ISE: Guest SSL Certificate Not Trusted Error
Team,
We are building an ISE Demo for an event, I configured the Guest Access and it is working fine. the problem is that when the guests (Event attendess) try to access the internet they will be reditrected to teh ISE for Guest Authentication. The guest will get the below error message which doesn't look good because the ISE has the self-signed certificate and it doesn't have a public trusted certificate.
I tried to generate a trail SSL certificate from Thawte and Symentec but both replied that we couldn't verify the information you have provided. I believe this is because my domain is not publicly resgitered (I created this domain internally for the event)
Please advice what is the solution for this issue. I don't want my guest/attendees to see the error message. It doesn't look for to demonstrate ISE.
Please advice
Thanks in advance
The only solution that can competely resolve your issue is to get a certificate from any trusted CA, like Verisign, Thawte, etc. Cost for that is typically $100 per year. Other solution is to use certificate from StartSSL. They have easy procedure for issuing ceritifcates and it's free, but in some browsers that window still may appear sometimes.
Similar Messages
-
Thawte SSL certificate not trusted?
I've been searching Google for solutions but haven't found anything. Had to enable SSL for the meeting server so that it would work from behind a firewall that was blocking the FMS. Bought a SSL123 certificate from a Thawte reseller. I installed it following instructions. Now when connecting to the meeting server brings up a message that the certificate was signed by an unknown authority, and then connectaddin generally crashes and I have to "Force Quit".
Does anyone know how to resolve this? Is it the certificate itself? Could it be configuration?Need to add the "Intermediate CA Certificate" to the pem file, as per https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLI NK&id=SO13881 (it took both my cert reseller and Adobe support several days to reach that conclusion - and the Adobe phone support person told me about this solution just as the email from my cert reseller came in!)
I just opened the pem file in notepad, copied and pasted the above cert under it (as per http://www.connectusers.com/forums/cucbb/viewtopic.php?pid=4315#p4315), fixed EOL characters, saved, restarted services and it worked. -
Linksys Certificate Not Trusted
...how can I trust it? Every time I go to my Linksys router with HTTPS, I receive a certificate not trusted error in my browser. I have already imported the certificate into my keychain on OS X, what else can I do?
It would be great if there was a "Trust" option next to the various errors which are displayed.
O.S. = OS X 10.73
Browser = Chrome
Thanks in advance for any ideas.I am using a WRT54GS running firmware 4.70.6. Mozilla Firefox has the option to explicitly trust the certificate and Safari will use keychains certs to repudiate. Google Chrome (my primary browser) shows the following result.
Internet Explorer (9) shows the following, which is similar to the screen posted. I have tried to import the certificate into trusted publishers, but it won't take. -
Certificate not Trusted Exception
Hi,
I am trying to invoke Axis soap call from webshpere (my requirement is to trust all certificates), but getting certificate not trusted exception. Appreciate any suggestions for fixing this issue.
Code:
public String transport(String strMessage, String strParticipantUrl, String methodName, String keyStorePwd) throws RouterException {
String result = null;
boolean isErrorOccured = false;
String errorMessage = null;
LOGGER.info("Calling Carrier Web Service.......");
LOGGER.info("Web Service URL is :" + strParticipantUrl);
LOGGER.info("Web Service Method Name is :" + methodName);
ServiceFactory serviceFactory = new ServiceFactory();
Service service = null;
try {
service = (Service) serviceFactory.createService(new QName(
FundTransferConstants.QNAME_SERVICE));
} catch (ServiceException e) {
isErrorOccured = true;
Integer connectionTimeOut = FundTransferContext.getInstance()
.getConnectionTimeOut();
org.apache.axis.client.Call call = null;
if (null != service) {
try {
LOGGER.info("setting ssl status to debug");
System.setProperty("javax.ssl.debug", "all");
String proxyHost = FundTransferUtil.getProperty("PROXY.HOST");
String proxyPort = FundTransferUtil.getProperty("PROXY.PORT");
String username = FundTransferUtil.getProperty("PROXY.USER");
String password = FundTransferUtil
.getProperty("PROXY.PASSWORD");
if (proxyHost != null && !"".equals(proxyHost)) {
System.setProperty("proxySet", "true");
System.setProperty("http.proxyHost", proxyHost);
if (proxyPort != null && !"".equals(proxyHost)) {
System.setProperty("http.proxyPort", proxyPort);
if (username != null && !"".equals(username)) {
System.setProperty("http.proxyUser", username);
if (password != null && !"".equals(password)) {
System.setProperty("http.proxyPassword", password);
String keyStoreLocation = FundTransferUtil
.getProperty("KEYSTORE_LOCATION");
String keystore = keyStoreLocation + "/"
+ FundTransferConstants.KEYSTORE_FILE_NAME;
String storetype = FundTransferConstants.KEYSTORE_FILE_TYPE;
String][ props = {
{ FundTransferConstants.TRUST_STORE, keystore, },
{ FundTransferConstants.KEY_STORE, keystore, },
{ FundTransferConstants.KEY_STORE_PWD, keyStorePwd, },
{ FundTransferConstants.KEY_STORE_TYPE, storetype, },
{ FundTransferConstants.TRUST_STORE_PWD, keyStorePwd, }, };
// Commented loading the keystore to test outbound calls
/*for (int index = 0; index < props.length; index++)
System.getProperties().setProperty(propsindex[0],
propsindex[1]);*/
// Commented all trusting trust manager
/*LOGGER.info("Creating TrustManager...");
TrustManager] trustAllCerts = new TrustManager[ { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
LOGGER.info("Acception all issuers");
return null;
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs,
String authType) {
LOGGER.info("checkClientTrusted method");
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs,
String authType) {
LOGGER.info("checkServerTrusted method");
// Install the all-trusting trust manager
try {
LOGGER.info("Creating SSLContext...");
SSLContext sc = SSLContext.getInstance("SSL");
LOGGER.info("Created SSLContext..." + sc);
sc.init(null, trustAllCerts,
new java.security.SecureRandom());
LOGGER.info("Created SSLContext initiated...");
LOGGER.info("sslDefaultSocketFactory......"
+ sc.getSocketFactory());
HttpsURLConnection.setDefaultSSLSocketFactory(sc
.getSocketFactory());
LOGGER.info("sslDefaultSocketFactory......"
+ sc.getSocketFactory());
} catch (Exception e) {
LOGGER.error("Exception is occuring...");
LOGGER.error(e.getMessage());
call = (Call) service.createCall();
} catch (ServiceException ex) {
LOGGER.error(ex.getMessage());
errorMessage = ex.getMessage();
isErrorOccured = true;
if (null != call) {
LOGGER.info("Web Service TimeOut setting :"
+ connectionTimeOut.intValue());
LOGGER.info("Setting axis propeties to use IBMFakeTrustSocketFactory");
// This will allow web service requests using the HTTPS protocol without having a valid SSL certificate installed and configured.
AxisProperties.setProperty("axis.socketSecureFactory","org.apache.axis.components.net.IBMFakeTrustSocketFactory");
call.setTimeout(connectionTimeOut);
call.setTargetEndpointAddress(strParticipantUrl);
call.setProperty(Call.SOAPACTION_USE_PROPERTY,
new Boolean(true));
call.setProperty(Call.SOAPACTION_URI_PROPERTY,
FundTransferConstants.EMPTY_STRING);
QName qnameTypeStr = new QName(FundTransferConstants.NS_XSD,
FundTransferConstants.QNAME_TYPE);
QName header = new QName(FundTransferConstants.NS_XSD,
FundTransferConstants.QNAME_TYPE);
call.setReturnType(qnameTypeStr);
call
.setOperationStyle(FundTransferConstants.WEB_SERVICE_OPERATION_RPC_STYLE);
call
.setOperationName(new QName(
FundTransferConstants.BODY_NAMESPACE_VALUE,
methodName));
call.addParameter("String_1", qnameTypeStr, ParameterMode.IN);
String[] params = { strMessage };
if (FundTransferConstants.CARRIER_RESEND_METHOD
.equalsIgnoreCase(methodName)) {
try {
call.invoke(params);
} catch (Exception ex) {
errorMessage = ex.getMessage();
isErrorOccured = true;
LOGGER.info(ex.getMessage());
} else {
int counter = 0;
while (counter < 3) {
counter++;
try {
// Here making the call which is failing
result = (String) call.invoke(params);
counter = 4;
} catch (AxisFault axisFault) {
axisFault.printStackTrace();
errorMessage = axisFault.getMessage();
isErrorOccured = true;
LOGGER.error(axisFault.getMessage());
} catch (Exception ex) {
ex.printStackTrace();
errorMessage = ex.getMessage();
isErrorOccured = true;
if (isErrorOccured) {
throw new RouterException(errorMessage);
return result;
System Error:
12/7/07 13:43:41:639 EST 000000bb SystemErr R AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse2.bx.a(bx.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java:473)
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.v.a(v.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.l(by.java(Compiled Code))
at com.ibm.jsse2.by.startHandshake(by.java(Compiled Code))
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:224)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:157)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:114)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
at org.apache.axis.client.Call.invoke(Call.java:2553)
at org.apache.axis.client.Call.invoke(Call.java:2248)
at org.apache.axis.client.Call.invoke(Call.java:2171)
at org.apache.axis.client.Call.invoke(Call.java:1691)
at com.dtcc.insurance.fundtransfer.transport.TransportHandler.transport(TransportHandler.java:245)
at com.dtcc.insurance.fundtransfer.router.MessageRouter.transport(MessageRouter.java:112)
at com.dtcc.insurance.fundtransfer.controller.MessageController.processMessage(MessageController.java:155)
at com.dtcc.insurance.fundtransfer.service.FundTransferServiceImpl.fundTransferRequest(FundTransferServiceImpl.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java(Compiled Code))
at java.lang.reflect.Method.invoke(Method.java(Compiled Code))
at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:402)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:309)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:333)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:481)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:323)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:854)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1572)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:762)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3174)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:253)
at com.ibm.ws.webcontainer.VirtualHost.handleRequest(VirtualHost.java:229)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1970)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:114)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:472)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:411)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:288)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:950)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:582)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1704)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
Caused by: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse.bi.a(Unknown Source)
at com.ibm.jsse.bi.checkServerTrusted(Unknown Source)
at com.ibm.jsse2.ba.checkServerTrusted(ba.java:16)
... 57 more
12/7/07 13:43:41:640 EST 000000bb SystemErr R AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse2.bx.a(bx.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java:473)
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.v.a(v.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.l(by.java(Compiled Code))
at com.ibm.jsse2.by.startHandshake(by.java(Compiled Code))
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:224)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:157)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:114)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
at org.apache.axis.client.Call.invoke(Call.java:2553)
at org.apache.axis.client.Call.invoke(Call.java:2248)
at org.apache.axis.client.Call.invoke(Call.java:2171)
at org.apache.axis.client.Call.invoke(Call.java:1691)
at com.dtcc.insurance.fundtransfer.transport.TransportHandler.transport(TransportHandler.java:245)
at com.dtcc.insurance.fundtransfer.router.MessageRouter.transport(MessageRouter.java:112)
at com.dtcc.insurance.fundtransfer.controller.MessageController.processMessage(MessageController.java:155)
at com.dtcc.insurance.fundtransfer.service.FundTransferServiceImpl.fundTransferRequest(FundTransferServiceImpl.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java(Compiled Code))
at java.lang.reflect.Method.invoke(Method.java(Compiled Code))
at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:402)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:309)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:333)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:481)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:323)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:854)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1572)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:762)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3174)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:253)
at com.ibm.ws.webcontainer.VirtualHost.handleRequest(VirtualHost.java:229)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1970)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:114)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:472)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:411)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:288)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:950)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:582)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1704)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
Caused by: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse.bi.a(Unknown Source)
at com.ibm.jsse.bi.checkServerTrusted(Unknown Source)
at com.ibm.jsse2.ba.checkServerTrusted(ba.java:16)
... 57 more
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at org.apache.axis.AxisFault.makeFault(AxisFault.java:129)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:131)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
at org.apache.axis.client.Call.invoke(Call.java:2553)
at org.apache.axis.client.Call.invoke(Call.java:2248)
at org.apache.axis.client.Call.invoke(Call.java:2171)
at org.apache.axis.client.Call.invoke(Call.java:1691)
at com.dtcc.insurance.fundtransfer.transport.TransportHandler.transport(TransportHandler.java:245)
at com.dtcc.insurance.fundtransfer.router.MessageRouter.transport(MessageRouter.java:112)
at com.dtcc.insurance.fundtransfer.controller.MessageController.processMessage(MessageController.java:155)
at com.dtcc.insurance.fundtransfer.service.FundTransferServiceImpl.fundTransferRequest(FundTransferServiceImpl.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java(Compiled Code))
at java.lang.reflect.Method.invoke(Method.java(Compiled Code))
at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:402)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:309)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:333)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:481)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:323)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:854)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1572)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:762)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3174)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:253)
at com.ibm.ws.webcontainer.VirtualHost.handleRequest(VirtualHost.java:229)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1970)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:114)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:472)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:411)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:288)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:950)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:582)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1704)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse2.bx.a(bx.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java:473)
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.v.a(v.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.l(by.java(Compiled Code))
at com.ibm.jsse2.by.startHandshake(by.java(Compiled Code))
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:224)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:157)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:114)
... 48 more
Caused by: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse.bi.a(Unknown Source)
at com.ibm.jsse.bi.checkServerTrusted(Unknown Source)
at com.ibm.jsse2.ba.checkServerTrusted(ba.java:16)
... 57 moreI found the fix from Oracle Support Knowlededge Base
sslTool serverInfo --url https://HOST:9043 --certFile newcert.cer
PStoreTool located in REGISTRY_HOME/bin/PStoreTool add -config
WEBLOGIC_HOME/user_projects/domains/[osr_domain_name]/servers/[osr_server_name]/tmp/_WL_user/registry/[unique id]/public/conf/pstore.xml -certFile newcert.cer
I was updating wrong file with the certificate. It had to be pstore.xml. This solved my issue.
Thanks & Regards,
Parshant -
Security Cert Not Trusted error setting up Exchange, should I continue?
When setting up my exchange account (settings-mail-accounts-Exchange) I receive an error like "Security Certificate not trusted". I have the option to continue or exit. Do I need to continue anyway? Or is their a setting for Security Certificates? I'm reluctant to continue if my iPad is at risk.
Wow! That's a lot of code just to get an image out of the resource, but if it works....
What I need to do with the image is place it on a button and I didn't think that going out to a servlet to read it in from a database or a flat file made sense given it was already in the resource. I think the button will take an ImageIcon so this should work for me.
Anyway, I'll give it a try on Monday and report back here.
Thanks!
The following seems to work for me;-) But I don't
know what you want to do with the ImageIcon after
that;-)
ExternalContext context =
ontext = (ExternalContext)getExternalContext();
HttpSession session = (HttpSession)
Session)
((HttpServletRequest)context.getRequest()).getSession(
InputStream is =
eam is =
session.getServletContext().getResourceAsStream("/reso
urces/marco.jpg");
ByteArrayOutputStream os = new
os = new ByteArrayOutputStream();
byte[] buf = new byte[1024];
try {
int len = 0;
while ((len = is.read(buf, 0, 1024)) > 0)
1024)) > 0) {
os.write(buf, 0, len);
} catch(IOException e) {
System.out.println("IOException caught.
tion caught. Error was: " + e.toString());
return null;
ImageIcon icon = new
on = new ImageIcon(os.toByteArray());
System.err.println("mw icon=" + icon);Thanks,
-- Marco -
Keychain root certificate not trusted (?)
I see a couple of items in keychain access that say "root certificate not trusted"
what is this and should they be deleted or somehow modified?
I looked at certificates with Certificate assistant "evaluate certificate"
but do not quite understand.
ThanksOk I'll try not to...
Thanks -
Support for Global SSL certificates - not
Hello,
Just found out the hard way that 10g does not support Verisign Global Certificates (Secure Site Pro).
BEA, IBM, and MICROSOFT support global certificates.
Oracle is the only one that does not!
If customer requirements dictate global certificates Oracle AS is not the product to use.
HernandoSee my reply in the other thread:
Re: SSL certificates not visible while RFC destination creation
Cheers, Wolfgang -
This shows up in my certificates in red: com.apple.systemdefault organization system identity certificate not trusted. Should I be concerned about this...does it indicate a security breach?
Can you please let us know, how you have resolved the issue. We are also getting the similar issue with the Certificate.
-
BT Mail SSl Security Certificate NOT trusted
Anyone explain this:
Solved!
Go to Solution.Seriously love to mark as 'accepted solution' the fact that MS have not updated their ruleset but then the thought occurs whose responsibility is it to tell MS the yahooca ssl certificate has been updated?
Surely this is BT's as the provider and/or yahooca's responsibility as they are the original providers and maintainers of the original and changed SSL certificates.
So come on BT as the world's largest providers of information technology surely someone can send one lousy email to MS telling them about the new certificate?
Just one email from BT is all it would take. Then all these real and actual security breaches for logging into BT Mail would disappear and logging in would be safe and secure. As it stands with the SSL certificate mismatch there's no way BT can guarantee this.
After all there's no point in having an SSL certicate if it means nothing to the end users security as they login to their mailbox. Does it? -
Invalid WSDL - Certificate not trusted - Exception while publishing WSDL in OSR from HTTPS Server
Hi,
I am publishing a Web Service in OSR from an HTTPS Server. I am getting exception as
Error message:
WSDLException: faultCode=INVALID_WSDL: java.io.IOException: java.security.cert.CertificateException: Server certificate ....... is not trusted!
To remove this exception I have done following steps
a) Added Certificate from remote server in Identity Store of WebLogic Server using keytool utilitity
keytool -import -alias devCertificate -file c:/certificates/okdsoa.cer -truststore demoIdentityStore.jks
b) Added Certificate from remote server in the trust store of weblogic server using keytool utility
keytool -import -alias devCertificate -file c:/certificates/okdsoa.cer -truststore demoTrust.jks
This didnot help.
Then I imported certificate to OSR using PStoreTool command as
PStoreTool.bat add -config C:/OSRHome/registry111/conf/clientconf.xml -certFile c:/certificates/okdsoa.cer
Bounced the servers but that also didnot help.
Can you please suggest?
Thanks,
ParshantI found the fix from Oracle Support Knowlededge Base
sslTool serverInfo --url https://HOST:9043 --certFile newcert.cer
PStoreTool located in REGISTRY_HOME/bin/PStoreTool add -config
WEBLOGIC_HOME/user_projects/domains/[osr_domain_name]/servers/[osr_server_name]/tmp/_WL_user/registry/[unique id]/public/conf/pstore.xml -certFile newcert.cer
I was updating wrong file with the certificate. It had to be pstore.xml. This solved my issue.
Thanks & Regards,
Parshant -
WLS 7 SSL class not found error
Actually, I got the same error message to start the Node Manager. However, I don't
have the RSA license at this moment. How can it make the WL to use com.certicom.net.ssl.CerticomContextWrapper
instead of com.rsa.ssl.WeblogicContextWrapper?
Thanks,
Victor
"Pavel Smelkov" <[email protected]> wrote:
It looks like ClassNotFoundException happend when WLS tried to initialize
SSL implementation class, which is
com.certicom.net.ssl.CerticomContextWrapper by default, or
com.rsa.ssl.WeblogicContextWrapper if you have an RSA license. Since
Certicom classes are shipped in weblogic.jar, you must have RSA license,
but
no RSA SSL classes in the server classpath?
Pavel.
"Jeff Davis" <[email protected]> wrote in message
news:[email protected]...
I'm having difficulty configuring the SSL port to listen to httpsrequests. The error
that I always receive (regardless of which sample I maybe running,from
the server
samples to the portal ones) is similar to the following (notice the"Not
listening
for SSL, java.net.SocketException: Class not Found" error):
**** START OF CONSOLE LOG **** <Jul 1, 2002 5:07:21 PM PDT> <Notice><Management>
<141052> app tag removed <!--- Application Poller started for developmentserver.>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ After the server hasbooted, your
browser should automatically launch and point to the WebLogic ServerIndex
running
on this server. If your browser fails to launch, point your browserto the
URL "http://JDavis-m1:7001/examplesWebApp/index.jsp"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <Jul 1, 2002 5:07:22PM
PDT> <Emergency>
<Security> <090034> <Not listening for SSL, java.net.SocketException:Class not Found.>
<Jul 1, 2002 5:07:23 PM PDT> <Notice> <WebLogicServer> <000354> <Thread"ListenT
hread.Default" listening on port 7001> <Jul 1, 2002 5:07:23 PM PDT><Notice> <Management>
<141030> <Starting discovery of Managed Server... This feature is onby
default,
you may turn this off by pas sing -Dweblogic.management.discover=false><Jul 1, 2002
5:07:23 PM PDT> <Notice> <WebLogicServer> <000331> <Started WebLogic
Admin Server
"examplesServer" for domain "examples" running in Development Mod e><Jul
1, 2002
5:07:23 PM PDT> <Notice> <WebLogicServer> <000365> <Server state changed
to RUNNING>
<Jul 1, 2002 5:07:23 PM PDT> <Notice> <WebLogicServer> <000360> <Serverstarted in
RUNNING mode>
**** END OF CONSOLE LOG **** I haven't made any changes to the SSLsetup,
other than
simply indicating I want it active (if that choice is not already active)
I am just seeking to get the SSL using the test/demo certificate tofunction so that
I can complete a demo of the commerce product to a client (requiresport
7502 to
function)
Thanks!
Jeff Davis
</textarea> <br>
<input type=submit name="action" value="Post" >
</font></td></tr></table>
</form>
<hr>
</FONT>
<!-- ** COPY CONTENT INTO THIS SECTION HERE ** -->
</TD>
</TR>
</TABLE>
<!--start footer include -->
<table width="720" border="0" cellspacing="0" cellpadding="0">
<tr bgcolor="#CCCCCC">
<td><img name="news_r06_c01" src="/images/shim.gif" width="1" height="1" border="0"></td>
</tr>
<tr>
<td nowrap>
<div align="left"><img name="news_r17_c01" src="/images/footer1.gif" width="467"
height="18" border="0"><img name="news_r17_c31" src="/images/footer2.gif" width="200"
height="18" border="0" usemap="#news_r17_c31Map"><MAP name="news_r17_c31Map"><AREA
shape="rect" coords="139,2,167,18" href="http://www.bea.com/privacy.html"><AREA
shape="rect" coords="80,3,127,16" href="mailto:[email protected]"><AREA shape="rect"
coords="11,4,73,16" href="http://www.bea.com/contact/index.html"></MAP></div>
</td>
</tr>
</table>
<!--end footer include -->
</BODY>
</HTML>
</body></html>Thanks for your responce ...
I had discovered that when I typed "java program name" the java was running from /usr/bin a non-ssl enabled java installation. There was an SSL enabled version under another path on this box and it ran my code fine. -
Firefox blocks sites certificate not trusted
I reset firefox to try and cure a email printing issue where firefix was printing all emails in tiny font. After the reset firefox would not access sites like google because the certificate was not trusted. I tried turning off my security system - Norton - but that didn't correct the problem. I also reinstalled firefox but the problem persisted. Also made sure that I had the proper time set in the computer. I'm using IE to get my emails and access sites that firefox is blocking me from but would like to cure the firefox issue.
hello, a possible solution depends on different factors:
* what is the '''error code''' shown under ''technical details'' on the error page?
in case the error code equals ''sec_error_unknown_issuer'', please attempt to add an exception on the bottom of the error page & inspect the certificate (see the screenshot attached for instructions):
* which '''issuer information''' does the certificate contain?
thank you!
[["This Connection is Untrusted" error message appears - What to do]] -
SSL certificates not visible while RFC destination creation
Hi all,
I am setting up an RFC destination to connect to external server and which uses SSL certificates for its authorization.
So i have imported the Client certificates into STRUST.
While setting up an RFC connection of type G, in the security tab when we select the SSL security certificate radio button, will we be able to see the certificates(in the combo box) that we have imported in STRUST.
Currently, though i have imported the Client certificates into STRUST, i am not able to see them in the SS security certificates combo box.
Kindly help me out.
Cheers,
Siva Maranani.Well, first of all we should avoid confusion by using the term "<i>ABAP destination</i>" rather than "<i>RFC destination</i>" (although ABAP transaction SM59 still has this old title).
When referring to an "ABAP destination of type G" we are talking of an outbound http connection to a non-ABAP server (e.g. an SAP J2EE server or any other http server).
I'm not sure whether you are aware that in this context "<i>SSL client certificate</i>" refers to the ABAP <u>system</u> (which is the SSL client in this scenario). This is different from scenarios where "X.509 client certificate" refers to a certificate which is assigned to an individual <u>user</u> (using a web browser). <b>In the given scenarios, where two systems are the communication peers, SSL cannot be used for user authentication.</b> That fact is often misunderstood.
By default you'll find 3 different SSL certificates (actually: PSEs) in an ABAP system (which can be used only after enabling SSL, of course - see note 510007 for instructions):
- SSL Server
- SSL Client (anonymous)
- SSL Client (Default)
Well, the "<i>SSL Client (anonymous)</i>" is actually not really a "client certificate" but used for outgoing http requests where you do not intend to send your own SSL client certificate. Since you cannot use the server's SSL client certificates for user authentication it might make sense to use "<i>SSL Client (anonymous)</i>" is most cases.
Please notice: you have to add the server's SSL certificate (respectively the root CA certificate and potentially intermediate CA certificates) to the certificate list of the "<i>SSL Client (anonymous)</i>" PSE (using STRUST). By default, that list is empty - consequently no SSL server certificate is trusted (in contrast to a web browser which is already shipped with a long list of "trusted CAs").
Only when the (remote) server demands SSL client certificates it might make sense to use either "<i>SSL Client (Default)</i>" or to define a new SSL client certificate (for the ABAP system that submits the https request).
Please notice:
SSL client certificates need to be issued by an Certification Authority (CA) in order to be accepted by the SSL server.
In addition to importing the SSL server's certificate to the certificate list of the SSL client PSE (see above: <i>anonymous SSL client</i>) you also need to export the root CA certificate (and potentially all intermediate CA certificates) of the SSL client certificate and import it to the (remote) SSL server's keystore (kindly refer to the manuals of that server for instructions).
Kind regards, Wolfgang
PS: I assume that you have imported some certificates to the certificate list of a SSL client PSE. In SM59 only those SSL client PSEs are listed: "<i>SSL Client (anonymous)</i>", "<i>SSL Client (Default)</i>" and all SSL client PSEs that you might have defined in addition (using transaction STRUST => <i>Environment</i> => <i>SSL Client Identities</i>). -
This Connection is untrusted (issuer certificate not trusted)
For the past week I have been unable access internet sites via firefox. I keep getting the "The connection is untrusted" error. It does not matter what site, be it google, Mozilla or Yahoo mail.
I have deleted the cert8.db file, cleaned my history and cache and reset firefox but nothing helps. When I go through the "I understand the risk" steps the sites load but not properly. Usually no pictures will load.www.google.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is not trusted.
(Error code: sec_error_untrusted_issuer)
It is a work computer and I believe we use McAffee.
I follow the other directions and viewed the certificate. All looks OK, my time is correct, the certificate isn't set to expire till sometime in October. -
Digital ID certificate not trusted
I'm trying to add digital ID certificates for governmental employees with whom I communicate by e-mail. I used an e-mail including those certificates (*.cer format) to transmit the certs to the new IPad, and I was able to install them, but they are all listed as "Not Trusted". How do I go about designating that they are to be trusted?
I also added my own digital ID cert (*pfx format), and it has exactly the same situation: installed, but "not trusted."
Thanks.Thanks for reply but the message comes up every time I log into Santander. Interestingly this happens on Safari and Chrome but if I use my old browser Camino it comes up as secure. Will ring Santander again today and my ISP to see if they can shed any light. The same issue has occurred on ebay too but that seems to have resolved itself. Will let you know if I make any progress
Maybe you are looking for
-
I just bought a Mac Mini (late 2012) with a 1TB HDD and I'm planning to install a second drive, an SSD (Samsung 840 evo) and create the Fusion Drive, and I have a couple of questions: 1- I've read lots of articles on how to do this but I'm not sure i
-
ISE 1.1.1 temporarily unvailable during VMWare snapshot
Hi all, we have a distributed deployment and when we snapshot out ISE VM's, they become unavailable for 1 - 2 minutes... Is this normal? Is anyone else seeing this? they have VMWARE tools installed although VSphere Client is showin
-
How to send the type of tunnel in access-request?
Hello, I have a PPTP/L2TP access server and two groups of clients: PPTP-only clients and L2TP-only clients. All clients is authenticated with one Radius server. I need to send type of tunnel (PPTP or L2TP) to Radius to distinguish these groups of cli
-
Does SRM SUS support contract negotiation from supplier point of view?
Dear experts, could you please share your view on whether SRM sus support contract handling? can a supplier monitor contract fulfillment or potential expiry of a contract from SRM SUS side? can supplier take part in contract re negotiation from SUS s
-
Using AppleScript with Toast to burn MP3 disc
I'm trying to get Toast to add all the subfolders of a chosen folder to a new MP3 Disc. The attached script works fine except it adds the source folder, then puts all the subfolders inside it. IE Disc layout becomes Source Folder ----> subfolder 1 --