| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| SSL Certificate Chaining error |
« View previous topic :: View next topic » |
| Author |
Message
|
| kirankinnu |
 Posted: Wed Jul 08, 2009 7:36 am Post subject: SSL Certificate Chaining error |
 |
|
Centurion
Joined: 12 Jun 2004
Posts: 128
Location: Chicago, IL
|
Hello Folks,
I am getting the below error while calling a https url:
"Text:CHARACTER:javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=XXXXX Root, OU=IT, O=XXXXX, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error".
I couldnt figure out the source of the error. If I understood correctly, Somewhere i am setting the path wrongly. I couldn't figure out where to set the Certification Path. I went thru the steps for adding certificates to the cacerts file. Here is the command that i ran before making https requests:
C:\Program Files\IBM\MQSI\6.1\jre15\lib\security>"%MQSI_FILEPATH%\jre15\bin\keytool" -import -alias mykey -file test.cer -keystore "C:
\Program Files\IBM\MQSI\6.1\jre15\lib\security\cacerts" -storepass changeit
Please do let me know if I missed any configuration.
Thank you,
Kiran |
|
| Back to top |
|
 |
| broker_new |
| Posted: Wed Jul 08, 2009 8:46 am Post subject: |
|
|
Yatiri
Joined: 30 Nov 2006
Posts: 614
Location: Washington DC
|
Check out
http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg21369939
The way i fixed that problem was, i have re imported the Root certificate, intermediate and the personal certificate created for your host.
I got this problem when i have missed out importing the personal.
_________________
IBM ->Let's build a smarter planet |
|
| Back to top |
|
|
| integration |
| Posted: Wed Jun 26, 2013 12:54 am Post subject: |
|
|
Apprentice
Joined: 26 Jun 2007
Posts: 32
|
Hi Kiran,
Even I am getting the same error. We have added the additional certificates also.
Could you please let me know how the issue was resolved?
Thanks in advance |
|
| Back to top |
|
|
| lancelotlinc |
| Posted: Wed Jun 26, 2013 2:53 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
| integration wrote: |
Hi Kiran,
Even I am getting the same error. We have added the additional certificates also.
Could you please let me know how the issue was resolved?
Thanks in advance |
1. Don't open old posts.
2. Start your own post with information about what you have done to troubleshoot the problem.
3. Make sure your root certificates are not expired and that all certificates in the chain are present in your truststore.
4. Don't use the same JKS file for both keystore and truststore. You must have individual JKS files for each.
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
