Sun.security.validator.ValidatorException: No trusted certificate found

Similar Messages

• Sun.security.validator.ValidatorException: Netscape cert type does not perm

  Hi,
  I am getting the following exception when clientAuthentication is enabled for ssl connection.
  I am using tomcat and a java client in my application.
  Please let me know how do i get through this.
  Thanks in advance
  -Sanjeev
  Below trace is from catalina.out
  ===========================
  http-8443-Processor24, SEND TLSv1 ALERT: fatal, description = certificate_unknown
  http-8443-Processor24, WRITE: TLSv1 Alert, length = 2
  http-8443-Processor24, called closeSocket()
  http-8443-Processor24, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Netscape cert type does not permit use for SSL client
  http-8443-Processor24, called close()
  http-8443-Processor24, called closeInternal(true)
  ===================================
  I get the below exception in my java client application.
  ==========================================
  : 68 42 6F FD E9 35 AB E5 C7 48 31 2C 78 31 BA F0 hBo..5...H1,x1..
  0020: EB 97 10 1F F9 B2 03 B7 7D CE 8A 04 73 37 07 A1 ............s7..
  0030: 9D 46 5A A2 B7 99 EE 86 1D EE A1 E4 D6 64 73 9B .FZ..........ds.
  0040: 6B FA D1 19 44 54 C0 47 DC F8 E1 4B 33 F6 0D 2D k...DT.G...K3..-
  0050: C9 04 B7 E8 8F 67 00 99 78 67 CC BE 26 C4 73 B5 .....g..xg..&.s.
  0060: 88 26 F6 08 B7 A3 89 A0 28 29 79 DD 16 B0 86 8F .&......()y.....
  0070: DE AA EA D3 1F 9F 8B 5B E7 B4 51 3B C8 90 67 0D .......[..Q;..g.
  0080: 68 46 F1 CC 10 D9 hF....
  main, WRITE: TLSv1 Handshake, length = 134
  main, WRITE: TLSv1 Change Cipher Spec, length = 1
  main, handling exception: java.net.SocketException: Software caused connection abort: socket write error
  main, SEND TLSv1 ALERT: fatal, description = unexpected_message
  main, WRITE: TLSv1 Alert, length = 2
  Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
  main, called closeSocket()
  Exception
  =================================================

  Netscape cert type does not permit use for SSL clientTry using another certificate. Your certificate can't be used as a web browser client certificate.

• No trusted certificate found error while running a webservice

  Hi,
  I created a stub to a webservice and then tried to invoke the webservice using a simple java class
  in JDeveloper. While running the java client to invoke the webservice i get this below mentioned error
  SOAPException: faultCode=SOAP-ENV:IOException; msg=sun.security.validator.ValidatorException: No trusted certificate found; targetException=javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
       at org.apache.soap.SOAPException.<init>(SOAPException.java:78)
  Kindly have a solution for what to be done on this.
  Thanks,
  Ramesh.R
  Edited by: Ramesh_R on Jan 20, 2010 10:28 AM

  have to import the certificate in the cacerts of the Jdev jre/lib/security/cacerts file
  Edited by: Ramesh_R on 16-Jan-2011 02:40

• Seeburger AS2 error: No Trusted Certificate found

  Dear SAP experts,
  Good day!
  Need your expert advice regarding the error that I am getting in Seeburger AS2.
  Here's the scenario:
  SAP XI is sending messages to Trading Partner via AS2 adapter which resides in Seeburger.
  I've trigerred already messages but they are getting this kind of error:
  Delivery of the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # : javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER.
  Kindly advice if there are missing or invalid certificates on both sides?
  What would be the cause of the issue?
  Many Thanks!
  Godo

  Godo,
  I think you are using secure communication for your seeburger CC. Can you pls. check if you have installed(keystore) certifcate on J2EE engine and configured certificate provided by ftp client in your CC.
  Also one more important thing,
  Make sure that you have entry with ftp server name and correspoding ip address in hosts.inc on a system where your adapter engine resides.
  Check detail error messsage at:
  http://XI server : port / nwa --> Message Monitoring --> Logs and Trances and select DefaultTrace in second drop down list. You will find all events details with description. ( If you run your interface and check you will find recent activities on XI server. Hope this will give you much better picture)
  Hope this will help.
  Nilesh

• No trusted certificate found (91);Cannot connect to the LDAP server

  HI All,
  I am trying to connect to LDAP server with the following code.
  JSSESocketFactory fact = null;
  private LDAPConnection conn = null;
  String keystore = "C:\\j2sdk1.4.2_15\\jre\\lib\\security\\cacerts";
  System.setProperty("javax.net.ssl.trustStore",keystore);
  fact = new JSSESocketFactory(null);
  conn = new LDAPConnection(fact);
  int ldapVersion = 3;//LDAPConnection.LDAP_V3; //defualt values of LDAP settings
  private int ldapPort = 636;
  LDAPAttributeSet ldapAtrbSet;
  String ldapHost;
  String loginDN;
  String loginDN_Password;
  And it is gicving me error :
  Error: netscape.ldap.LDAPException: SSL connection to 192.168.10.8:636, sun.security.validator.ValidatorException: No trusted certificate found (91); Cannot connect to the LDAP server
  netscape.ldap.LDAPException: SSL connection to 192.168.10.8:636, sun.security.validator.ValidatorException: No trusted certificate found (91); Cannot connect to the LDAP server
       at netscape.ldap.factory.JSSESocketFactory.makeSocket(JSSESocketFactory.java:105)
       at netscape.ldap.LDAPConnSetupMgr.connectServer(LDAPConnSetupMgr.java:418)
       at netscape.ldap.LDAPConnSetupMgr.openSerial(LDAPConnSetupMgr.java:350)
       at netscape.ldap.LDAPConnSetupMgr.connect(LDAPConnSetupMgr.java:244)
       at netscape.ldap.LDAPConnSetupMgr.openConnection(LDAPConnSetupMgr.java:170)
       at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:1042)
       at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:924)
       at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:768)
       at com.reflexis.LDAP.LdapTestSSL.createConnection(LdapTestSSL.java:522)
       at com.reflexis.LDAP.LdapTestSSL.checkLdap(LdapTestSSL.java:118)
       at com.reflexis.LDAP.LdapTestSSL.main(LdapTestSSL.java:52)
  Unable to connect to LDAP server
  I have imported atr certificate also by using command:
  "keytool -import -alias jag -file c:\x225.cer -keystore c:\j
  2sdk1.4.2_15\jre\lib\security\cacerts"
  I am running my java code from eclipse. And do i have to set any thing in eclipse for certificate. I Have imported certificate from command prompt.
  Can any one please help me.It is very important for me.
  Please its very urgent.
  THanks,
  Ankush Patni

  As previously said network is a possible cause.Other things could be time on filer is too far off time on DC.AD object for filer has been deleted or change by a Windows admin.If all users are experiencing a problem, you may need to rebind it to AD - run CIFS setup at command prompt

• How to import Root CA "No trusted certificate found" exception.

  I have an application that connects https to a server and POSTs some data. That application works fine with one server but not with another. I get javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found.
  Both servers have certificates signed by 2 different CAs. 1 is I think Thawte or Verisign (need confirmation with my admin) and the other I know for sure is Equifax. Of course Equifax is the least popular of the 2 and is not found in the cacerts keystore...
  Now I downloaded the Equifax root certificate and installed in the default keystore by typing keytool -import -alias blabla -file c:\bla.cer and it imported correctly. I reran my app and I still got the same exception...
  So I figure that the root cert for Equifax must be imported within the cacerts file in jre/lib/cacerts am I correct? Whats the default password for that keystore?
  Thanks

  Have you tried to import the certificate in the cacerts keystore file?
  This file can be found in the <jdkDirectory>/jre/lib/security/ directory. It is the default trustStore used by Java.
  I remember that trusted certificate keystore location can be set using the javax.net.ssl.trustStore property. Have you set it to point to your keystore file?
  You can found explanations there:
  http://www.onjava.com/pub/a/onjava/2001/05/03/java_security.html#certificates
  Hope this helps.

• Avca secure_agent fails with 'No trusted certificate found'

  1) AV server keystore content
  ===================
  [oracle@veelaoav001 ~]$ $ORACLE_HOME/jdk/bin/keytool -list -v -keystore /home/oracle/SSL/avkey/avkeystore
  Enter keystore password: welcome1
  Keystore type: jks
  Keystore provider: SUN
  Your keystore contains 3 entries
  Alias name: avkey
  Creation date: May 7, 2012
  Entry type: keyEntry
  Certificate chain length: 1
  Certificate[1]:
  Owner: CN=avserver, O=oracle, C=UK
  Issuer: CN=avserver, O=oracle, C=UK
  Serial number: 4fa828c2
  Valid from: Mon May 07 15:55:46 EDT 2012 until: Tue May 07 15:55:46 EDT 2013
  Certificate fingerprints:
  MD5: D7:49:34:93:35:7F:55:FC:70:08:F3:9F:03:AA:41:A9
  SHA1: 23:88:9C:F6:12:48:C1:55:79:2D:2D:71:B5:E4:66:07:A7:1E:AA:A1
  Alias name: cacert
  Creation date: May 7, 2012
  Entry type: trustedCertEntry
  Owner: CN=rootAV, O=oracle, C=UK
  Issuer: CN=rootAV, O=oracle, C=UK
  Serial number: 0
  Valid from: Mon May 07 15:54:58 EDT 2012 until: Thu May 05 15:54:58 EDT 2022
  Certificate fingerprints:
  MD5: 8A:30:0B:09:27:1E:F9:0C:54:29:01:5E:5C:0F:56:F2
  SHA1: 83:1C:09:24:BF:F6:FC:B4:62:AC:04:B5:9C:CC:28:E3:4C:B4:25:BF
  Alias name: mykey
  Creation date: May 7, 2012
  Entry type: trustedCertEntry
  Owner: CN=avserver, O=oracle, C=UK
  Issuer: CN=rootAV, O=oracle, C=UK
  Serial number: 0
  Valid from: Mon May 07 15:56:18 EDT 2012 until: Tue May 07 15:56:18 EDT 2013
  Certificate fingerprints:
  MD5: 43:B4:B3:97:E0:88:34:7C:E9:D1:68:CC:48:32:8B:CC
  SHA1: 50:7A:1C:1E:19:AB:E4:34:3A:64:82:A6:B2:B2:32:9C:F2:F9:94:45
  2) AV agent keystore content
  =================
  [oracle@veelaora001 ~]$ $ORACLE_HOME/jdk/bin/keytool -list -v -keystore /home/oracle/SSL/agkey/agkeystore
  Enter keystore password: welcome1
  Keystore type: jks
  Keystore provider: SUN
  Your keystore contains 3 entries
  Alias name: agkey
  Creation date: May 7, 2012
  Entry type: keyEntry
  Certificate chain length: 1
  Certificate[1]:
  Owner: CN=avagent, O=oracle, C=UK
  Issuer: CN=avagent, O=oracle, C=UK
  Serial number: 4fa82925
  Valid from: Mon May 07 15:57:25 EDT 2012 until: Tue May 07 15:57:25 EDT 2013
  Certificate fingerprints:
  MD5: C4:9C:FE:D1:D0:04:19:65:F9:C0:CE:A9:6A:5E:7F:B6
  SHA1: 9A:D4:9B:15:D0:B1:10:45:FD:D1:F1:F2:75:46:A9:78:E3:2A:5C:DE
  Alias name: cacert
  Creation date: May 7, 2012
  Entry type: trustedCertEntry
  Owner: CN=rootAV, O=oracle, C=UK
  Issuer: CN=rootAV, O=oracle, C=UK
  Serial number: 0
  Valid from: Mon May 07 15:54:58 EDT 2012 until: Thu May 05 15:54:58 EDT 2022
  Certificate fingerprints:
  MD5: 8A:30:0B:09:27:1E:F9:0C:54:29:01:5E:5C:0F:56:F2
  SHA1: 83:1C:09:24:BF:F6:FC:B4:62:AC:04:B5:9C:CC:28:E3:4C:B4:25:BF
  Alias name: mykey
  Creation date: May 7, 2012
  Entry type: trustedCertEntry
  Owner: CN=avagent, O=oracle, C=UK
  Issuer: CN=rootAV, O=oracle, C=UK
  Serial number: 0
  Valid from: Mon May 07 15:59:46 EDT 2012 until: Tue May 07 15:59:46 EDT 2013
  Certificate fingerprints:
  MD5: 10:D2:D2:44:A9:AB:89:22:C6:FC:E8:61:A1:5D:B3:A0
  SHA1: 62:BF:B9:52:29:F7:89:AF:F1:70:D8:75:AB:15:D4:55:BC:AB:9F:48
  3) Credentials added for XDB:
  $ avca generate_csr -certdn "cn=seclin2,O=Oracle,C=UK" -out /home/oracle/SSL/XDB/certXDB.csr
  Generating Certificate request...
  Certificate request generated successfully.
  $ orapki cert create -wallet /home/oracle/SSL/rootCA -request /home/oracle/SSL/XDB/certXDB.csr -cert /home/oracle/SSL/XDB/certXDB.pem -validity 365 -pwd "welcome1"
  $ avca import_cert -cert /home/oracle/SSL/rootCA/trustedROOTcertificate.txt -trusted
  Importing Certificate...
  Certificate imported successfully.
  $ avca import_cert -cert /home/oracle/SSL/XDB/certXDB.pem
  Importing Certificate...
  Certificate imported successfully.
  4) avca secure_av -avkeystore $ORACLE_HOME/network/admin/avkey/avkeystore -avtruststore $ORACLE_HOME/network/admin/avkey/avkeystore
  Checking for SSL Certificate...
  done.
  Enter Audit Vault Server keystore password:
  Stopping OC4J...
  OC4J stopped successfully.
  Securing XDB services...
  Identified XDB http(s) Port...
  Stopping Listeners...
  done.
  Starting Listeners...
  done.
  done.
  Starting OC4J...
  OC4J started successfully.
  5) avca secure_agent -agentkeystore $ORACLE_HOME/network/admin/agkey/agkeystore -avdn "CN=avserver, O=oracle, C=UK" -agentdn "CN=avagent, O=oracle, C=UK"
  Enter Audit Vault Agent keystore password:
  Stopping agent...
  Agent stopped successfully.
  Starting agent...
  Agent started successfully.
  avca.log on agent shows:
  Executing command secure_agent, -agentkeystore, /u01/app/oracle/oracle/product/10.2.3/av_agent/network/admin/agkey/agkeystore, -avdn, CN=avserver, O=oracle, C=UK, -agentdn, CN=avagent, O=oracle, C=UK
  SECURE_AGENT - get agent info
  xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/rmi.xml
  xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/rmi.xml
  Stopping agent...
  Agent stopped successfully.
  SERCURE_AGENT - update /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/av-agent-web-site.xml
  xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/av-agent-web-site.xml
  xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/av-agent-web-site.xml
  SECURE_AGENT - modify /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/server.xml
  xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/server.xml
  xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/server.xml
  SECURE_AGENT - use /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/applications/AVAgent/AVAgent/WEB-INF/web.xml.secure
  Starting agent...
  xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/server.xml
  xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/server.xml
  xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/av-agent-web-site.xml
  xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/av-agent-web-site.xml
  xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/http-web-site.xml
  xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/http-web-site.xml
  Error while checking agent status - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

  This the code I used for setting up the engine:
  File trustStore = new File(control.home, "d4trustore");
  String trustStorePath = trustStore.getAbsolutePath();
  File keyStoreFile = new File(control.home, "d4keystore.ks");
  String keyStorePath = keyStoreFile.getAbsolutePath();
  char[] passphrase = "password".toCharArray();
  try{
  KeyStore ksKeys = KeyStore.getInstance("JKS");
  ksKeys.load(new FileInputStream(keyStorePath), passphrase);
  KeyStore ksTrust = KeyStore.getInstance("JKS");
  ksTrust.load(new FileInputStream(trustStorePath), passphrase);
  javax.net.ssl.KeyManagerFactory kmf =
  javax.net.ssl.KeyManagerFactory.getInstance("SunX509");
  kmf.init(ksKeys, passphrase);
  javax.net.ssl.TrustManagerFactory tmf =
  javax.net.ssl.TrustManagerFactory.getInstance("SunX509");
  tmf.init(ksTrust);
  javax.net.ssl.SSLContext sslContext = javax.net.ssl.SSLContext.getInstance("TLS");
  sslContext.init(
  kmf.getKeyManagers(), tmf.getTrustManagers(), null);
  engine = sslContext.createSSLEngine(serverAddress, port);
  engine.setUseClientMode(true);
  p butler

• Can write, can't read from SSLSocket. No trusted certificate found

  Hello!
  We have to use an ssl connection to talk to another application. The exception is generated when trying to read from the socket. Creation and writing don't generate any errors and I can't verify if the other server actually gets what I'm writing.
  I used these commands to create the private key and the certificate
  openssl genrsa -des3 -out priv.pem -passout pass:myPassword 1024
  openssl req -x509 -new -key priv.pem -passin pass:myPassword -days 3650 -out cert.cerI have imported the cert.cer into the java/jre/lib/security/cacerts keystore. The CN value in the cert.cer is the one I got from the hostname command.
  I still get the error:
  javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate foundJust before reading from the socket I print in the log file the sockets properties:
  is input shut down? false
  is output shut down? false
  is bound? true
  is closed? false
  is connected? trueAm I suppose to do somethin with the priv.pem? Where does that one go? Isn't the cert.cer enough?
  I don't know what else to do and how to check anything else. Any ideas would be greatly appreciated.
  Thank you very much,
  Iulia S.

  Hi again,
  I am at wits' end in here and I hate it when I move in the unstable grounds of not knowing stuff. I am still getting the error.
  I managed to get the certificate from the other application, it's not self-signed it's issued by Thawte. Apparently you can also get it with FF3 from the cute little lock next to the address bar. Am I talking about the same certificate? Then I did this to import it:
  ./keytool -import -alias bristow -file /location/to/THEcertificate -keystore /location/to/java/jre/lib/security/cacertsAnd I did restart the server. Several times. Several several times.
  Some details about the application: it's a servlet running on a websphere 6.1 server. I noticed that this error is from sun.security.validator.ValidatorException while mine is from:
  javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate foundI can understand they are different packages but shouldn't they implement the same standard protocol? btw there are no com.sun.* classes imported.
  Am I not creating the SSLSocket right?
  SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
  SSLSocket s = (SSLSocket) sslsocketfactory.createSocket("secureSite.com", portNo);The string that defines the hostname, it's just the name, no protocol or anything else, right? I just need someone to confirm it. I've already tried all the other posibilities and they don't work.
  It all crashes at the readLine:
  BufferedReader in = new BufferedReader(new InputStreamReader(s.getInputStream()));
  String input = "";
  while((input = in.readLine()) != null)I ran the php script they gave us as an example, on a different server, and it worked just fine. No certificates needed.
  I've tried reading characters instead of line, just in case this error would be absurdly linked with the no-end-of-line. Same error.
  I'm trying to poke the server with a stick see if I can get a response. I run this from my local machine:
  import java.io.InputStreamReader;
  import java.io.BufferedReader;
  import java.io.PrintWriter;
  import java.net.URLEncoder;
  import java.util.Date;
  import javax.net.ssl.SSLSocket;
  import javax.net.ssl.SSLSocketFactory;
  public class EchoClient
       public static void main(String[] arstring)
            try
                 SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
                 SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket("hostname", 99999);
                 sslsocket.setEnabledCipherSuites(sslsocket.getSupportedCipherSuites());
                 StringBuffer data = new StringBuffer();
                 dataDeTrimis.append("DATA1=").append(URLEncoder.encode("DATA1","UTF-8"))
                 .append("&DATA2=").append(URLEncoder.encode("DATA2", "UTF-8"));
                 String includeHeader = "POST /script/location/script.php HTTP/1.1\r\n" + "Content-Length: " +        data.length() + "\r\n" + "Content-Type: application/x-www-form-urlencoded\r\n" + "\r\n" + data;
                 BufferedReader in = new BufferedReader(new InputStreamReader(sslsocket.getInputStream()));
                 PrintWriter outs = new PrintWriter(sslsocket.getOutputStream(), true);
                 outs.print(includeHeader);
                 String input = "";
                 System.out.println("is input shut down: "+sslsocket.isInputShutdown()+" is output shut down? "+sslsocket.isOutputShutdown()+" is bound? "+sslsocket.isBound()+" is closed? "+sslsocket.isClosed()+" is connected? "+sslsocket.isConnected());
                 System.out.println("server: "+in.read());
                 while((input=in.readLine())!=null)
                      System.out.println("SERVER REPLIED : " + input + "\n");
                 sslsocket.close();
            catch(Exception exception)
                 exception.printStackTrace();
  }The answer is:
  is input shut down: false is output shut down? false is bound? true is closed? false is connected? true
  server: -1Shouldn't I get something even a little bit more significant then just NO answer? sigh
  If I were to explicitly load the keystore will that get me anywhere? I am out of ideas. Anything to point somewhere would be great.
  Thank you very much,
  Iulia S.

• Getting "No trusted certificate found" when attempting to connect to 10g DB

  Greetings,
  I have an Oracle 10g DB configured to listen via TCPS. I am able to tnsping and sql+ into the DB just fine. However, when attempting to connect via SQL Developer, I get the following error:
  *"Status: Failure -lo exception: sun.security.validator. ValidatorException: No trusted certificate found"*
  Here is my tnsnames.ora entry:
  EMCECCH01.CORPORATE.MY.COM =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCPS)(HOST = emcecch01.corporate.my.com)(PORT = 1575))
  (CONNECT_DATA =
  (SERVICE_NAME = rambdb)
       (SECURITY = (MY_WALLET_DIRECTORY = C:\DBSafes\Cincinnati\dbSafe))
  Obviously when I create my connection, I am using 'TNS'. I've also attempted to connect via the JDBC thin driver, but when testing the connection, it just sits and spins without ever returning a result. Here is the URL I'm using:
  jdbc:oracle:thin:@emcecch01.corporate.my.com:1575:rambdb
  I've verified that the appropriate JAR files are in place in the jlib directory.
  Any advice in this matter would be greatly appreciated.
  Regards

  Hi,
  If your connection entry is unusual you could try these simple things that may cause variation/different code paths:
  1/ORACLE_HOME being set /unset by for example a bat script before launching sqldeveloper [see in sqldeveloper help/about/properties/ oracle.home and jdbc.library to see what oracle is using]
  (you could be using sqldeveloper or other oracle install jdbc)
  2/Tools/preferences/database/Advanced Parameters/Use oci thick driver set/unset
  (you could be using 'pure' jdbc thin or 'mixture of c & java' ie. thick oci driver using another Oracle Home or instant client)
  3/use Connection type=advanced then you can enter a fancy description (these descriptions are simple but you could have load balancing for example):
  thin is pure java
  jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=MACHINE_NAME_OR_IP)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=dev11gr1)))
  oci8 is thick/c/oci-java
  jdbc:oracle:oci8:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=MACHINE_NAME_OR_IP)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=dev11gr1)))
  (or get SQLDev to look up tnsnames.ora, connection type = tns might work)
  Please post your findings and put in an enhancement request for particular connection feature support, documented with a test case.
  -Turloch

• [help] I get error:No trusted certificates have been loaded. Server will no

  client: tuxedo salt
  server: weblogic
  Now when I start weblogic, I got error info:
  <Nov 11, 2010 3:33:13 AM EST> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias dev from the JKS keystore file /nfs/tux/huchchen/lclnx24/user_projects/SSL/server_keystore.jks.>
  <Nov 11, 2010 3:34:16 AM EST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the JKS keystore file /nfs/tux/huchchen/lclnx24/user_projects/SSL/server_trustore.jks.>
  <Nov 11, 2010 3:34:16 AM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loaded 0 trusted CAs from /nfs/tux/huchchen/lclnx24/user_projects/SSL/server_trustore.jks>
  <Nov 11, 2010 3:34:16 AM EST> <Warning> <Security> <BEA-090172> <No trusted certificates have been loaded. Server will not trust to any certificate it receives.>
  Why It can't load any trusted CAS? Anyone help!
  Here is my configuration:
  $ keytool -list -keystore server_trustore.jks -v
  Enter keystore password:
  Keystore type: JKS
  Keystore provider: SUN
  Your keystore contains 1 entry
  Alias name: dev
  Creation date: Nov 11, 2010
  Entry type: PrivateKeyEntry
  Certificate chain length: 2
  Certificate[1]:
  Owner: CN=user, OU=R&D, O=BEA, L=Beijing, ST=Beijing, C=CN
  Issuer: CN=root, OU=R&D, O=BEA, L=Beijing, ST=Beijing, C=CN
  Serial number: cd6e80b22322f919
  Valid from: Wed Nov 10 22:18:51 EST 2010 until: Sat Nov 09 22:18:51 EST 2013
  Certificate fingerprints:
  MD5: 40:6B:5F:93:B4:54:53:5E:FE:AB:37:9F:06:6D:66:38
  SHA1: 1B:05:33:1F:83:7B:E8:E7:38:C9:AA:E7:AF:C1:D5:51:4B:EF:B8:D5
  Signature algorithm name: SHA1withRSA
  Version: 1
  Certificate[2]:
  Owner: CN=root, OU=R&D, O=BEA, L=Beijing, ST=Beijing, C=CN
  Issuer: CN=root, OU=R&D, O=BEA, L=Beijing, ST=Beijing, C=CN
  Serial number: d69db8f0be4975af
  Valid from: Wed Nov 10 21:59:47 EST 2010 until: Sat Nov 09 21:59:47 EST 2013
  Certificate fingerprints:
  MD5: D4:F2:D3:1A:5D:3A:A8:F8:B8:85:A3:EA:BA:DB:58:91
  SHA1: 2B:BB:B9:30:BA:53:4F:4C:BF:1A:C4:44:6D:E9:22:E3:A4:5B:0C:D9
  Signature algorithm name: SHA1withRSA
  Version: 1
  $ keytool -list -keystore server_keystore.jks -v
  Enter keystore password:
  Keystore type: JKS
  Keystore provider: SUN
  Your keystore contains 1 entry
  Alias name: dev
  Creation date: Nov 10, 2010
  Entry type: PrivateKeyEntry
  Certificate chain length: 1
  Certificate[1]:
  Owner: CN=admin, OU=R&D, O=BEA, L=Beijing, ST=Beijing, C=CN
  Issuer: CN=root, OU=R&D, O=BEA, L=Beijing, ST=Beijing, C=CN
  Serial number: cd6e80b22322f918
  Valid from: Wed Nov 10 22:16:54 EST 2010 until: Sat Nov 09 22:16:54 EST 2013
  Certificate fingerprints:
  MD5: A3:A1:C2:C6:C9:44:B7:0E:27:DD:29:B1:CE:70:A5:C9
  SHA1: 53:17:76:6A:B9:7E:32:F0:D4:23:62:54:3B:09:F6:79:75:21:94:36
  Signature algorithm name: SHA1withRSA
  Version: 1
  *******************************************

  That because there is not trusted certificate entry, looks like ur trust store and identity keystore is the same.
  Use these steps to generate identity and trust stores.
  keytool -genkey -alias mykey -keyalg RSA -keysize 1024 -dname "CN=Tariq.beasys.com, OU=Customer Support, O=BEA Systems Inc, L=Denver, ST=Colorado, C=US" -keypass mykeypass -keystore identity.jks -storepass mystorepass
  keytool -selfcert -v -alias mykey -keypass mykeypass -keystore identity.jks -storepass mystorepass -storetype jks
  keytool -export -v -alias mykey -file rootCA.der -keystore identity.jks -storepass mystorepass
  keytool -import -v -trustcacerts -alias mykey -file rootCA.der -keystore trust.jks -storepass mystorepass
  Or you can follow this post
  http://secure-zone.blogspot.com/2010/11/configuring-ssl-on-weblogic-server.html
  -Faisal

• Weblogic Start script fails while Loading trusted certificates from jks

  Hi,
  I have a Weblogic Portal 10.3.2 installation on a Solaris Unix box. There is one Admin server and two Managed servers. I am trying to deploy an EJB based application on one of the Managed servers. Note that this application has been working fine in the Weblogic 9.2 environment.
  When the Managed Server is started, I get the below messages in the Weblogic console log. We have an internal SSO authentication system, which is integrated with this application. When this integration is removed, we are able to login to the application without any issues. When it is turned on, the redirection from SSO to the application fails - most likely because of the below SSL related errors.
  I have accessed the below link and accordingly set the property -Dweblogic.ssl.JSSEEnabled=true. But it didn't help.
  http://justasg.blogspot.com/2012/04/tlsssl-certificate-errors-and-warnings.html
  Please let me know if you have any suggestions.
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /data/applications/norkom/BEA103/wlserver_10.3/server/lib/DemoTrust.jks.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/jdk1.6.0_32/jre/lib/security/cacerts.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure[1]". The address 127.0.0.1 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
  <Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure". The address 10.228.12.24 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.228.12.24:7020 for protocols iiop, t3, ldap, snmp, http.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7020 for protocols iiop, t3, ldap, snmp, http.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <WebLogicServer> <BEA-000332> <Started WebLogic Managed Server "NCA_Server" for domain "norkom" running in Development Mode>
  <Jun 4, 2012 4:52:01 PM MEST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
  <Jun 4, 2012 4:52:01 PM MEST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  Note: We have another Solaris Unix box, with the same installation of Weblogic with the same SSO redirection, but another EJB application is deployed. Also, there is no Managed and the application is deployed on the Admin server itself. But when the server is started, I don't see any attempts to load any certificates and also there are no issues.
  So either please suggest how this certificate loading can be rectified or suggest a way to disable the certificate loading (if at all its an option).
  Please let me know if you need any further details.

  Firstly,
  938767 wrote:
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/jdk1.6.0_32/jre/lib/security/cacerts.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>I don't think that this will be your problem... Unless you are actually using some of those certificates you can ignore those messages.
  But the following looks suspicious, I guess 7022 is your SSL port...
  <Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure[1]". The address 127.0.0.1 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
  <Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure". The address 10.228.12.24 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>Hope that helps.
  Cheers,
  Vlad
  Give points - it is good etiquette to reward an answerer points (5 - helpful; 10 - correct) for their post if they answer your question. If you think this answer is helpful, please consider giving points.

• No Trusted Certificate???/

  Hi
  I tried to implement SSL by generating keystores. When the server is started i see the info. below...
  <No trusted certificates have been loaded. Server will not trust to any certificate it receives.>
  Is this any concern??? Ifso what should i do to overcome this.
  <Aug 4, 2004 12:04:29 AM EDT> <Notice> <Security> <BEA-090170> <Loading the private key stored under the alias serverkey from the JKS keystore file /bea_home/OBSOON/OBSOON_WLS_DM/ObsoonDomain/serverkeystore.>
  <Aug 4, 2004 12:04:29 AM EDT> <Notice> <Security> <BEA-090171> <Loading the identity certificate stored under the alias serverkey from the JKS keystore file /bea_home/OBSOON/OBSOON_WLS_DM/ObsoonDomain/serverkeystore.>
  <Aug 4, 2004 12:04:35 AM EDT> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the JKS keystore file /bea_home/OBSOON/OBSOON_WLS_DM/ObsoonDomain/serverkeystore.>
  <Aug 4, 2004 12:04:35 AM EDT> <Warning> <Security> <BEA-090172> <No trusted certificates have been loaded. Server will not trust to any certificate it receives.>
  <Aug 4, 2004 12:04:36 AM EDT> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "ObsoonServer" for domain "ObsoonDomain" running in Development Mode>
  <Aug 4, 2004 12:04:36 AM EDT> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
  <Aug 4, 2004 12:04:36 AM EDT> <Notice> <WebLogicServer> <BEA-000355> <Thread "ListenThread.Default" listening on port 7001, ip address *.*>
  <Aug 4, 2004 12:04:36 AM EDT> <Notice> <WebLogicServer> <BEA-000355> <Thread "SSLListenThread.Default" listening on port 7002, ip address *.*>
  thanks
  Jay

  This should be a concern only in the following scenarios
  1)If you are making a outgoing ssl call from within weblogic server (say from jsp/servlet/webapp)
  OR
  2)if you are using 2 way ssl
  If youw ant to get rid of this mesaage just configure a keystore with trusted certificates (example: something like jdks cacerts ) It seems to me that the keytsore file
  serverkeystore may not have any trusted root certificates in it

• Trusted Certificates do not load in WL 10.3.2

  In Weblogic 10.3.1, when I started WL, it will load the trusted certificates automatically as below
  <Loading trusted certificates from the jks keystore file C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\DemoTrust.jks.>
  <Loading trusted certificates from the jks keystore file C:\Oracle\MIDDLE~1\JDK160~1\jre\lib\security\cacerts.>
  But in WL 10.3.2, it does not. I looked at the setDomainEnv.cmd and they are totally different for 10.3.1 and 10.3.2. I try to find where I can make it so it will load these trusted certificates automatically in 10.3.2 but no success so far.
  I checked the Admin server also and all the settings are identity for both versions. All the files are there too.
  Do you have any ideas?
  Thanks

  In my example server for 10.3.2 it prints out as the server loads:
  <Feb 17, 2010 1:00:29 PM CST> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias DemoIdentity from the jks keystore file D:\Oracle\wls11g\WLSERV~1.3\server\lib\DemoIdentity.jks.>
  <Feb 17, 2010 1:00:29 PM CST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file D:\Oracle\wls11g\WLSERV~1.3\server\lib\DemoTrust.jks.>
  <Feb 17, 2010 1:00:29 PM CST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file D:\Oracle\wls11g\JROCKI~1.5-3\jre\lib\security\cacerts.>
  In your console look at the Server -> Configuration -> Keystores tab. In my case, the drop-down for keystore is "Demo Identity and Demo Trust"

• Cannot complete the certificate chain: No trusted cert found

  Hi:
  I am currently working on a application that makes a web service call to a third party service provider. I am using weblogic 10 application server and session bean makes a call to the gateway class which in turn initiates a web service call using SSL layer. I get the following error when gateway class is trying to make a SSL connection with the third party server. I have set the keystore to be custom and java standard and both Identity key store and turst key store points to C:\bea10\jdk160_05\jre\lib\security\cacerts key store. The interesting thing is when I tried with different other URLs www.bankofamerica.com and www.freshdirect.com
  I get the same error. I am not sure why certificate validation fails even if it is a trusted CA and I would believe java keystore should contain all valid Certificate authorities such as verisign, Secure Trust etc. The third party certificate is issued by secure trust CA which in turn issued by Entrust.net
  Can someone shed me somelight whats going on here? I also took a look at thread Re: SSL issues tried to import the server certificates into java keystore. but nothing worked out. Appreciate your help.
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: Cannot complete the certificate chain: No trusted cert found
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: Validating certificate 0 in the chain: Serial number: 805312903
  Issuer:C=US, O=SecureTrust Corporation, CN=SecureTrust CA
  Subject:C=CA, ST=Ontario, L=Toronto, O=Givex Corp., CN=*.givex.com
  Not Valid Before:Wed Nov 21 09:56:03 EST 2007
  Not Valid After:Sat Nov 20 09:56:03 EST 2010
  Signature Algorithm:SHA1withRSA
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: Validating certificate 1 in the chain: Serial number: 1116160170
  Issuer:C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
  Subject:C=US, O=SecureTrust Corporation, CN=SecureTrust CA
  Not Valid Before:Sun Oct 01 01:00:00 EDT 2006
  Not Valid After:Tue Nov 26 13:25:48 EST 2013
  Signature Algorithm:SHA1withRSA
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: NEW ALERT with Severity: FATAL, Type: 42
  java.lang.Exception: New alert stack
       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
       at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at com.certicom.tls.record.WriteHandler.write(Unknown Source)
       at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
       at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:436)
       at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:224)
       at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:38)
       at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:144)
       at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:235)
       at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:146)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:473)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:459)
       at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:306)
       at com.freshdirect.client.TransPortType_Stub.getBalance(TransPortType_Stub.java:254)
       at com.freshdirect.payment.ejb.GivexPaymentServiceImpl.getBalance(GivexPaymentServiceImpl.java:59)
       at com.freshdirect.payment.ejb.GivexServerGateway.getBalance(GivexServerGateway.java:211)
       at com.freshdirect.payment.ejb.GivexServerGateway.main(GivexServerGateway.java:388)
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: write ALERT, offset = 0, length = 2
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: close(): 16720915
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: close(): 16720915
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: SSLIOContextTable.removeContext(ctx): 29310343
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: close(): 16720915
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: close(): 16720915
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: SSLIOContextTable.removeContext(ctx): 29310343
  <Sep 16, 2009 6:18:17 PM EDT> <Info> <WebService> <BEA-220048> <A exception was thrown from the client handler sending a JAXM message.>
  <Sep 16, 2009 6:18:17 PM EDT> <Info> <WebService> <BEA-220034> <A stack trace associated with message 220048 follows:
  javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
       at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at com.certicom.tls.record.WriteHandler.write(Unknown Source)
       at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
       at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:436)
       at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:224)
       at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:38)
       at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:144)
       at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:235)
       at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:146)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:473)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:459)
       at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:306)
       at com.freshdirect.client.TransPortType_Stub.getBalance(TransPortType_Stub.java:254)
       at com.freshdirect.payment.ejb.GivexPaymentServiceImpl.getBalance(GivexPaymentServiceImpl.java:59)
       at com.freshdirect.payment.ejb.GivexServerGateway.getBalance(GivexServerGateway.java:211)
       at com.freshdirect.payment.ejb.GivexServerGateway.main(GivexServerGateway.java:388)
  >

  I would believe java keystore should contain all valid Certificate authorities such as verisign, Secure Trust etc. The third party certificate is issued by secure trust CA which in turn issued by Entrust.net<You can list the contents of your cacerts file to see if exact matching version of the SecureTrust signer cert is present.
  You can also use a simple java program to test whether you can connect to the 2 servers that your're having issues with:
  import java.net.*;
  import java.io.*;
  public class SSL_Test {
  public static void main(String[] args) throws Exception {
  URL sslURL = new URL("https://someserver.com/someservice.wsdl");
  BufferedReader in = new BufferedReader( new InputStreamReader( sslURL.openStream()));
  String inputLine;
  while ((inputLine = in.readLine()) != null)
  System.out.println(inputLine);
  in.close();
  compile and run with something like:
  javac SSL_Test.java
  # all on one line
  java -D -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=***** -Djavax.net.debug=ssl,handshake SSL_Test
  This just tests whether your truststore can trust the server cert.

• Trusted certificates from your previous version of Adobe Reader were found.

  After upgrading Adobe Reader from 10 to 11, some users are getting "Adobe Reader Security - Trusted certificates from your previous version of Adobe Reader were found.  Would you like to import them."  I need to know what registry settings we can modify to either set this automatically to "Import" or "Use Default"  I need to add one of these options into our Adobe Reader Settings GPO that is using group policy preferences.  This only appears for users who have data in C:\Users\%username%\AppData\Roaming\Adobe\Acrobat\10.0\Security and only the very first time the user opens Adobe Reader after the upgrade per user profile on a given server.

  I'm not sure this is true: "If they don't exist then there is no dialog. " Could be, but I've never heard of it.
  However, acrodata files perform a number of functions for several features, so removing them is unwise. Also, they will just come back when a user exercizes certain features.
  Better to just turn off the feature with the supported preference.
  Ben