URL: http://ofbiz.116.s1.nabble.com/Users-Cybersource-and-SSL-problems-tp136839p136844.html
Charles,
Cybersource's gateway's SSL certificate just expired. Attached is the new
cert we were given by them. Add this to your truststore and you should be
fine.
$ keytool -import -v -file entrust_ssl_ca.cer -keystore
OFBIZ_HOME/base/config/ofbiztrust.jks
- Lon
-----Original Message-----
From: [hidden email] [mailto:[hidden email]]
On Behalf Of Charles Johnson
Sent: Wednesday, January 04, 2006 11:59 AM
To: [hidden email]
Subject: [OFBiz] Users - Cybersource and SSL problems
I keep getting the following exceptions (from cybersource.log):
2006-01-04 12:25:02.426 http-0.0.0.0-8443-Processor2 INFO > Signing
request...
2006-01-04 12:25:09.606 http-0.0.0.0-8443-Processor2 EXCEPTION>
ClientException details:
innerException:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA
12275)
at
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnectio
n.java:569)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(DashoA1227
5)
at
com.cybersource.ws.client.BaseClient.sendRequest(BaseClient.java:56)
at com.cybersource.ws.client.Client.runTransaction(Client.java:106)
at com.cybersource.ws.client.Client.runTransaction(Client.java:53)
I wonder if someone with Cybersource working can verify their security
settings vis-a-vis certificates?
Mine are below for what it's worth:
C:\j2sdk1.4.2_09\jre\lib\security>keytool -list -keystore cacerts | grep -A
1 cyber Enter keystore password: changeit gtecybertrustroot, 03-Jan-2006,
trustedCertEntry, Certificate fingerprint (MD5):
C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
--
gtecybertrustglobalca, 10-May-2002, trustedCertEntry, Certificate
fingerprint (MD5):
CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
--
gtecybertrustca, 10-May-2002, trustedCertEntry, Certificate fingerprint
(MD5):
C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
--
baltimorecybertrustca, 10-May-2002, trustedCertEntry, Certificate
fingerprint (MD5):
AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4
--
gtecybertrust5ca, 10-May-2002, trustedCertEntry, Certificate fingerprint
(MD5):
7D:6C:86:E4:FC:4D:D1:0B:00:BA:22:BB:4E:7C:6A:8E
C:\ofbiz>keytool -list -keystore base\config\ofbizcerts.jks | grep -A 1
cyber Enter keystore password: changeit gtecybertrustroot, 04-Jan-2006,
trustedCertEntry, Certificate fingerprint (MD5):
C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
CJ
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
URL: http://ofbiz.116.s1.nabble.com/Users-Cybersource-and-SSL-problems-tp136839p136844.html
Charles,
Cybersource's gateway's SSL certificate just expired. Attached is the new
cert we were given by them. Add this to your truststore and you should be
fine.
$ keytool -import -v -file entrust_ssl_ca.cer -keystore
OFBIZ_HOME/base/config/ofbiztrust.jks
- Lon
-----Original Message-----
From: [hidden email] [mailto:[hidden email]]
On Behalf Of Charles Johnson
Sent: Wednesday, January 04, 2006 11:59 AM
To: [hidden email]
Subject: [OFBiz] Users - Cybersource and SSL problems
I keep getting the following exceptions (from cybersource.log):
2006-01-04 12:25:02.426 http-0.0.0.0-8443-Processor2 INFO > Signing
request...
2006-01-04 12:25:09.606 http-0.0.0.0-8443-Processor2 EXCEPTION>
ClientException details:
innerException:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA
12275)
at
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnectio
n.java:569)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(DashoA1227
5)
at
com.cybersource.ws.client.BaseClient.sendRequest(BaseClient.java:56)
at com.cybersource.ws.client.Client.runTransaction(Client.java:106)
at com.cybersource.ws.client.Client.runTransaction(Client.java:53)
I wonder if someone with Cybersource working can verify their security
settings vis-a-vis certificates?
Mine are below for what it's worth:
C:\j2sdk1.4.2_09\jre\lib\security>keytool -list -keystore cacerts | grep -A
1 cyber Enter keystore password: changeit gtecybertrustroot, 03-Jan-2006,
trustedCertEntry, Certificate fingerprint (MD5):
C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
--
gtecybertrustglobalca, 10-May-2002, trustedCertEntry, Certificate
fingerprint (MD5):
CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
--
gtecybertrustca, 10-May-2002, trustedCertEntry, Certificate fingerprint
(MD5):
C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
--
baltimorecybertrustca, 10-May-2002, trustedCertEntry, Certificate
fingerprint (MD5):
AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4
--
gtecybertrust5ca, 10-May-2002, trustedCertEntry, Certificate fingerprint
(MD5):
7D:6C:86:E4:FC:4D:D1:0B:00:BA:22:BB:4E:7C:6A:8E
C:\ofbiz>keytool -list -keystore base\config\ofbizcerts.jks | grep -A 1
cyber Enter keystore password: changeit gtecybertrustroot, 04-Jan-2006,
trustedCertEntry, Certificate fingerprint (MD5):
C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
CJ
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
entrust_ssl_ca.zip (1K) | Free forum by Nabble | Edit this page |