SSL Provider in PI 7.1 NWA
Hello,
We are trying to apply SSL to PI 7.1 (ABAP+JAVA). We haver created ssl certificate in the SSL key storage and now we want to activate this in SSL provider service.
Now that there is no visual administrator in PI 7.1, we are forced to use NWA and we cannot find SSL provider service in NWA.
Please let me know as where to find the SSL provide in new NWA.
Thanks,
Praveen
Hi Praveen,
Please look at the following link and see if helps you.
https://ecohub.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/808d3048-638c-2a10-35a6-faa48e50ad59
I have also found another link from the help site. Please check it out and see if it helps
http://help.sap.com/saphelp_nwpi711/helpdata/en/a0/f3d378e6be44219237733d7cff3644/content.htm
Please do check this link and see if it helps you
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/109aa318-5aa6-2a10-799d-a495383c1e01
Best Regards.
Edited by: Prakash Bhatia on Apr 20, 2009 10:39 AM
Edited by: Prakash Bhatia on Apr 20, 2009 10:44 AM
Similar Messages
-
SSL provider service is PI 7.1
Hello
We are moving the interfaces from PI 7.0 to PI 7.1 EHP1 and trying to apply SSL to PI 7.1 EHP1. We have created ssl certificate in the SSL key storage and now we want to activate this in SSL provider service.
Now that there is no visual administrator in PI 7.1. So could you please let me know as where to find the SSL provide in new NWA. or the procedure for activating the same.
Thanks in advance
KalyanHi Kalyan,
Log on NWA and then Configuration Management -> Certificates and Keys.
Content -> Trusted CA
Add here the public certificate and the ssl connection should work.
Please see the below link, it might be useful to you.
http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
Regards,
Rajesh -
The server was unable to load the SSL provider library needed to log in
Hello All,
When I am trying to login to my default SQL 2008R2 SP2 instance in windows 2003 server via ssms, I am getting the below error
A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: Shared Memory Provider, error: 0 - No process is on the other end of the pipe.) (.Net SqlClient Data Provider)
When I looked into the error log and i could see lot of these messages.
The server was unable to load the SSL provider library needed to log in; the connection has been closed. SSL is used to encrypt either the login sequence or all communications, depending on how the administrator has configured the server. See Books
Online for information on this error message: 14 Not enough storage is available to complete this operation.
Force protocol encryption is set to off.
I am not sure what is the underlying problem. server's total RAM is 4 Gb and max_server_memory is set to 2 GB. CPU utilization is very normal at the time of issue.
I restarted the SQL service and i am able to connect to the instance, but the issue is repeating and i need to find a permanent fix.
ThanksI could also see the below in error log some time before i get the above alert
Error: 701, Severity: 17, State: 123.
There is insufficient system memory in resource pool 'internal' to run this query
then after sometime flurry of alerts
The server was unable to load the SSL provider library
needed to log in; the connection has been closed. SSL is used to encrypt either the login sequence or all communications, depending on how the administrator has configured the server. See Books Online for information on this error message: 14 Not enough storage
is available to complete this operation.
Thanks -
Hello,
I have configured BizTalk Services Hybrid Connection between Standard Azure Website and SQL Server 2014 on premise.
Azure Management portal shows the status of Hybrid Connection as established.
However, the website throws an error when trying to open a connection
<
addname="DefaultConnection"
connectionString="Data
Source=machine name;initial catalog=AdventureWorks2012;Uid=demouser;Password=[my password];MultipleActiveResultSets=True"
providerName="System.Data.SqlClient"
/>
(The same website, with the same connection string deployed on SQL Server machine works correctly).
I tried various options with the connections sting (IP address instead of machine name, Trusted_Connection=False, Encrypt=False, etc. the result is the same
[Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
[SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.
I tried various machines - on premise and a clean Azure VM with SQL Server and it results in the same error - below full stack
The certificate chain was issued by an authority that is not trusted
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ComponentModel.Win32Exception: The certificate chain was issued by an authority that is not trusted
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
[SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)]
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +5341687
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +546
System.Data.SqlClient.TdsParserStateObject.SNIWritePacket(SNIHandle handle, SNIPacket packet, UInt32& sniError, Boolean canAccumulate, Boolean callerHasConnectionLock) +5348371
System.Data.SqlClient.TdsParserStateObject.WriteSni(Boolean canAccumulate) +91
System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte flushMode, Boolean canAccumulate) +331
System.Data.SqlClient.TdsParser.TdsLogin(SqlLogin rec, FeatureExtension requestedFeatures, SessionData recoverySessionData) +2109
System.Data.SqlClient.SqlInternalConnectionTds.Login(ServerInfo server, TimeoutTimer timeout, String newPassword, SecureString newSecurePassword) +347
System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover) +238
System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout) +892
System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance) +311
System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData) +646
System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) +278
System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions) +38
System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +732
System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +85
System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) +1057
System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +78
System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) +196
System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +146
System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +16
System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry) +94
System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) +110
System.Data.SqlClient.SqlConnection.Open() +96
System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +44
[EntityException: The underlying provider failed on Open.]
System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +203
System.Data.EntityClient.EntityConnection.Open() +104
System.Data.Objects.ObjectContext.EnsureConnection() +75
System.Data.Objects.ObjectQuery`1.GetResults(Nullable`1 forMergeOption) +41
System.Data.Objects.ObjectQuery`1.System.Collections.Generic.IEnumerable<T>.GetEnumerator() +36
System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) +369
System.Linq.Enumerable.ToList(IEnumerable`1 source) +58
CloudShop.Services.ProductsRepository.GetProducts() +216
CloudShop.Controllers.HomeController.Search(String SearchCriteria) +81
CloudShop.Controllers.HomeController.Index() +1130
lambda_method(Closure , ControllerBase , Object[] ) +62
System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +193
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27
System.Web.Mvc.Async.<>c__DisplayClass42.<BeginInvokeSynchronousActionMethod>b__41() +28
System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +10
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32
System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +58
System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +225
System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult) +10
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34
System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +23
System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +99
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27
System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +14
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +39
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +29
System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +25
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +31
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9651188
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.36213
Regards,
Michal
Michal MorciniecSame issue here, looking for more information !
-
I get a ssl Provider error while running a file..
WHen I try to run a file <filename>.java (the file has no problem in compilation), I get an error that says - "Exception in thread "main" java.lang.NoClassDefFoundError: com/sun/net/ssl/internal/ssl/Provider".
What does this mean and how can I rectify it? I've already edited the java.security file and added the provider -
security.provider.1=com.sun.net.ssl.internal.ssl.Provider
but still the problem occurs.I can not even compile the file since there is no .Provider() method!
java.security.Security.setProperty("security.provider.1","com.sun.net.ssl.internal.ssl.Provider");
java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());None of these works! I can get the JSSE work while setting provider in java.security file as:
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
but I can not set it dynamically! Any help? -
SSL Provider showing no sockets
Hi Experts,
I am facing the following issue: I am trying to setup SSL on a new system but when trying to apply the certificate to the 5xx01 port I am not seeing any sockets in the Visual Admin under SSL Provider --> Dispatcher 1234 --> Active / New Sockets.
Just as I have done with other systems I have uploaded a correct PK12 key and a certificate (named ssl-credentials and ssl-credentials-cert). But even after a restart there is no socket showing (under SSL Provider in the Visual Admin) in either, active or new sockets.
Anyone know if these need to be initialized or created? I have setup 8+ systems in the landscapes with SSL and have not run into this issue yet. You never stop learning ...
I would greatly appreciate any input given.
Thanks in advance,
JanDid you try it out? What happened? SSL is enabled per default; you don't need to do anything.
You should however, remove and then add the credentials in the SSL provider. I've noticed that this is necessary when you change anything. You should also add your own root certificate there. -
Implementing your own SSL provider
Hello,
Im working on a new TLS/SSL implementations. I got all the classes(i.e. sslsocket, etc) ready. The problem i have is that i cant get my socketfactory using SSLFactory.getDefault, because when i do it an exception lang.runtime.exception:export restriction: SunJSSE only is thrown. Is there any way i can fix it?
I live outside the US
looking forward to any replies ;)
lukaszI assume you are on JDK 1.4.x? At this point, no, you can't plug in your own provider into the Sun JDK.
However, in 1.5.x, you can, as long as the sslsocket/sslengine only reports SSL/TLS ciphersuites that
are on the "approved" list.
http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/jsse-tiger-beta2.html#PLUG -
How can you manage ssl service provider service in PI 7.1?
Hello there..
I am trying to find a place in Netweaver admin tool so that I can add CA certificate into the SSL provider service Trusted Certification Authorities list. I use to be able to do that in Visual Admin tool -> dispatcher node -> Services -> SSL Provider -> Runtime tab -> Client Authentication, but now I cannot find anywhere in the NetWeaver Admin tool.
Thanks.
Jerry.Hi Jerry,
Once you login to the NWA, follow this path
Configuration Management -> Security -> Certificate and keys ->
You need to import the client certificate under ICM_SSL_xxx and you can find SSL_Provider if you scroll completly down. You need to import the private key of the client certificate under ICM_SSL_xxx.
You have even Trusted CA's under this list. Please let me know if you have any problems.
Thanks,
Srini
Edited by: srinivas kapu on Dec 18, 2008 9:58 PM -
Urgent help require to configure an SSL incoming socket provider
Hi,
We are using RIDC to integrate UCM with Portal application.
Also using SSL Communication for the same but we are unable to stablish a connection between portal and UCM.
We have filled the SSL provider's details as given below
Provider Name: SSL_Provider
Provider Description: For RIDC Test
Connection State: down
Last Activity Date: None
Provider Type: sslincoming
Provider Class: idc.provider.ssl.SSLSocketIncomingProvider
Provider Connection: intradoc.provider.SocketIncomingConnection
Server Thread Class: intradoc.server.IdcServerThread
Server Port: 16204
Request Client Authentication: Yes
Require Client Authentication: Yes
Keystore File Path: /ucmapp/wlserver_10.3/server/lib/DemoIdentity.jks
Alias: RIDCTest
Truststore File Path: /ucmapp/wlserver_10.3/server/lib/DemoTrust.jks
we are using the following Ports
Server Port = 16204
SSL Server Port = 16302
Intradoc Port = 9999
Somebody let us know if we are going somewhere wrong.
Thanks in AdvanceJust to verify you do not have your own router/gateway correct? Your computer either connects directly into the wall or into a box provided by the ISP?
Router/gateways stop incoming requests. And if it is yours then you have to figure out how to configure it so it allows those requests through.
But presuming that you do not....
Again i wanna make it clear that nobdy is able to ping
my machine and i am also not able to ping any
ipaddress whether it be yahoo or anything else. But i
am able to access every site (ofcourse through
browser) and i am also able to use every application
which is using custom ports.
Get ethereal. Play with it a bit. Use your browser and capture what occurs so you know what is going on.
Then have someone ping you while running.
I suspect you will not see the ping packet.
What this means is that your ISP is blocking all incoming socket connection requests. You solution is ....
- Get them to open the ports up
- Get a different ISP.
The problem : nobdy is able to connect to the server
writen by me in java.
Also the client and the server are diferent. The
server waits for incoming client requests (using
sock.accept() ) while the client simply tries to
connect to server through the constructor
'Socket(ipaddress, port)'.Yes, but in one case your machine connects to something while in the other something connects to it.
One thing is clear from all this that the path to
server is not getting resolved whether i try to
connect to the server using my client or the browser
or any other application which tries to connect to an
ipaddress on a particular port.
Resolved? Resolution only occurs when you use a domain name. There is no resolution when an IP is being used. You are using an IP for all of your testing correct? -
While using java mail API, to establish a secure connection with the target server, we use a property object to set any custom socket factory like the following:
props.setProperty( "mail."+ protocol + ".socketFactory.class", "com.realops.adapter.mail.ssl.CustomSSLSocketFactory")
We also set our custom socket factory in the security api like:
Security.setProperty( "ssl.SocketFactory.provider", "com.realops.adapter.mail.ssl.CustomSSLSocketFactory");
Just wanted to know the difference b/w these two lines.
We pass the properties object while creating a javamail session. So it will pick the custom socket factory from the properties object, in this case do we still need to set the custom socket factory in the Security API?
Thanks.Thanks for the answer.
Can you please also tell me how Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()) is functionally different from Security.setProperty( "ssl.SocketFactory.provider",...).
Do we always need to 'add' the provider if we are using the Sun's default socket factory or can we simple use local properties object for setting the sun's default socket factory also (assuming it is to be used by java mail only)?
Should I post a separate thread for this?
Much Thanks. -
ERROR: - Cannot export - JAVA is not the current PSE provider!
Hello Colleagues,
in our SAP PI 7.31 Dual-Stack system we facing following error "ERROR: -> Cannot export - JAVA is not the current PSE provider!" under Netweaver Administrator (NWA) -- > Certificates and Keys: Key Storage, if we executing button "Export View to PSE" for view "ICM_SSL_*".
As by default for ABAP and Dual-Stack systems, profile parameter "ssl/pse_provider" is set to ABAP.
How we are able to solve that issue?
Many thanks in advance!
Regards,
JochenHello Mr. Schertel,
I'm facing the same error in our system.
Did you already solve the problem?
Best Regards,
Alexander Beck -
Https connection from Provider
I am creating an https URLConnection from a Provider. I generally use
com.sun.net.ssl.internal.ssl.Provider from the jsse package. Does anyone
know which class I should use in the portal environment. I am searching
through the lib jars and don't see anything yet?I just answered my own question by trial and error. You do not have to set
any Security or System properties, it's already taken care of (I don't know
where?). Https URLs magically work.
"James McCartney" <[email protected]> wrote in message
news:a125vf$[email protected]..
I am creating an https URLConnection from a Provider. I generally use
com.sun.net.ssl.internal.ssl.Provider from the jsse package. Does anyone
know which class I should use in the portal environment. I am searching
through the lib jars and don't see anything yet? -
BAD_CERTIFICATE error calling a web service over SSL in ALSB 2.6
We have a business service on an ALSB 2.6 server (running on WL 9.2.1) that connects to a web service over SSL. When we try to run it, we get the following exception:
<Sep 17, 2009 7:49:17 AM PDT> <Error> <ALSB Kernel> <BEA-380001> <Exception on TransportManagerImpl.sendMessageToService, com.bea.
wli.sb.transports.TransportException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
com.bea.wli.sb.transports.TransportException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.bea.wli.sb.transports.TransportException.newInstance(TransportException.java:146)
at com.bea.wli.sb.transports.http.HttpOutboundMessageContext.send(HttpOu
tboundMessageContext.java:310)
at com.bea.wli.sb.transports.http.HttpsTransportProvider.sendMessageAsync(HttpsTransportProvider.java:435)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
Truncated. see log file for complete stacktrace
This exception only occurs when hitting the web service through the bus. I have written a standalone Java application that posts to the web service and it works fine. I ran the application on the server where the ALSB is running using the same jdk (1.5.0_06 - the version that ships with 9.2.1) and the same cacerts file so I know it's not a problem with the certificate not being trusted. I have tried updating the cacerts file to the latest one distributed with JRE 1.6 and it still doesn't work.
After 8 hours of troubleshooting, I'm out of ideas. Does anyone have any suggestiosn?
Thanks.
Matt
Edited by: user6946981 on Sep 17, 2009 7:58 AMAre you sure that your standalone application is using the same keystore (eg. cacert)? Default WebLogic configuration uses different keystore (demo).
I saw BAD_CERTIFICATE error only once and the cause was in keytool that somehow corrupted certificate during import. Deleting and importing certificate again helped me, but I doubt you have the same problem as your standalone application works.
Another idea ... Is hostname varification used? I know that the error message would look different if this was the cause, but try to add this parameter to your weblogic startup script: -Dweblogic.security.SSL.ignoreHostnameVerification=true
Last but not least, there is difference between your standalone application and ALSB runtime as WebLogic uses Certicom SSL provider. If you don't find the reason, contact Oracle support. Maybe they can help you to tweak Certicom provider in some way. -
Error 403.7 - Forbidden: SSL client certificate is required
Hi people!
I�m developing a java client to a WebService (developed in .NET). The communication protocol is HTTPS to the URL where the Web Service is located (something like https://10.200.140.117/dirNotes/serviceName.asmx.). I�ve been reading many posts but I could'nt find the solution to the problem wich has the following message: Error 403.7 - Forbidden: SSL client certificate is required".
I�m using JDK 1.5 and developing and testing on Windows Plataform. I'm able to access the URL specified above directly from the browser, I installed the client certificate (the same that �ve put into the ,jks keystore. I�ve also imported the whole certificate chain of the server to the cacerts.
I�ll paste the code and the console trace below. I�d be very grateful if you can help me. Thanks a lot.
_THE CODE_
package principal;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.Security;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.apache.axis.client.Call;
import org.apache.axis.client.Service;
import entidade.Certificado;
public class SSLClient {
private static final int PORT_NUMBER = 443;
private static final String HTTPS_ADDRESS = "10.200.140.117";
private static String strCabecalhoMsg = "";
private static String strDadosMsg = "";
public static void main(String[] args) throws Exception {
System.setProperty("javax.net.ssl.keyStore", Certificado.getStrNomeArquivoJKSServidor());
System.setProperty("javax.net.ssl.keyStorePassword", "senha");
System.setProperty("javax.net.ssl.trustStore", "Certificados/cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("javax.net.debug","ssl,handshake,record");
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream(Certificado.getStrNomeArquivoJKSServidor()),
Certificado.getArranjoCharSenhaCertificadoServidor());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, Certificado.getArranjoCharSenhaCertificadoServidor());
KeyStore ksT = KeyStore.getInstance(KeyStore.getDefaultType());
ksT.load(new FileInputStream("C:/Arquivos de programas/Java/jre1.5.0_05/lib/security/cacerts"), "changeit".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ksT);
SSLContext sc = SSLContext.getInstance("SSLv3");
sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new java.security.SecureRandom());
SSLSocketFactory factory = sc.getSocketFactory();
try{
// method to load the values of the strings strCabecalhoMsg and strDadosMsg
carregarXMLCabecalhoDados();
SSLSocket socket =(SSLSocket)factory.createSocket(HTTPS_ADDRESS, PORT_NUMBER);
socket.startHandshake();
String [] arr = socket.getEnabledProtocols();
URL url = new URL("https://10.200.140.117/dirNotes");
HttpsURLConnection.setDefaultSSLSocketFactory(factory);
HttpsURLConnection urlc = (HttpsURLConnection) url.openConnection();
urlc.setDoInput(true);
urlc.setUseCaches(false);
Object[] params = {strCabecalhoMsg, strDadosMsg};
Service service = new Service();
Call call = (Call) service.createCall();
call.setTargetEndpointAddress(url);
call.setOperationName("serviceName");
String ret = (String) call.invoke(params);
System.out.println("Result: " + ret);
catch (UnknownHostException uhe) {
uhe.printStackTrace();
System.err.println(uhe);
catch (Exception uhe) {
uhe.printStackTrace();
System.err.println(uhe);
private static void carregarXMLCabecalhoDados()
try
BufferedReader input = new BufferedReader( new FileReader("notas/cabecalho.xml"));
String str;
while((str=input.readLine()) != null)
strCabecalhoMsg += str ;
System.out.println("Cabe�a: " + strCabecalhoMsg);
input = new BufferedReader( new FileReader("notas/nota.xml"));
while((str=input.readLine()) != null)
strDadosMsg += str ;
System.out.println("Nota: " + strDadosMsg);
catch (FileNotFoundException e)
// TODO Auto-generated catch block
e.printStackTrace();
catch (IOException e)
// TODO Auto-generated catch block
e.printStackTrace();
_THE TRACE_
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 21:19:54 BRT 1999 until Tue Jun 25 21:19:54 BRT 2019
*others trusted certs*
trigger seeding of SecureRandom
done seeding SecureRandom
export control - checking the cipher suites
export control - no cached value available...
export control - storing legal entry into cache...
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1198158630 bytes = { 48, 135, 53, 24, 112, 72, 104, 220, 27, 114, 37, 42, 25, 77, 224, 32, 12, 58, 90, 217, 232, 3, 104, 251, 93, 82, 40, 91 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 3953
*** ServerHello, TLSv1
RandomCookie: GMT: 1198158523 bytes = { 56, 166, 181, 215, 86, 245, 8, 55, 214, 108, 128, 50, 8, 11, 0, 209, 38, 62, 187, 185, 240, 231, 56, 161, 212, 111, 194, 79 }
Session ID: {222, 2, 0, 0, 147, 179, 182, 212, 18, 34, 199, 100, 168, 167, 48, 116, 140, 186, 151, 153, 226, 168, 163, 174, 24, 83, 208, 73, 179, 57, 86, 137}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
*many chains and related data*
Found trusted certificate:
Version: V3
Subject:
*many trusted certificates and related data*
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 117, 112, 233, 166, 240, 9, 226, 67, 53, 111, 194, 84, 124, 103, 197, 28, 17, 36, 32, 48, 145, 166, 161, 61, 30, 63, 153, 214, 137, 113, 222, 204, 138, 77, 212, 75, 65, 192, 159, 215, 69, 156, 47, 188, 179, 219 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 75 70 E9 A6 F0 09 E2 43 35 6F C2 54 7C 67 ..up.....C5o.T.g
0010: C5 1C 11 24 20 30 91 A6 A1 3D 1E 3F 99 D6 89 71 ...$ 0...=.?...q
0020: DE CC 8A 4D D4 4B 41 C0 9F D7 45 9C 2F BC B3 DB ...M.KA...E./...
CONNECTION KEYGEN:
Client Nonce:
0000: 47 6A 73 26 30 87 35 18 70 48 68 DC 1B 72 25 2A Gjs&0.5.pHh..r%*
0010: 19 4D E0 20 0C 3A 5A D9 E8 03 68 FB 5D 52 28 5B .M. .:Z...h.]R([
Server Nonce:
0000: 47 6A 73 BB 38 A6 B5 D7 56 F5 08 37 D6 6C 80 32 Gjs.8...V..7.l.2
0010: 08 0B 00 D1 26 3E BB B9 F0 E7 38 A1 D4 6F C2 4F ....&>....8..o.O
Master Secret:
0000: 0B 3A 71 F8 BB 79 5E 07 78 C2 5F 13 4F 92 9D 87 .:q..y^.x._.O...
0010: CF 69 0D 07 78 D2 59 46 1E C3 C1 5B A2 DB 04 B9 .i..x.YF...[....
0020: 42 60 92 48 59 8E FD FD C3 5B BD 00 9C 54 7A 7E B`.HY....[...Tz.
Client MAC write Secret:
0000: 33 7C 19 C4 75 D2 CE 82 39 98 37 E5 7D 20 CB B1 3...u...9.7.. ..
Server MAC write Secret:
0000: 1E 1E 48 C7 D4 77 23 E4 22 26 8B 98 2E 92 5C 95 ..H..w#."&....\.
Client write key:
0000: EE 05 39 76 B2 85 63 6C F7 70 30 CB 6D 08 07 54 ..9v..cl.p0.m..T
Server write key:
0000: 5C 2E 3B 5E DC D9 EC C5 04 C4 D5 B5 12 11 B9 08 \.;^............
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 143, 115, 243, 131, 242, 244, 12, 44, 191, 172, 205, 122 }
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 231, 215, 37, 250, 177, 121, 111, 192, 11, 41, 1, 165 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : Certificados/certificadoSondaMonitor.jks
keyStore type is : JKS
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: Certificados\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 21:19:54 BRT 1999 until Tue Jun 25 21:19:54 BRT 2019
adding as trusted cert:
* many certificates*
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
export control - checking the cipher suites
export control - found legal entry in cache...
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1198158632 bytes = { 93, 1, 41, 236, 165, 146, 251, 117, 129, 195, 129, 72, 245, 181, 43, 48, 80, 251, 244, 198, 223, 85, 82, 101, 20, 159, 17, 26 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 3953
*** ServerHello, TLSv1
RandomCookie: GMT: 1198158525 bytes = { 109, 114, 234, 1, 130, 97, 251, 9, 61, 105, 56, 246, 239, 222, 97, 143, 22, 254, 65, 213, 10, 204, 153, 67, 237, 133, 223, 48 }
Session ID: {23, 30, 0, 0, 26, 129, 168, 21, 252, 107, 124, 183, 171, 228, 138, 227, 94, 17, 195, 213, 216, 233, 205, 2, 117, 16, 21, 65, 123, 119, 171, 109}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
many chains again
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 116, 247, 155, 227, 25, 25, 231, 129, 199, 76, 134, 222, 98, 69, 149, 224, 75, 6, 60, 121, 115, 216, 244, 246, 102, 92, 188, 64, 113, 56, 190, 43, 32, 51, 90, 254, 141, 184, 71, 48, 41, 29, 173, 180, 46, 116 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 74 F7 9B E3 19 19 E7 81 C7 4C 86 DE 62 45 ..t........L..bE
0010: 95 E0 4B 06 3C 79 73 D8 F4 F6 66 5C BC 40 71 38 ..K.<ys...f\.@q8
0020: BE 2B 20 33 5A FE 8D B8 47 30 29 1D AD B4 2E 74 .+ 3Z...G0)....t
CONNECTION KEYGEN:
Client Nonce:
0000: 47 6A 73 28 5D 01 29 EC A5 92 FB 75 81 C3 81 48 Gjs(].)....u...H
0010: F5 B5 2B 30 50 FB F4 C6 DF 55 52 65 14 9F 11 1A ..+0P....URe....
Server Nonce:
0000: 47 6A 73 BD 6D 72 EA 01 82 61 FB 09 3D 69 38 F6 Gjs.mr...a..=i8.
0010: EF DE 61 8F 16 FE 41 D5 0A CC 99 43 ED 85 DF 30 ..a...A....C...0
Master Secret:
0000: FC C9 75 A4 2B F1 8A D8 AD 16 27 70 B7 E4 64 6C ..u.+.....'p..dl
0010: 05 D7 33 4A 53 91 2F 51 1E 32 D3 3B 2E 18 2E BC ..3JS./Q.2.;....
0020: E4 16 EE 2F 01 A1 08 48 19 09 32 68 CE 69 8F B1 .../...H..2h.i..
Client MAC write Secret:
0000: F1 95 3B CE 06 5B 8A 9B EC DE 1C 8F B4 AB D9 36 ..;..[.........6
Server MAC write Secret:
0000: BF 52 36 48 63 24 FE 74 22 BE 00 99 BE F0 6E E5 .R6Hc$.t".....n.
Client write key:
0000: 9F 08 0A 6E 8F 54 A3 66 1C BC C7 6B AE 88 67 E0 ...n.T.f...k..g.
Server write key:
0000: 06 A1 0B 4F 69 DE 5F AF 0E 6B B5 04 ED E8 EA F5 ...Oi._..k......
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 148, 93, 105, 42, 110, 212, 55, 2, 150, 191, 13, 111 }
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 171, 150, 45, 10, 99, 35, 67, 174, 35, 52, 23, 192 }
%% Cached client session: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
main, setSoTimeout(600000) called
main, WRITE: TLSv1 Application Data, length = 282
main, WRITE: TLSv1 Application Data, length = 8208
main, WRITE: TLSv1 Application Data, length = 1102
main, READ: TLSv1 Application Data, length = 1830
main, received EOFException: ignored
main, called closeInternal(false)
main, SEND TLSv1 ALERT: warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 18
main, called close()
main, called closeInternal(true)
AxisFault
faultCode: {http://xml.apache.org/axis/}HTTP
faultSubcode:
faultString: (404)Not Found
faultActor:
faultNode:
faultDetail:
{}:return code: 404
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>
<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>
</TD></TR></TABLE></BODY></HTML>
{http://xml.apache.org/axis/}HttpErrorCode:404
(404)Not Found
at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at principal.SSLClient.main(SSLClient.java:86)
(404)Not Found
-----I'm having the same problem with the same URL. I try many configuration and nothing works. My code is:
public class NFeClient {
static{
Security.addProvider(new BouncyCastleProvider());
public static void main(final String[] args) throws Exception {
final String path = "https://homologacao.nfe.sefaz.rs.gov.br/ws/nfeconsulta/nfeconsulta.asmx";
final String keyStoreProvider = "BC";
final String keyStoreType = "PKCS12";
final String keyStore = "/home/mendes/certificados/cert.p12";
final String keyStorePassword = "xxxx";
System.setProperty("javax.net.ssl.keyStoreProvider",keyStoreProvider);
System.setProperty("javax.net.ssl.keyStoreType",keyStoreType);
System.setProperty("javax.net.ssl.keyStore",keyStore);
System.setProperty("javax.net.ssl.keyStorePassword",keyStorePassword);
System.setProperty("javax.net.ssl.trustStore","/home/mendes/workspace/NFE/jssecacerts");
final SSLContext context = SSLContext.getInstance("TLS");
final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
final KeyStore ks = KeyStore.getInstance(keyStoreType);
ks.load(new FileInputStream(keyStore), keyStorePassword.toCharArray());
kmf.init(ks, keyStorePassword.toCharArray());
context.init(kmf.getKeyManagers(), null, null);
final URL url = new URL(path);
final HttpsURLConnection httpsConnection = (HttpsURLConnection) url.openConnection();
httpsConnection.setDoInput(true);
httpsConnection.setRequestMethod("GET");
httpsConnection.setRequestProperty("Host", "iis-server");
httpsConnection.setRequestProperty("UserAgent", "Mozilla/4.0");
httpsConnection.setSSLSocketFactory(context.getSocketFactory());
try{
final InputStream is = httpsConnection.getInputStream();
final byte[] buff = new byte[1024];
int readed;
while((readed = is.read(buff)) > 0)
System.out.write(buff,0,readed);
}catch(final IOException ioe){
ioe.printStackTrace();
}and the response of the server is always the same:
java.io.IOException: Server returned HTTP response code: 403 for URL: https://homologacao.nfe.sefaz.rs.gov.br/ws/nfeconsulta/nfeconsulta.asmx
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1241)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at br.com.esales.nfe.signer.client.NFeClient.main(NFeClient.java:60)Edited by: mendes on Apr 25, 2008 9:56 AM -
Running ssl client from multiple applications fails in Sap j2ee engine
There are two applications making ssl connections to third party.
At a time only one application is able to make connection while other
throws error message <b>"No trusted certificate found".</b>
Currently we have two j2ee applications running in SAP j2ee server. Both applications makes ssl connection to third party servers. Lets call first application as A1 and second application as A2.
A1 is an internet shopping application . It makes ssl connection to third party services at two places . One is while fetching the shipping charges from UPS site.
Code Snippet:
java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.getProperties().put("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
String lo_url = new URL("https://wwwcie.ups.com/ups.app/xml/Rate");
lo_connection = (URLConnection) lo_url.openConnection();
At other place A1 connects to cybersource service using webservice +ssl for credit card authentication using cybersource API. It uses certificate in p12 format.
Code Snippet:
com.cybersource.ws.client.axis.soap.RequestMessage lo_requestMessage = new com.cybersource.ws.client.axis.soap.RequestMessage();
Properties lo_cybsProperties = new Properties();
lo_cybsProperties.setProperty("merchantId","arvato");
lo_cybsProperties.setProperty("merchantRefCode","1234")
lo_requestMessage.setMerchantID( "arvato");
lo_requestMessage.setMerchantReferenceCode( "1234" );
lo_cybsProperties.setProperty("cybersourceURL","https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor");
lo_cybsProperties.setProperty("keysDir", "./WEB-INF/config");
lo_requestMessage.setBillTo(setBillToAddress(po_mdsBillingAddress) );
// add ship to address
lo_requestMessage.setShipTo(setShipToAddress(po_mdsShiToAddress));
lo_requestMessage.setPurchaseTotals( setPurchaseTotal() );
//set cc details
lo_requestMessage.setCard( setCardDetails(po_mdsCreditCard) );
Set Items and total tax calculation
lo_replyMessage = com.cybersource.ws.client.axis.soap.Client.runTransaction( lo_requestMessage, lo_cybsProperties );
A2 Application
This application connects to Motorola secured web service to fetch details of mobile hand set. It uses keystore to create ssl connection with Motorola webservice.
Code Snippet
try {
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[0];
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
} catch (Exception e) {
e.printStackTrace();
System.setProperty("javax.net.ssl.trustStore","SapWSM.keystore");
System.setProperty("javax.net.ssl.trustStorePassword","xxxx");
System.setProperty("javax.net.ssl.keyStore","SapWSM.keystore");
System.setProperty("javax.net.ssl.keyStorePassword","xxxx");
Problem Cases :
Case 1
Step 1 : Server starts
Step 2 : User access A1 first
Step3: A1 Connects to UPS using https (It is able to connect)
Step4: A1 connects to cybersource using webservice+ssl (It is able to connect)
Step 5: Another user access A2
Step6: A2 tries connection to Motorola webservice over ssl
Result connectivity fails with description "No trusted certificate found".
Case2
Step 1 : Server starts
Step 2 : User access A2 first
Step3: A2 tries connection to Motorola webservice over ssl (It is able to connect)
Step 5: Another user access A1
Step6: A1 connects to cybersource using webservice+ssl
Result connectivity fails with description "No trusted certificate found".
Case3
Step 1 : Server starts
Step 2 : User access A2 first
Step3: A2 tries connection to Motorola webservice over ssl (It is able to connect)
Step 5: Another user access A1
Step6: A1 connects to UPS using ssl
Result connectivity fails with description "No trusted certificate found".Hi Please answer my query it is really <b>
urgen
t</b> and we are not able to run both the applications in same server
Maybe you are looking for
-
Report to check the quantity after we input in transaction CJR2
Hi All, Is there any report standard to check the detail quantity after we input in tcode CJR2 (cost element and activity input). Thank you. Nies
-
Airport Utility (version 6.0) not detecting airport express
I upgraded my version of Lion OSX to version 10.7.3. I have an airport extreme which range is extended by two airport express. Since moving to the new Lion OSX, Airport Utility (version 6.0) no longer detects my airport express so I can't extend my
-
I'm not quite sure where this should go but I'm going to put it in the OS X forum and hope somebody can help...here's my question I bought a refurbished Mac Mini and I'm slowly learning that it's not the best thing to do. Anyways who ever had my comp
-
Using measurement studio with my own circuit
Im a computer engineering student I have designed a circuit which do analog-digital convertor and the computer reads the digital value from the parallel port, and Im looking for an application I found this nice topic in your site : Measurement Studio
-
How to create material to be use with serrial numbers
hi all, i need to create a material to be use for serial number... thanks in advance.. regards Joven