HT5012 trusted certificates in Keychain

I went into my keychains and found some certificates that stated they are trusted and have all access to my apps but they are Turkish, Japanese, Belgium...are these ok?

I have a similar problem, but only one of the messages is exactly the same. I arrived here in an effort to cure a Time Machine problem, but sure would like to know what these "invalid" and "not to be trusted" certificates mean!

Similar Messages

HT5012 Update correct trust certificates. How? iPhone iPad and MacBook Pro?

All three of my devices have certificates that are self signed and listed as untrusted. How can I see if I am using the proper trust certificates? Can I erase them and download apple trusted certificates?
Thanks for any help
Scott

All three of my devices have certificates that are self signed and listed as untrusted. How can I see if I am using the proper trust certificates? Can I erase them and download apple trusted certificates?
Thanks for any help
Scott

HT5012 Updated iTunes on my PC. Now have trust certificate on my iPad. Unable to sync!!!!!

Just updated iTunes on my PC. Tried to sync with my iPad mini. Was asked if the PC was trusted. Indicated yes. Now have trust certificate on my iPad. Unable to sync!!!

It's a glitch with the new iTunes
go into the control panel, add/remove programs. Uninstall iTunes, Apple mobile device support, apple application support. Then reinstall iTunes and see if it works. That's what worked for me.

Safari & Citrix: How to undo "Do Not Trust" Certificate after clicking

I mistakenly clicked "Do Not Trust Certificate" in the Safari pop-up Certificate Verification window (instead of "Trust") while trying to download GoToMeeting software to join a Citrix online meeting. Now I am unable to download the GoToMeeting program. How do I change this so that Safari will accept and "Trust" the certificate?

Thank you for your quick response and for the link. I just had a quick question about exporting a certificate: Is that equivalent to deleting it so that Safari won't remember whether or not to "Trust" or "Do Not Trust" it? I am assuming this means that I would need the name of the certificate as well. What happens if I delete my certificates saved in my keychains?
I did not get a chance to follow it because that day I ended up accessing the online meeting through Firefox. Saturday, I had another online Citrix www2.gotomeeting.com meeting so I tried using Safari again just to see what would happen. Safari didn't seem to recognize that I had selected "Do Not Trust" 4 days before and instead prompted me with the option to "Trust". I am just wondering how that happens because I didn't change anything in the keychain.

Help for "obtain a trusted certificate" doesn't help

In particular the following text in the Help Center:
Select your server in the sidebar, and then click Settings.
Click the Edit button at the right of SSL Certificate.
From the Action pop-up menu (looks like a gear), choose Manage Certificates.
In the Manage Certificates pane, select the self-signed certificate you want to use to generate the CSR.
From the Action pop-up menu (looks like a gear), choose Generate Certificate Signing Request (CSR).
Save the CSR file.
I'm running the Server app. (This is the right thing, yes?) 2.2.1 First step works fine. But there doesn't seem to be an "Edit button" at the right of SSL Certificate. Or an SSL Certificate. But I seem to recall MAKING a certificate, yes... I see it now. Under the Certificates selection in the sidebar. But no "manage certificates" or some such. But I THOUGHT I saw such a thing... somewhere...

Ah... Thanks for both points. I was specifically looking for a "request trusted certificate" path, which the Keychain tool didn't (explicitly) show me, though it DID show a whole slew of certificates that I never knew I had (nor understand exactly what they are about, but, "I am but an egg" on these things.)
Back on the Server app, it is the + button on the certificates field, so correct documentation might be something along the lines of...
Select "Certificates" under the "Server" group on the sidebar.
Click the "+" at the bottom of the server list.
Select "Get a Trusted Certificate" from the pop-up menu.
... (I'll know better when I actually perform the steps)
I hope this will advance the cause.

No trusted certificate found error while running a webservice

Hi,
I created a stub to a webservice and then tried to invoke the webservice using a simple java class
in JDeveloper. While running the java client to invoke the webservice i get this below mentioned error
SOAPException: faultCode=SOAP-ENV:IOException; msg=sun.security.validator.ValidatorException: No trusted certificate found; targetException=javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at org.apache.soap.SOAPException.<init>(SOAPException.java:78)
Kindly have a solution for what to be done on this.
Thanks,
Ramesh.R
Edited by: Ramesh_R on Jan 20, 2010 10:28 AM

have to import the certificate in the cacerts of the Jdev jre/lib/security/cacerts file
Edited by: Ramesh_R on 16-Jan-2011 02:40

Weblogic Start script fails while Loading trusted certificates from jks

Hi,
I have a Weblogic Portal 10.3.2 installation on a Solaris Unix box. There is one Admin server and two Managed servers. I am trying to deploy an EJB based application on one of the Managed servers. Note that this application has been working fine in the Weblogic 9.2 environment.
When the Managed Server is started, I get the below messages in the Weblogic console log. We have an internal SSO authentication system, which is integrated with this application. When this integration is removed, we are able to login to the application without any issues. When it is turned on, the redirection from SSO to the application fails - most likely because of the below SSL related errors.
I have accessed the below link and accordingly set the property -Dweblogic.ssl.JSSEEnabled=true. But it didn't help.
http://justasg.blogspot.com/2012/04/tlsssl-certificate-errors-and-warnings.html
Please let me know if you have any suggestions.
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /data/applications/norkom/BEA103/wlserver_10.3/server/lib/DemoTrust.jks.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/jdk1.6.0_32/jre/lib/security/cacerts.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure[1]". The address 127.0.0.1 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
<Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure". The address 10.228.12.24 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.228.12.24:7020 for protocols iiop, t3, ldap, snmp, http.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7020 for protocols iiop, t3, ldap, snmp, http.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <WebLogicServer> <BEA-000332> <Started WebLogic Managed Server "NCA_Server" for domain "norkom" running in Development Mode>
<Jun 4, 2012 4:52:01 PM MEST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<Jun 4, 2012 4:52:01 PM MEST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
<WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
<WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
<WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
<WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
<WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
<WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
Note: We have another Solaris Unix box, with the same installation of Weblogic with the same SSO redirection, but another EJB application is deployed. Also, there is no Managed and the application is deployed on the Admin server itself. But when the server is started, I don't see any attempts to load any certificates and also there are no issues.
So either please suggest how this certificate loading can be rectified or suggest a way to disable the certificate loading (if at all its an option).
Please let me know if you need any further details.

Firstly,
938767 wrote:
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/jdk1.6.0_32/jre/lib/security/cacerts.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>I don't think that this will be your problem... Unless you are actually using some of those certificates you can ignore those messages.
But the following looks suspicious, I guess 7022 is your SSL port...
<Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure[1]". The address 127.0.0.1 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
<Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure". The address 10.228.12.24 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>Hope that helps.
Cheers,
Vlad
Give points - it is good etiquette to reward an answerer points (5 - helpful; 10 - correct) for their post if they answer your question. If you think this answer is helpful, please consider giving points.

Sun.security.validator.ValidatorException: No trusted certificate found

Hello,
I am using Java 1.6.0_04 (JBoss-4.2.2.GA application). My application implements a WS client which needs to integrate with an external Web Service. This communication needs to be handled through https.
I have created a jks keystore with the server certificate, and passed its details to JBoss through the System Properties:
-Djavax.net.ssl.trustStore=/Path-to-file -Djavax.net.ssl.trustStorePassword=password     On my development environment I can call the Web Service correctly.
Although, on the production environment, I am getting the following exception:
javax.xml.ws.WebServiceException: java.io.IOException: Could not transmit message
     at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:317)
     at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:255)
     at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164)
     at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
     at $Proxy171.send(Unknown Source)
     at com.xpto.integration.SmsHelper.send(SmsHelper.java:57)
     at com.xpto.services.sms.SMSSenderServiceMBean.run(SMSSenderServiceMBean.java:106)
     at java.lang.Thread.run(Thread.java:619)
Caused by: java.io.IOException: Could not transmit message
     at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:204)
     at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
     at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:337)
     at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243)
     ... 6 more
Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker.
     at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:
333)
     at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:135)
     at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
     at org.jboss.remoting.Client.invoke(Client.java:1634)
     at org.jboss.remoting.Client.invoke(Client.java:548)
     at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:183)
     ... 9 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No truste
d certificate found
     at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
     at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
     at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
     at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
     at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLCo
nnection.java:166)
     at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832)
     at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:23
0)
     at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:
275)
     ... 14 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
     at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
     at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
     at sun.security.validator.Validator.validate(Validator.java:218)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:2
09)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:2
49)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
     ... 26 more     Both systems are configured with the same JBoss, JVM, ...
The certificate details are:
Owner=
CN=*...., OU=..., O=..., L=..., ST=..., C=PT
Issuer=
CN=..., O=..., C=PT
Version=3
Serial Number=BC81A81843E26C2597CD10354588F61E
Valid From=Monday, 3 March 2008 18:50
Valid Until=Tuesday, 3 March 2009 18:50
Signature Algorithm=SHA1withRSA
Fingerprints=
    MD5:     0A:A6:89:92:A4:CF:17:74:7C:4E:20:63:6B:81:AE:85
    SHA1:    35:01:74:8C:35:AB:9F:02:7B:23:3F:15:5E:73:C6:4D:DD:BB:C0:7A
Key Usage= critical
    List:
    . digitalSignature
    . keyEncipherment
    . dataEncipherment
    . keyAgreement
Extended Key Usage= none
     On production I have also tried adding the following properties:
-Djavax.net.ssl.keyStore=/Path-to-file -Djavax.net.ssl.keyStorePassword=password     But I still get the error.
Any one has any hint for this problem? Is there any property which I can define to ignore untrusted certificates?
Any help would really be welcome.
Thanks in advance.
Best regards,
Victor Batista

Hi,
Thanks for your prompt reply.
I have also tried to add all the chain of certificates on my truststore, although I get the exception:
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Mar 07 12:54:22 WET 2008
     at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
     at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:570)
     at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:123)
     at sun.security.validator.Validator.validate(Validator.java:218)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
     ... 26 moreAnd all the certificates are valid.
I really don't understand what is going on.
Can I Ignore expired certificates? Any property?
When I use -Djavax.net.ssl.trustStore pointing to my keystore, will cacerts be also used?
Do I need to import all the certificates in the chain of the server, or the top most is sufficient?
The server where I am having the problem has limited connectivity. It should have connectivity to the issuers of the certificates, in order to validate them, or not?
Thanks in advance,
Victor

How do you know if trust certificate error about imap.aol server is the result of an imposter or the "real" aol imap server?

I keep receiving a trust certificate error about imap.aol server. Says it may be the result of an imposter or the "real" aol imap server? How do you determine if the trust certificate is for an imposter?

Please post a direct link to the page you're having trouble with.

Trusted certificates from your previous version of Adobe Reader were found.

After upgrading Adobe Reader from 10 to 11, some users are getting "Adobe Reader Security - Trusted certificates from your previous version of Adobe Reader were found. Would you like to import them." I need to know what registry settings we can modify to either set this automatically to "Import" or "Use Default" I need to add one of these options into our Adobe Reader Settings GPO that is using group policy preferences. This only appears for users who have data in C:\Users\%username%\AppData\Roaming\Adobe\Acrobat\10.0\Security and only the very first time the user opens Adobe Reader after the upgrade per user profile on a given server.

I'm not sure this is true: "If they don't exist then there is no dialog. " Could be, but I've never heard of it.
However, acrodata files perform a number of functions for several features, so removing them is unwise. Also, they will just come back when a user exercizes certain features.
Better to just turn off the feature with the supported preference.
Ben

Trust Certificate Issue in Outlook

I have a new user who is attempting to trust certificate authority but is receiving the message: Outlook cannot trust the certificate authority's certificate (root certificate) because it cannot be found. Others are able to trust the same cert authority
she is unable to but when people try to trust her certificate authority they receive the same message. The user's email certificate is coming from Comodo and I have gone through the process of revoke and reissue several times. Other users have certs from Comodo
as well.

Have you tried the following fix for SSL/TLS problems?
http://support.microsoft.com/kb/2801679/sv

Problems trusting certificates from other users

I'm unable to trust certificates from users when the email address on their certificate does not precisely match the From address of the message. The mismatch is typically something like a From address of [email protected] and a certificate address of doe.john.12345.
Mail says "Unable to verify message signature" when I select the message. I click "Show Details" followed by "Show Certificate". I then get an option to check "Messages from xxx are valid if signed by yyy", which I do followed by clicking "OK".
The yellow "Unable verify message signature" bar stays in place. Repeating the above process shows that the the option to trust the validity is again unchecked. However, in the area with certificate, it lists that the certificate is trusted for the email address in the From field.
Any idea what's going on here?
Thanks,
Andreas

I should add that this happens when using certs that were signed with a CAC. I have an ORC ECA cert.
—Andreas

Seeburger AS2 error: No Trusted Certificate found

Dear SAP experts,
Good day!
Need your expert advice regarding the error that I am getting in Seeburger AS2.
Here's the scenario:
SAP XI is sending messages to Trading Partner via AS2 adapter which resides in Seeburger.
I've trigerred already messages but they are getting this kind of error:
Delivery of the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # : javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER.
Kindly advice if there are missing or invalid certificates on both sides?
What would be the cause of the issue?
Many Thanks!
Godo

Godo,
I think you are using secure communication for your seeburger CC. Can you pls. check if you have installed(keystore) certifcate on J2EE engine and configured certificate provided by ftp client in your CC.
Also one more important thing,
Make sure that you have entry with ftp server name and correspoding ip address in hosts.inc on a system where your adapter engine resides.
Check detail error messsage at:
http://XI server : port / nwa --> Message Monitoring --> Logs and Trances and select DefaultTrace in second drop down list. You will find all events details with description. ( If you run your interface and check you will find recent activities on XI server. Hope this will give you much better picture)
Hope this will help.
Nilesh

No Trusted Certificate???/

Hi
I tried to implement SSL by generating keystores. When the server is started i see the info. below...
<No trusted certificates have been loaded. Server will not trust to any certificate it receives.>
Is this any concern??? Ifso what should i do to overcome this.
<Aug 4, 2004 12:04:29 AM EDT> <Notice> <Security> <BEA-090170> <Loading the private key stored under the alias serverkey from the JKS keystore file /bea_home/OBSOON/OBSOON_WLS_DM/ObsoonDomain/serverkeystore.>
<Aug 4, 2004 12:04:29 AM EDT> <Notice> <Security> <BEA-090171> <Loading the identity certificate stored under the alias serverkey from the JKS keystore file /bea_home/OBSOON/OBSOON_WLS_DM/ObsoonDomain/serverkeystore.>
<Aug 4, 2004 12:04:35 AM EDT> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the JKS keystore file /bea_home/OBSOON/OBSOON_WLS_DM/ObsoonDomain/serverkeystore.>
<Aug 4, 2004 12:04:35 AM EDT> <Warning> <Security> <BEA-090172> <No trusted certificates have been loaded. Server will not trust to any certificate it receives.>
<Aug 4, 2004 12:04:36 AM EDT> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "ObsoonServer" for domain "ObsoonDomain" running in Development Mode>
<Aug 4, 2004 12:04:36 AM EDT> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
<Aug 4, 2004 12:04:36 AM EDT> <Notice> <WebLogicServer> <BEA-000355> <Thread "ListenThread.Default" listening on port 7001, ip address *.*>
<Aug 4, 2004 12:04:36 AM EDT> <Notice> <WebLogicServer> <BEA-000355> <Thread "SSLListenThread.Default" listening on port 7002, ip address *.*>
thanks
Jay

This should be a concern only in the following scenarios
1)If you are making a outgoing ssl call from within weblogic server (say from jsp/servlet/webapp)
OR
2)if you are using 2 way ssl
If youw ant to get rid of this mesaage just configure a keystore with trusted certificates (example: something like jdks cacerts ) It seems to me that the keytsore file
serverkeystore may not have any trusted root certificates in it

How can i Use SERVLET with RMI to avoid trust certificate

I know that for begining RMI, you must launch the server and the client.
for the server i use :
java -Djavax.net.ssl.trustStore=server.keystore -Djavax.net.ssl.keyStore=server.keystore -Djavax.net.ssl.keyStorePassword=server TestServer
for the client I use :
java -Djavax.net.ssl.trustStore=client.keystore -Djavax.net.ssl.keyStore=client.keystore -Djavax.net.ssl.keyStorePassword=client TestClient
and all work fine.
but i want to use a servlet for rmi client and i wrote this:
public class AppelServlet extends HttpServlet
     public void doPost(HttpServletRequest request, HttpServletResponse response)
     throws ServletException, IOException
          try
               System.out.println("Registering secure RMI socket factory ...");
               java.rmi.server.RMISocketFactory.setSocketFactory(new SecureRMISocketFactory());
          TestRemote test = (TestRemote) Naming.lookup("rmi://127.0.0.1:7123/TestClient");
String reponse=test.toLowerCase("HELLO WORLD");
               System.out.println("la reponse est : "+reponse);
     catch (Exception e)
          System.out.println("test client exception: " +e);
PrintWriter out = response.getWriter();
          response.setContentType("text/html");
and i have the following error on tomcat:
Registering secure RMI socket factory ...
test client exception: java.rmi.ConnectIOException: error during JRMP connection
establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: Couldn't find trusted certificate
i think i must precise how to indicate the truststore like in the first case.
help me please.
hamdi

Hi,
Try doing the following steps.
Assuming you have a certificate obtained
Export the certificate into a .cer file.
On IE, goto tools->internet options->content->certificates, and export to a .cer file.
Using keytool of java import the certificate to the store that can be used doing the following command.
keytool -import -alias <ailas> -file < .cer filename> -keystore <storename here>
set the javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword properties at the command prompt using the command below.
java -Djavax.net.ssl.trustStore=<storename> -Djavax.net.ssl.trustStorePassword=<password> <classname>
Let me know if this helped.
Also take a look at this link for using RMI with SSL
http://java.sun.com/products/jdk/1.2/docs/guide/rmi/SSLInfo.html
Regards,
Roopasri Vittal
Developer Technical Support
Sun Microsystems
http://sun.com/developers/support

HT5012 trusted certificates in Keychain

Similar Messages

Maybe you are looking for