Seeburger AS2 error: No Trusted Certificate found
Dear SAP experts,
Good day!
Need your expert advice regarding the error that I am getting in Seeburger AS2.
Here's the scenario:
SAP XI is sending messages to Trading Partner via AS2 adapter which resides in Seeburger.
I've trigerred already messages but they are getting this kind of error:
Delivery of the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # : javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER.
Kindly advice if there are missing or invalid certificates on both sides?
What would be the cause of the issue?
Many Thanks!
Godo
Godo,
I think you are using secure communication for your seeburger CC. Can you pls. check if you have installed(keystore) certifcate on J2EE engine and configured certificate provided by ftp client in your CC.
Also one more important thing,
Make sure that you have entry with ftp server name and correspoding ip address in hosts.inc on a system where your adapter engine resides.
Check detail error messsage at:
http://XI server : port / nwa --> Message Monitoring --> Logs and Trances and select DefaultTrace in second drop down list. You will find all events details with description. ( If you run your interface and check you will find recent activities on XI server. Hope this will give you much better picture)
Hope this will help.
Nilesh
Similar Messages
-
No trusted certificate found error while running a webservice
Hi,
I created a stub to a webservice and then tried to invoke the webservice using a simple java class
in JDeveloper. While running the java client to invoke the webservice i get this below mentioned error
SOAPException: faultCode=SOAP-ENV:IOException; msg=sun.security.validator.ValidatorException: No trusted certificate found; targetException=javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at org.apache.soap.SOAPException.<init>(SOAPException.java:78)
Kindly have a solution for what to be done on this.
Thanks,
Ramesh.R
Edited by: Ramesh_R on Jan 20, 2010 10:28 AMhave to import the certificate in the cacerts of the Jdev jre/lib/security/cacerts file
Edited by: Ramesh_R on 16-Jan-2011 02:40 -
Sun.security.validator.ValidatorException: No trusted certificate found
Hello,
I am using Java 1.6.0_04 (JBoss-4.2.2.GA application). My application implements a WS client which needs to integrate with an external Web Service. This communication needs to be handled through https.
I have created a jks keystore with the server certificate, and passed its details to JBoss through the System Properties:
-Djavax.net.ssl.trustStore=/Path-to-file -Djavax.net.ssl.trustStorePassword=password On my development environment I can call the Web Service correctly.
Although, on the production environment, I am getting the following exception:
javax.xml.ws.WebServiceException: java.io.IOException: Could not transmit message
at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:317)
at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:255)
at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164)
at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
at $Proxy171.send(Unknown Source)
at com.xpto.integration.SmsHelper.send(SmsHelper.java:57)
at com.xpto.services.sms.SMSSenderServiceMBean.run(SMSSenderServiceMBean.java:106)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.io.IOException: Could not transmit message
at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:204)
at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:337)
at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243)
... 6 more
Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker.
at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:
333)
at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:135)
at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
at org.jboss.remoting.Client.invoke(Client.java:1634)
at org.jboss.remoting.Client.invoke(Client.java:548)
at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:183)
... 9 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No truste
d certificate found
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLCo
nnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:23
0)
at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:
275)
... 14 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:2
09)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:2
49)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
... 26 more Both systems are configured with the same JBoss, JVM, ...
The certificate details are:
Owner=
CN=*...., OU=..., O=..., L=..., ST=..., C=PT
Issuer=
CN=..., O=..., C=PT
Version=3
Serial Number=BC81A81843E26C2597CD10354588F61E
Valid From=Monday, 3 March 2008 18:50
Valid Until=Tuesday, 3 March 2009 18:50
Signature Algorithm=SHA1withRSA
Fingerprints=
MD5: 0A:A6:89:92:A4:CF:17:74:7C:4E:20:63:6B:81:AE:85
SHA1: 35:01:74:8C:35:AB:9F:02:7B:23:3F:15:5E:73:C6:4D:DD:BB:C0:7A
Key Usage= critical
List:
. digitalSignature
. keyEncipherment
. dataEncipherment
. keyAgreement
Extended Key Usage= none
On production I have also tried adding the following properties:
-Djavax.net.ssl.keyStore=/Path-to-file -Djavax.net.ssl.keyStorePassword=password But I still get the error.
Any one has any hint for this problem? Is there any property which I can define to ignore untrusted certificates?
Any help would really be welcome.
Thanks in advance.
Best regards,
Victor BatistaHi,
Thanks for your prompt reply.
I have also tried to add all the chain of certificates on my truststore, although I get the exception:
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Mar 07 12:54:22 WET 2008
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:570)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:123)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
... 26 moreAnd all the certificates are valid.
I really don't understand what is going on.
Can I Ignore expired certificates? Any property?
When I use -Djavax.net.ssl.trustStore pointing to my keystore, will cacerts be also used?
Do I need to import all the certificates in the chain of the server, or the top most is sufficient?
The server where I am having the problem has limited connectivity. It should have connectivity to the issuers of the certificates, in order to validate them, or not?
Thanks in advance,
Victor -
No trusted certificate found (91);Cannot connect to the LDAP server
HI All,
I am trying to connect to LDAP server with the following code.
JSSESocketFactory fact = null;
private LDAPConnection conn = null;
String keystore = "C:\\j2sdk1.4.2_15\\jre\\lib\\security\\cacerts";
System.setProperty("javax.net.ssl.trustStore",keystore);
fact = new JSSESocketFactory(null);
conn = new LDAPConnection(fact);
int ldapVersion = 3;//LDAPConnection.LDAP_V3; //defualt values of LDAP settings
private int ldapPort = 636;
LDAPAttributeSet ldapAtrbSet;
String ldapHost;
String loginDN;
String loginDN_Password;
And it is gicving me error :
Error: netscape.ldap.LDAPException: SSL connection to 192.168.10.8:636, sun.security.validator.ValidatorException: No trusted certificate found (91); Cannot connect to the LDAP server
netscape.ldap.LDAPException: SSL connection to 192.168.10.8:636, sun.security.validator.ValidatorException: No trusted certificate found (91); Cannot connect to the LDAP server
at netscape.ldap.factory.JSSESocketFactory.makeSocket(JSSESocketFactory.java:105)
at netscape.ldap.LDAPConnSetupMgr.connectServer(LDAPConnSetupMgr.java:418)
at netscape.ldap.LDAPConnSetupMgr.openSerial(LDAPConnSetupMgr.java:350)
at netscape.ldap.LDAPConnSetupMgr.connect(LDAPConnSetupMgr.java:244)
at netscape.ldap.LDAPConnSetupMgr.openConnection(LDAPConnSetupMgr.java:170)
at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:1042)
at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:924)
at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:768)
at com.reflexis.LDAP.LdapTestSSL.createConnection(LdapTestSSL.java:522)
at com.reflexis.LDAP.LdapTestSSL.checkLdap(LdapTestSSL.java:118)
at com.reflexis.LDAP.LdapTestSSL.main(LdapTestSSL.java:52)
Unable to connect to LDAP server
I have imported atr certificate also by using command:
"keytool -import -alias jag -file c:\x225.cer -keystore c:\j
2sdk1.4.2_15\jre\lib\security\cacerts"
I am running my java code from eclipse. And do i have to set any thing in eclipse for certificate. I Have imported certificate from command prompt.
Can any one please help me.It is very important for me.
Please its very urgent.
THanks,
Ankush PatniAs previously said network is a possible cause.Other things could be time on filer is too far off time on DC.AD object for filer has been deleted or change by a Windows admin.If all users are experiencing a problem, you may need to rebind it to AD - run CIFS setup at command prompt
-
Can write, can't read from SSLSocket. No trusted certificate found
Hello!
We have to use an ssl connection to talk to another application. The exception is generated when trying to read from the socket. Creation and writing don't generate any errors and I can't verify if the other server actually gets what I'm writing.
I used these commands to create the private key and the certificate
openssl genrsa -des3 -out priv.pem -passout pass:myPassword 1024
openssl req -x509 -new -key priv.pem -passin pass:myPassword -days 3650 -out cert.cerI have imported the cert.cer into the java/jre/lib/security/cacerts keystore. The CN value in the cert.cer is the one I got from the hostname command.
I still get the error:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate foundJust before reading from the socket I print in the log file the sockets properties:
is input shut down? false
is output shut down? false
is bound? true
is closed? false
is connected? trueAm I suppose to do somethin with the priv.pem? Where does that one go? Isn't the cert.cer enough?
I don't know what else to do and how to check anything else. Any ideas would be greatly appreciated.
Thank you very much,
Iulia S.Hi again,
I am at wits' end in here and I hate it when I move in the unstable grounds of not knowing stuff. I am still getting the error.
I managed to get the certificate from the other application, it's not self-signed it's issued by Thawte. Apparently you can also get it with FF3 from the cute little lock next to the address bar. Am I talking about the same certificate? Then I did this to import it:
./keytool -import -alias bristow -file /location/to/THEcertificate -keystore /location/to/java/jre/lib/security/cacertsAnd I did restart the server. Several times. Several several times.
Some details about the application: it's a servlet running on a websphere 6.1 server. I noticed that this error is from sun.security.validator.ValidatorException while mine is from:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate foundI can understand they are different packages but shouldn't they implement the same standard protocol? btw there are no com.sun.* classes imported.
Am I not creating the SSLSocket right?
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket s = (SSLSocket) sslsocketfactory.createSocket("secureSite.com", portNo);The string that defines the hostname, it's just the name, no protocol or anything else, right? I just need someone to confirm it. I've already tried all the other posibilities and they don't work.
It all crashes at the readLine:
BufferedReader in = new BufferedReader(new InputStreamReader(s.getInputStream()));
String input = "";
while((input = in.readLine()) != null)I ran the php script they gave us as an example, on a different server, and it worked just fine. No certificates needed.
I've tried reading characters instead of line, just in case this error would be absurdly linked with the no-end-of-line. Same error.
I'm trying to poke the server with a stick see if I can get a response. I run this from my local machine:
import java.io.InputStreamReader;
import java.io.BufferedReader;
import java.io.PrintWriter;
import java.net.URLEncoder;
import java.util.Date;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
public class EchoClient
public static void main(String[] arstring)
try
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket("hostname", 99999);
sslsocket.setEnabledCipherSuites(sslsocket.getSupportedCipherSuites());
StringBuffer data = new StringBuffer();
dataDeTrimis.append("DATA1=").append(URLEncoder.encode("DATA1","UTF-8"))
.append("&DATA2=").append(URLEncoder.encode("DATA2", "UTF-8"));
String includeHeader = "POST /script/location/script.php HTTP/1.1\r\n" + "Content-Length: " + data.length() + "\r\n" + "Content-Type: application/x-www-form-urlencoded\r\n" + "\r\n" + data;
BufferedReader in = new BufferedReader(new InputStreamReader(sslsocket.getInputStream()));
PrintWriter outs = new PrintWriter(sslsocket.getOutputStream(), true);
outs.print(includeHeader);
String input = "";
System.out.println("is input shut down: "+sslsocket.isInputShutdown()+" is output shut down? "+sslsocket.isOutputShutdown()+" is bound? "+sslsocket.isBound()+" is closed? "+sslsocket.isClosed()+" is connected? "+sslsocket.isConnected());
System.out.println("server: "+in.read());
while((input=in.readLine())!=null)
System.out.println("SERVER REPLIED : " + input + "\n");
sslsocket.close();
catch(Exception exception)
exception.printStackTrace();
}The answer is:
is input shut down: false is output shut down? false is bound? true is closed? false is connected? true
server: -1Shouldn't I get something even a little bit more significant then just NO answer? sigh
If I were to explicitly load the keystore will that get me anywhere? I am out of ideas. Anything to point somewhere would be great.
Thank you very much,
Iulia S. -
Getting "No trusted certificate found" when attempting to connect to 10g DB
Greetings,
I have an Oracle 10g DB configured to listen via TCPS. I am able to tnsping and sql+ into the DB just fine. However, when attempting to connect via SQL Developer, I get the following error:
*"Status: Failure -lo exception: sun.security.validator. ValidatorException: No trusted certificate found"*
Here is my tnsnames.ora entry:
EMCECCH01.CORPORATE.MY.COM =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCPS)(HOST = emcecch01.corporate.my.com)(PORT = 1575))
(CONNECT_DATA =
(SERVICE_NAME = rambdb)
(SECURITY = (MY_WALLET_DIRECTORY = C:\DBSafes\Cincinnati\dbSafe))
Obviously when I create my connection, I am using 'TNS'. I've also attempted to connect via the JDBC thin driver, but when testing the connection, it just sits and spins without ever returning a result. Here is the URL I'm using:
jdbc:oracle:thin:@emcecch01.corporate.my.com:1575:rambdb
I've verified that the appropriate JAR files are in place in the jlib directory.
Any advice in this matter would be greatly appreciated.
RegardsHi,
If your connection entry is unusual you could try these simple things that may cause variation/different code paths:
1/ORACLE_HOME being set /unset by for example a bat script before launching sqldeveloper [see in sqldeveloper help/about/properties/ oracle.home and jdbc.library to see what oracle is using]
(you could be using sqldeveloper or other oracle install jdbc)
2/Tools/preferences/database/Advanced Parameters/Use oci thick driver set/unset
(you could be using 'pure' jdbc thin or 'mixture of c & java' ie. thick oci driver using another Oracle Home or instant client)
3/use Connection type=advanced then you can enter a fancy description (these descriptions are simple but you could have load balancing for example):
thin is pure java
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=MACHINE_NAME_OR_IP)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=dev11gr1)))
oci8 is thick/c/oci-java
jdbc:oracle:oci8:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=MACHINE_NAME_OR_IP)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=dev11gr1)))
(or get SQLDev to look up tnsnames.ora, connection type = tns might work)
Please post your findings and put in an enhancement request for particular connection feature support, documented with a test case.
-Turloch -
How to import Root CA "No trusted certificate found" exception.
I have an application that connects https to a server and POSTs some data. That application works fine with one server but not with another. I get javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found.
Both servers have certificates signed by 2 different CAs. 1 is I think Thawte or Verisign (need confirmation with my admin) and the other I know for sure is Equifax. Of course Equifax is the least popular of the 2 and is not found in the cacerts keystore...
Now I downloaded the Equifax root certificate and installed in the default keystore by typing keytool -import -alias blabla -file c:\bla.cer and it imported correctly. I reran my app and I still got the same exception...
So I figure that the root cert for Equifax must be imported within the cacerts file in jre/lib/cacerts am I correct? Whats the default password for that keystore?
ThanksHave you tried to import the certificate in the cacerts keystore file?
This file can be found in the <jdkDirectory>/jre/lib/security/ directory. It is the default trustStore used by Java.
I remember that trusted certificate keystore location can be set using the javax.net.ssl.trustStore property. Have you set it to point to your keystore file?
You can found explanations there:
http://www.onjava.com/pub/a/onjava/2001/05/03/java_security.html#certificates
Hope this helps. -
Seeburger AS2: Error while parsing AS2 message: AUTHENTICATION_ERROR #
Hello all,
unfortunaltey we get follow error back, if we receive a message from our partner:
Error while parsing AS2 message: AUTHENTICATION_ERROR #
The channel setup is correctly ( I think)
(Sender Agreement:)
By the Aapter-Specific Attributes:
AS2 Sender Configuration
Authentication Certificate: <Certificate of the Partner>
AS2 Receiver Configuration
Decryption Key: Private Key from us
Signing Key: Private Key from us
The MDN Channel has setup follow:
AS2 Sender Configuration
Authentication Certificate: <Partner Certificate>
The AS2 Communication Channel has setup as follow:
AS2
disable Authentication required
Asynchrones MDN
Server Certificate <Partner's Certificate>
Private Key for Client Authentication is empty
But always we get the message back as I put in the topic.
Any ideas ?
Thanks for your helpHi Stephen
From the configuration side everything looks fine.
I strongly believe that some configuration at your partner side must be wrong.
For testing purpose, if you have BIS Spoke please create a dummy configuration and send message to PI.
First test with Disabling certificate authentification and then with certificate
Regards,
Dhanish -
[help] I get error:No trusted certificates have been loaded. Server will no
client: tuxedo salt
server: weblogic
Now when I start weblogic, I got error info:
<Nov 11, 2010 3:33:13 AM EST> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias dev from the JKS keystore file /nfs/tux/huchchen/lclnx24/user_projects/SSL/server_keystore.jks.>
<Nov 11, 2010 3:34:16 AM EST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the JKS keystore file /nfs/tux/huchchen/lclnx24/user_projects/SSL/server_trustore.jks.>
<Nov 11, 2010 3:34:16 AM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loaded 0 trusted CAs from /nfs/tux/huchchen/lclnx24/user_projects/SSL/server_trustore.jks>
<Nov 11, 2010 3:34:16 AM EST> <Warning> <Security> <BEA-090172> <No trusted certificates have been loaded. Server will not trust to any certificate it receives.>
Why It can't load any trusted CAS? Anyone help!
Here is my configuration:
$ keytool -list -keystore server_trustore.jks -v
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: dev
Creation date: Nov 11, 2010
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=user, OU=R&D, O=BEA, L=Beijing, ST=Beijing, C=CN
Issuer: CN=root, OU=R&D, O=BEA, L=Beijing, ST=Beijing, C=CN
Serial number: cd6e80b22322f919
Valid from: Wed Nov 10 22:18:51 EST 2010 until: Sat Nov 09 22:18:51 EST 2013
Certificate fingerprints:
MD5: 40:6B:5F:93:B4:54:53:5E:FE:AB:37:9F:06:6D:66:38
SHA1: 1B:05:33:1F:83:7B:E8:E7:38:C9:AA:E7:AF:C1:D5:51:4B:EF:B8:D5
Signature algorithm name: SHA1withRSA
Version: 1
Certificate[2]:
Owner: CN=root, OU=R&D, O=BEA, L=Beijing, ST=Beijing, C=CN
Issuer: CN=root, OU=R&D, O=BEA, L=Beijing, ST=Beijing, C=CN
Serial number: d69db8f0be4975af
Valid from: Wed Nov 10 21:59:47 EST 2010 until: Sat Nov 09 21:59:47 EST 2013
Certificate fingerprints:
MD5: D4:F2:D3:1A:5D:3A:A8:F8:B8:85:A3:EA:BA:DB:58:91
SHA1: 2B:BB:B9:30:BA:53:4F:4C:BF:1A:C4:44:6D:E9:22:E3:A4:5B:0C:D9
Signature algorithm name: SHA1withRSA
Version: 1
$ keytool -list -keystore server_keystore.jks -v
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: dev
Creation date: Nov 10, 2010
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=admin, OU=R&D, O=BEA, L=Beijing, ST=Beijing, C=CN
Issuer: CN=root, OU=R&D, O=BEA, L=Beijing, ST=Beijing, C=CN
Serial number: cd6e80b22322f918
Valid from: Wed Nov 10 22:16:54 EST 2010 until: Sat Nov 09 22:16:54 EST 2013
Certificate fingerprints:
MD5: A3:A1:C2:C6:C9:44:B7:0E:27:DD:29:B1:CE:70:A5:C9
SHA1: 53:17:76:6A:B9:7E:32:F0:D4:23:62:54:3B:09:F6:79:75:21:94:36
Signature algorithm name: SHA1withRSA
Version: 1
*******************************************That because there is not trusted certificate entry, looks like ur trust store and identity keystore is the same.
Use these steps to generate identity and trust stores.
keytool -genkey -alias mykey -keyalg RSA -keysize 1024 -dname "CN=Tariq.beasys.com, OU=Customer Support, O=BEA Systems Inc, L=Denver, ST=Colorado, C=US" -keypass mykeypass -keystore identity.jks -storepass mystorepass
keytool -selfcert -v -alias mykey -keypass mykeypass -keystore identity.jks -storepass mystorepass -storetype jks
keytool -export -v -alias mykey -file rootCA.der -keystore identity.jks -storepass mystorepass
keytool -import -v -trustcacerts -alias mykey -file rootCA.der -keystore trust.jks -storepass mystorepass
Or you can follow this post
http://secure-zone.blogspot.com/2010/11/configuring-ssl-on-weblogic-server.html
-Faisal -
Avca secure_agent fails with 'No trusted certificate found'
1) AV server keystore content
===================
[oracle@veelaoav001 ~]$ $ORACLE_HOME/jdk/bin/keytool -list -v -keystore /home/oracle/SSL/avkey/avkeystore
Enter keystore password: welcome1
Keystore type: jks
Keystore provider: SUN
Your keystore contains 3 entries
Alias name: avkey
Creation date: May 7, 2012
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=avserver, O=oracle, C=UK
Issuer: CN=avserver, O=oracle, C=UK
Serial number: 4fa828c2
Valid from: Mon May 07 15:55:46 EDT 2012 until: Tue May 07 15:55:46 EDT 2013
Certificate fingerprints:
MD5: D7:49:34:93:35:7F:55:FC:70:08:F3:9F:03:AA:41:A9
SHA1: 23:88:9C:F6:12:48:C1:55:79:2D:2D:71:B5:E4:66:07:A7:1E:AA:A1
Alias name: cacert
Creation date: May 7, 2012
Entry type: trustedCertEntry
Owner: CN=rootAV, O=oracle, C=UK
Issuer: CN=rootAV, O=oracle, C=UK
Serial number: 0
Valid from: Mon May 07 15:54:58 EDT 2012 until: Thu May 05 15:54:58 EDT 2022
Certificate fingerprints:
MD5: 8A:30:0B:09:27:1E:F9:0C:54:29:01:5E:5C:0F:56:F2
SHA1: 83:1C:09:24:BF:F6:FC:B4:62:AC:04:B5:9C:CC:28:E3:4C:B4:25:BF
Alias name: mykey
Creation date: May 7, 2012
Entry type: trustedCertEntry
Owner: CN=avserver, O=oracle, C=UK
Issuer: CN=rootAV, O=oracle, C=UK
Serial number: 0
Valid from: Mon May 07 15:56:18 EDT 2012 until: Tue May 07 15:56:18 EDT 2013
Certificate fingerprints:
MD5: 43:B4:B3:97:E0:88:34:7C:E9:D1:68:CC:48:32:8B:CC
SHA1: 50:7A:1C:1E:19:AB:E4:34:3A:64:82:A6:B2:B2:32:9C:F2:F9:94:45
2) AV agent keystore content
=================
[oracle@veelaora001 ~]$ $ORACLE_HOME/jdk/bin/keytool -list -v -keystore /home/oracle/SSL/agkey/agkeystore
Enter keystore password: welcome1
Keystore type: jks
Keystore provider: SUN
Your keystore contains 3 entries
Alias name: agkey
Creation date: May 7, 2012
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=avagent, O=oracle, C=UK
Issuer: CN=avagent, O=oracle, C=UK
Serial number: 4fa82925
Valid from: Mon May 07 15:57:25 EDT 2012 until: Tue May 07 15:57:25 EDT 2013
Certificate fingerprints:
MD5: C4:9C:FE:D1:D0:04:19:65:F9:C0:CE:A9:6A:5E:7F:B6
SHA1: 9A:D4:9B:15:D0:B1:10:45:FD:D1:F1:F2:75:46:A9:78:E3:2A:5C:DE
Alias name: cacert
Creation date: May 7, 2012
Entry type: trustedCertEntry
Owner: CN=rootAV, O=oracle, C=UK
Issuer: CN=rootAV, O=oracle, C=UK
Serial number: 0
Valid from: Mon May 07 15:54:58 EDT 2012 until: Thu May 05 15:54:58 EDT 2022
Certificate fingerprints:
MD5: 8A:30:0B:09:27:1E:F9:0C:54:29:01:5E:5C:0F:56:F2
SHA1: 83:1C:09:24:BF:F6:FC:B4:62:AC:04:B5:9C:CC:28:E3:4C:B4:25:BF
Alias name: mykey
Creation date: May 7, 2012
Entry type: trustedCertEntry
Owner: CN=avagent, O=oracle, C=UK
Issuer: CN=rootAV, O=oracle, C=UK
Serial number: 0
Valid from: Mon May 07 15:59:46 EDT 2012 until: Tue May 07 15:59:46 EDT 2013
Certificate fingerprints:
MD5: 10:D2:D2:44:A9:AB:89:22:C6:FC:E8:61:A1:5D:B3:A0
SHA1: 62:BF:B9:52:29:F7:89:AF:F1:70:D8:75:AB:15:D4:55:BC:AB:9F:48
3) Credentials added for XDB:
$ avca generate_csr -certdn "cn=seclin2,O=Oracle,C=UK" -out /home/oracle/SSL/XDB/certXDB.csr
Generating Certificate request...
Certificate request generated successfully.
$ orapki cert create -wallet /home/oracle/SSL/rootCA -request /home/oracle/SSL/XDB/certXDB.csr -cert /home/oracle/SSL/XDB/certXDB.pem -validity 365 -pwd "welcome1"
$ avca import_cert -cert /home/oracle/SSL/rootCA/trustedROOTcertificate.txt -trusted
Importing Certificate...
Certificate imported successfully.
$ avca import_cert -cert /home/oracle/SSL/XDB/certXDB.pem
Importing Certificate...
Certificate imported successfully.
4) avca secure_av -avkeystore $ORACLE_HOME/network/admin/avkey/avkeystore -avtruststore $ORACLE_HOME/network/admin/avkey/avkeystore
Checking for SSL Certificate...
done.
Enter Audit Vault Server keystore password:
Stopping OC4J...
OC4J stopped successfully.
Securing XDB services...
Identified XDB http(s) Port...
Stopping Listeners...
done.
Starting Listeners...
done.
done.
Starting OC4J...
OC4J started successfully.
5) avca secure_agent -agentkeystore $ORACLE_HOME/network/admin/agkey/agkeystore -avdn "CN=avserver, O=oracle, C=UK" -agentdn "CN=avagent, O=oracle, C=UK"
Enter Audit Vault Agent keystore password:
Stopping agent...
Agent stopped successfully.
Starting agent...
Agent started successfully.
avca.log on agent shows:
Executing command secure_agent, -agentkeystore, /u01/app/oracle/oracle/product/10.2.3/av_agent/network/admin/agkey/agkeystore, -avdn, CN=avserver, O=oracle, C=UK, -agentdn, CN=avagent, O=oracle, C=UK
SECURE_AGENT - get agent info
xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/rmi.xml
xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/rmi.xml
Stopping agent...
Agent stopped successfully.
SERCURE_AGENT - update /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/av-agent-web-site.xml
xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/av-agent-web-site.xml
xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/av-agent-web-site.xml
SECURE_AGENT - modify /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/server.xml
xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/server.xml
xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/server.xml
SECURE_AGENT - use /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/applications/AVAgent/AVAgent/WEB-INF/web.xml.secure
Starting agent...
xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/server.xml
xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/server.xml
xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/av-agent-web-site.xml
xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/av-agent-web-site.xml
xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/http-web-site.xml
xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/http-web-site.xml
Error while checking agent status - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate foundThis the code I used for setting up the engine:
File trustStore = new File(control.home, "d4trustore");
String trustStorePath = trustStore.getAbsolutePath();
File keyStoreFile = new File(control.home, "d4keystore.ks");
String keyStorePath = keyStoreFile.getAbsolutePath();
char[] passphrase = "password".toCharArray();
try{
KeyStore ksKeys = KeyStore.getInstance("JKS");
ksKeys.load(new FileInputStream(keyStorePath), passphrase);
KeyStore ksTrust = KeyStore.getInstance("JKS");
ksTrust.load(new FileInputStream(trustStorePath), passphrase);
javax.net.ssl.KeyManagerFactory kmf =
javax.net.ssl.KeyManagerFactory.getInstance("SunX509");
kmf.init(ksKeys, passphrase);
javax.net.ssl.TrustManagerFactory tmf =
javax.net.ssl.TrustManagerFactory.getInstance("SunX509");
tmf.init(ksTrust);
javax.net.ssl.SSLContext sslContext = javax.net.ssl.SSLContext.getInstance("TLS");
sslContext.init(
kmf.getKeyManagers(), tmf.getTrustManagers(), null);
engine = sslContext.createSSLEngine(serverAddress, port);
engine.setUseClientMode(true);
p butler -
PI Seeburger AS2 Error: Object not found in lookup of as2..
Hi ALL
Can you please help us understand which object the following error refers to....
Delivering the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: com.sap.engine.services.jndi.persistent.exceptions.NameNotFoundException: Object not found in lookup of as2..
Your help is greatly appreciated!!
Thank you,
PatrickPlease check the module chain (module configuration). Very likely reason is that you have the solutionid module as2 defined (which is default) but forgot to deploy the solution id module (you can find it in the distribution tools folder. Name of the deploy file: SeeXISolutionIdModule.ear).
-
URGENT!! ERROR WITH EXPIRED CERTIFICATE USING JDK 1.4.2.05
Hi,
I have created a client/server application with SSL and have found the following problem.
I have made these two tests:
1) jdk 1.4.2.03 --> the certificate is expired, I obtain this exception "No trusted certificate found". it's ok
2) jdk 1.4.2.06 --> the certificate is expired, no error occurs. WHY?????
Someone can help me?
GiannaThe problem is not the expired certificate! I know that it is expired, but I don't understand why using jdk 1.4.2.05 this certificate is not recognize invalid.
With this jdk the channel is created. Using jdk 1.4.2.03 instead the certificate was recognized expired and the channel is not created between client and server.
For me the correct behavior has with the old version of the JDK and not the new.
WHY????? -
No OEM CERTIFICATE found in windows 8
i want to clean install win 8 on my new lenovo, i have heard that OEM key is stored in the bios and is automatically applied on a clean install. so i decided to save the OEM CERTIFICATE using a software called SLIC TOLKIT 3.2.
but it shows that, SLIC STATUS = INVALIDATED, and an error - "No OEM Certificate found".
i have downloaded windows 8 file from internet- en_windows_8_x64_dvd_915440.iso .
should i proceed with a clean install, or i have to install an OEM CERTIFICATE ?
in control panel- system, it shows windows is activated. i am also not able to use windows 8 recovery features, like refresh or restore. all these errors started when i created a third partition in windows. then i repaired the boot menu through bios by using
bcdboot c:\windows /s g: /f UEFI
can i clean install windows 8?i have used this iso- en_windows_8_x64_dvd_915440.iso
but i got windows 8 preinstalled. now i have upgraded to 8.1 and have created a backup image through acronis. so i am out of danger now, but i still would like to know if i can ever clean install my windows without requesting an oem disk from lenovo. -
Seeburger AS2 HTTPS receiver channel error
Hi,
I am getting the following error in the receiver Seeburger AS2 channel with HTPS connection and going through a proxy to the Partner.All the certificates have been installed,proxy server information gives,mentioned the key store values and encryption certificate values have been mentioned in the receiver agreement that is using the channel.
Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: HTTP-Client component init failed # java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Could not retrieve alias collection., SEEBURGER AS2: HTTP-Client component init failed # java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Could not retrieve alias collection.
Can you please give me an idea whether I am missing something or any configuration settings I need to make.
Thank you,
Srihi Neetesh,
Thank you for the link.The first thing I have looked at is the link you gave me.But when I give with * it is complaining that it is not able to retrieve the certificates.
TRUSTED/AS2CERTS/*,but I have backward slashes..may be OS is different ,I think the original poste might have Windows servers.
any other ideas please.
thank you. -
Seeburger AS2 "Unable to find trust alias name"
Colleagues,
I receive the com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException
message plus the "unable to find alias name TRUSTED\" when I attempt to transmit an outbound EDI document using Seeburger's AS2 adapter.
It appears that the AS2 adapter cannot find the key store that holds the certificates I am using.
There also was the following message:
"JCA error: Unable to forward message to JCA adapter. Reason: FatalExcetpion: com.sap.aii.rf.ra.cci.XIDeliveryException. Seeburger AS2 HTTP- Client component # failed java.security.PriviligedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException"
Am I missing some configuration that points the to the keystore I need ?
All responses appreciated.
Regards,
AndyHi Sajal,
Try this:
follow these steps:
->Launch the Visual Administrator
->Goto to Services Key Storage
->Choose load and select the file containing the certificate (.cer or .crt file)
As the XI configuration will refer to the certificate by name, the name should be somewhat self-describing. The certificate name should not include any date or time.
Reward points if this helps
Regards
Pragathi.
Maybe you are looking for
-
HT204291 Can you air play on a MAC from your iphone?
We are trying to run apps from an iphone to a MAC through airplay. Is this possible? If so what settings do I need my computer on. Thanks
-
Update Music file information to information in Itunes???
When my music files are imported to itunes, I have to change the info for many of my music because it is in form of Track 1 and such. Is there any way to update the info of the actual files of the music so it is the same as the info on itunes? Hope t
-
No authorization for printer "LP01"
Hi All, i wish to archive the data in BW. for that i had created archive object also. now when i schedule the write job it is giving me the error as following No authorization for printer "LP01". i had checked the user authorizations and i had assign
-
Hi Experts, We are using files as the method of transports. We have 4 environments. Dev, Test, UAT, Prod. We have already done a file transport from Dev to Test. Now we are in the process of moving objects to UAT. The question do we need to do one mo
-
Mobile Module for Labview 2009
Hello, What do I need to install to use Mobile Module with Labview 2009? I have installed Labview 2009 but I don't see the PDA icon on the main page.