Thawte SSL certificate not trusted?

I've been searching Google for solutions but haven't found anything. Had to enable SSL for the meeting server so that it would work from behind a firewall that was blocking the FMS. Bought a SSL123 certificate from a Thawte reseller. I installed it following instructions. Now when connecting to the meeting server brings up a message that the certificate was signed by an unknown authority, and then connectaddin generally crashes and I have to "Force Quit".
Does anyone know how to resolve this? Is it the certificate itself? Could it be configuration?

Need to add the "Intermediate CA Certificate" to the pem file, as per https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLI NK&id=SO13881 (it took both my cert reseller and Adobe support several days to reach that conclusion - and the Adobe phone support person told me about this solution just as the email from my cert reseller came in!)
I just opened the pem file in notepad, copied and pasted the above cert under it (as per http://www.connectusers.com/forums/cucbb/viewtopic.php?pid=4315#p4315), fixed EOL characters, saved, restarted services and it worked.

Similar Messages

ISE: Guest SSL Certificate Not Trusted Error

Team,
We are building an ISE Demo for an event, I configured the Guest Access and it is working fine. the problem is that when the guests (Event attendess) try to access the internet they will be reditrected to teh ISE for Guest Authentication. The guest will get the below error message which doesn't look good because the ISE has the self-signed certificate and it doesn't have a public trusted certificate.
I tried to generate a trail SSL certificate from Thawte and Symentec but both replied that we couldn't verify the information you have provided. I believe this is because my domain is not publicly resgitered (I created this domain internally for the event)
Please advice what is the solution for this issue. I don't want my guest/attendees to see the error message. It doesn't look for to demonstrate ISE.
Please advice
Thanks in advance

The only solution that can competely resolve your issue is to get a certificate from any trusted CA, like Verisign, Thawte, etc. Cost for that is typically $100 per year. Other solution is to use certificate from StartSSL. They have easy procedure for issuing ceritifcates and it's free, but in some browsers that window still may appear sometimes.

Certificate not Trusted Exception

Hi,
I am trying to invoke Axis soap call from webshpere (my requirement is to trust all certificates), but getting certificate not trusted exception. Appreciate any suggestions for fixing this issue.
Code:
public String transport(String strMessage, String strParticipantUrl, String methodName, String keyStorePwd) throws RouterException {
 String result = null;
 boolean isErrorOccured = false;
 String errorMessage = null;
 LOGGER.info("Calling Carrier Web Service.......");
 LOGGER.info("Web Service URL is :" + strParticipantUrl);
 LOGGER.info("Web Service Method Name is :" + methodName);
 ServiceFactory serviceFactory = new ServiceFactory();
 Service service = null;
 try {
 service = (Service) serviceFactory.createService(new QName(
 FundTransferConstants.QNAME_SERVICE));
 } catch (ServiceException e) {
 isErrorOccured = true;
 Integer connectionTimeOut = FundTransferContext.getInstance()
 .getConnectionTimeOut();
 org.apache.axis.client.Call call = null;
 if (null != service) {
 try {
 LOGGER.info("setting ssl status to debug");
 System.setProperty("javax.ssl.debug", "all");
 String proxyHost = FundTransferUtil.getProperty("PROXY.HOST");
 String proxyPort = FundTransferUtil.getProperty("PROXY.PORT");
 String username = FundTransferUtil.getProperty("PROXY.USER");
 String password = FundTransferUtil
 .getProperty("PROXY.PASSWORD");
 if (proxyHost != null && !"".equals(proxyHost)) {
 System.setProperty("proxySet", "true");
 System.setProperty("http.proxyHost", proxyHost);
 if (proxyPort != null && !"".equals(proxyHost)) {
 System.setProperty("http.proxyPort", proxyPort);
 if (username != null && !"".equals(username)) {
 System.setProperty("http.proxyUser", username);
 if (password != null && !"".equals(password)) {
 System.setProperty("http.proxyPassword", password);
 String keyStoreLocation = FundTransferUtil
 .getProperty("KEYSTORE_LOCATION");
 String keystore = keyStoreLocation + "/"
 + FundTransferConstants.KEYSTORE_FILE_NAME;
 String storetype = FundTransferConstants.KEYSTORE_FILE_TYPE;
 String][ props = {
 { FundTransferConstants.TRUST_STORE, keystore, },
 { FundTransferConstants.KEY_STORE, keystore, },
 { FundTransferConstants.KEY_STORE_PWD, keyStorePwd, },
 { FundTransferConstants.KEY_STORE_TYPE, storetype, },
 { FundTransferConstants.TRUST_STORE_PWD, keyStorePwd, }, };
 // Commented loading the keystore to test outbound calls
 /*for (int index = 0; index < props.length; index++)
 System.getProperties().setProperty(propsindex[0],
 propsindex[1]);*/
 // Commented all trusting trust manager
 /*LOGGER.info("Creating TrustManager...");
 TrustManager] trustAllCerts = new TrustManager[ { new X509TrustManager() {
 public java.security.cert.X509Certificate[] getAcceptedIssuers() {
 LOGGER.info("Acception all issuers");
 return null;
 public void checkClientTrusted(
 java.security.cert.X509Certificate[] certs,
 String authType) {
 LOGGER.info("checkClientTrusted method");
 public void checkServerTrusted(
 java.security.cert.X509Certificate[] certs,
 String authType) {
 LOGGER.info("checkServerTrusted method");
 // Install the all-trusting trust manager
 try {
 LOGGER.info("Creating SSLContext...");
 SSLContext sc = SSLContext.getInstance("SSL");
 LOGGER.info("Created SSLContext..." + sc);
 sc.init(null, trustAllCerts,
 new java.security.SecureRandom());
 LOGGER.info("Created SSLContext initiated...");
 LOGGER.info("sslDefaultSocketFactory......"
 + sc.getSocketFactory());
 HttpsURLConnection.setDefaultSSLSocketFactory(sc
 .getSocketFactory());
 LOGGER.info("sslDefaultSocketFactory......"
 + sc.getSocketFactory());
 } catch (Exception e) {
 LOGGER.error("Exception is occuring...");
 LOGGER.error(e.getMessage());
 call = (Call) service.createCall();
 } catch (ServiceException ex) {
 LOGGER.error(ex.getMessage());
 errorMessage = ex.getMessage();
 isErrorOccured = true;
 if (null != call) {
 LOGGER.info("Web Service TimeOut setting :"
 + connectionTimeOut.intValue());
 LOGGER.info("Setting axis propeties to use IBMFakeTrustSocketFactory");
 // This will allow web service requests using the HTTPS protocol without having a valid SSL certificate installed and configured.
 AxisProperties.setProperty("axis.socketSecureFactory","org.apache.axis.components.net.IBMFakeTrustSocketFactory");
 call.setTimeout(connectionTimeOut);
 call.setTargetEndpointAddress(strParticipantUrl);
 call.setProperty(Call.SOAPACTION_USE_PROPERTY,
 new Boolean(true));
 call.setProperty(Call.SOAPACTION_URI_PROPERTY,
 FundTransferConstants.EMPTY_STRING);
 QName qnameTypeStr = new QName(FundTransferConstants.NS_XSD,
 FundTransferConstants.QNAME_TYPE);
 QName header = new QName(FundTransferConstants.NS_XSD,
 FundTransferConstants.QNAME_TYPE);
 call.setReturnType(qnameTypeStr);
 call
 .setOperationStyle(FundTransferConstants.WEB_SERVICE_OPERATION_RPC_STYLE);
 call
 .setOperationName(new QName(
 FundTransferConstants.BODY_NAMESPACE_VALUE,
 methodName));
 call.addParameter("String_1", qnameTypeStr, ParameterMode.IN);
 String[] params = { strMessage };
 if (FundTransferConstants.CARRIER_RESEND_METHOD
 .equalsIgnoreCase(methodName)) {
 try {
 call.invoke(params);
 } catch (Exception ex) {
 errorMessage = ex.getMessage();
 isErrorOccured = true;
 LOGGER.info(ex.getMessage());
 } else {
 int counter = 0;
 while (counter < 3) {
 counter++;
 try {
 // Here making the call which is failing
 result = (String) call.invoke(params);
 counter = 4;
 } catch (AxisFault axisFault) {
 axisFault.printStackTrace();
 errorMessage = axisFault.getMessage();
 isErrorOccured = true;
 LOGGER.error(axisFault.getMessage());
 } catch (Exception ex) {
 ex.printStackTrace();
 errorMessage = ex.getMessage();
 isErrorOccured = true;
if (isErrorOccured) {
throw new RouterException(errorMessage);
return result;
System Error:
12/7/07 13:43:41:639 EST 000000bb SystemErr R AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse2.bx.a(bx.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java:473)
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.v.a(v.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.l(by.java(Compiled Code))
at com.ibm.jsse2.by.startHandshake(by.java(Compiled Code))
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:224)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:157)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:114)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
at org.apache.axis.client.Call.invoke(Call.java:2553)
at org.apache.axis.client.Call.invoke(Call.java:2248)
at org.apache.axis.client.Call.invoke(Call.java:2171)
at org.apache.axis.client.Call.invoke(Call.java:1691)
at com.dtcc.insurance.fundtransfer.transport.TransportHandler.transport(TransportHandler.java:245)
at com.dtcc.insurance.fundtransfer.router.MessageRouter.transport(MessageRouter.java:112)
at com.dtcc.insurance.fundtransfer.controller.MessageController.processMessage(MessageController.java:155)
at com.dtcc.insurance.fundtransfer.service.FundTransferServiceImpl.fundTransferRequest(FundTransferServiceImpl.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java(Compiled Code))
at java.lang.reflect.Method.invoke(Method.java(Compiled Code))
at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:402)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:309)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:333)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:481)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:323)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:854)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1572)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:762)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3174)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:253)
at com.ibm.ws.webcontainer.VirtualHost.handleRequest(VirtualHost.java:229)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1970)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:114)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:472)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:411)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:288)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:950)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:582)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1704)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
Caused by: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse.bi.a(Unknown Source)
at com.ibm.jsse.bi.checkServerTrusted(Unknown Source)
at com.ibm.jsse2.ba.checkServerTrusted(ba.java:16)
... 57 more
12/7/07 13:43:41:640 EST 000000bb SystemErr R AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse2.bx.a(bx.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java:473)
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.v.a(v.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.l(by.java(Compiled Code))
at com.ibm.jsse2.by.startHandshake(by.java(Compiled Code))
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:224)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:157)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:114)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
at org.apache.axis.client.Call.invoke(Call.java:2553)
at org.apache.axis.client.Call.invoke(Call.java:2248)
at org.apache.axis.client.Call.invoke(Call.java:2171)
at org.apache.axis.client.Call.invoke(Call.java:1691)
at com.dtcc.insurance.fundtransfer.transport.TransportHandler.transport(TransportHandler.java:245)
at com.dtcc.insurance.fundtransfer.router.MessageRouter.transport(MessageRouter.java:112)
at com.dtcc.insurance.fundtransfer.controller.MessageController.processMessage(MessageController.java:155)
at com.dtcc.insurance.fundtransfer.service.FundTransferServiceImpl.fundTransferRequest(FundTransferServiceImpl.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java(Compiled Code))
at java.lang.reflect.Method.invoke(Method.java(Compiled Code))
at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:402)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:309)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:333)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:481)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:323)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:854)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1572)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:762)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3174)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:253)
at com.ibm.ws.webcontainer.VirtualHost.handleRequest(VirtualHost.java:229)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1970)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:114)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:472)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:411)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:288)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:950)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:582)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1704)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
Caused by: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse.bi.a(Unknown Source)
at com.ibm.jsse.bi.checkServerTrusted(Unknown Source)
at com.ibm.jsse2.ba.checkServerTrusted(ba.java:16)
... 57 more
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at org.apache.axis.AxisFault.makeFault(AxisFault.java:129)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:131)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
at org.apache.axis.client.Call.invoke(Call.java:2553)
at org.apache.axis.client.Call.invoke(Call.java:2248)
at org.apache.axis.client.Call.invoke(Call.java:2171)
at org.apache.axis.client.Call.invoke(Call.java:1691)
at com.dtcc.insurance.fundtransfer.transport.TransportHandler.transport(TransportHandler.java:245)
at com.dtcc.insurance.fundtransfer.router.MessageRouter.transport(MessageRouter.java:112)
at com.dtcc.insurance.fundtransfer.controller.MessageController.processMessage(MessageController.java:155)
at com.dtcc.insurance.fundtransfer.service.FundTransferServiceImpl.fundTransferRequest(FundTransferServiceImpl.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java(Compiled Code))
at java.lang.reflect.Method.invoke(Method.java(Compiled Code))
at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:402)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:309)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:333)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:481)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:323)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:854)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1572)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:762)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3174)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:253)
at com.ibm.ws.webcontainer.VirtualHost.handleRequest(VirtualHost.java:229)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1970)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:114)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:472)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:411)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:288)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:950)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:582)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1704)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse2.bx.a(bx.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java:473)
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.v.a(v.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.l(by.java(Compiled Code))
at com.ibm.jsse2.by.startHandshake(by.java(Compiled Code))
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:224)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:157)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:114)
... 48 more
Caused by: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse.bi.a(Unknown Source)
at com.ibm.jsse.bi.checkServerTrusted(Unknown Source)
at com.ibm.jsse2.ba.checkServerTrusted(ba.java:16)
... 57 more

I found the fix from Oracle Support Knowlededge Base
sslTool serverInfo --url https://HOST:9043 --certFile newcert.cer
PStoreTool located in REGISTRY_HOME/bin/PStoreTool add -config
WEBLOGIC_HOME/user_projects/domains/[osr_domain_name]/servers/[osr_server_name]/tmp/_WL_user/registry/[unique id]/public/conf/pstore.xml -certFile newcert.cer
I was updating wrong file with the certificate. It had to be pstore.xml. This solved my issue.
Thanks & Regards,
Parshant

Keychain root certificate not trusted (?)

I see a couple of items in keychain access that say "root certificate not trusted"
what is this and should they be deleted or somehow modified?
I looked at certificates with Certificate assistant "evaluate certificate"
but do not quite understand.
Thanks

Ok I'll try not to...
Thanks

Linksys Certificate Not Trusted

...how can I trust it? Every time I go to my Linksys router with HTTPS, I receive a certificate not trusted error in my browser. I have already imported the certificate into my keychain on OS X, what else can I do?
It would be great if there was a "Trust" option next to the various errors which are displayed.
O.S. = OS X 10.73
Browser = Chrome
Thanks in advance for any ideas.

I am using a WRT54GS running firmware 4.70.6. Mozilla Firefox has the option to explicitly trust the certificate and Safari will use keychains certs to repudiate. Google Chrome (my primary browser) shows the following result.
Internet Explorer (9) shows the following, which is similar to the screen posted. I have tried to import the certificate into trusted publishers, but it won't take.

Support for Global SSL certificates - not

Hello,
Just found out the hard way that 10g does not support Verisign Global Certificates (Secure Site Pro).
BEA, IBM, and MICROSOFT support global certificates.
Oracle is the only one that does not!
If customer requirements dictate global certificates Oracle AS is not the product to use.
Hernando

See my reply in the other thread:
Re: SSL certificates not visible while RFC destination creation
Cheers, Wolfgang

Certificate not trusted

This shows up in my certificates in red: com.apple.systemdefault organization system identity certificate not trusted. Should I be concerned about this...does it indicate a security breach?

Can you please let us know, how you have resolved the issue. We are also getting the similar issue with the Certificate.

BT Mail SSl Security Certificate NOT trusted

Anyone explain this:
Solved!
Go to Solution.

Seriously love to mark as 'accepted solution' the fact that MS have not updated their ruleset but then the thought occurs whose responsibility is it to tell MS the yahooca ssl certificate has been updated?
Surely this is BT's as the provider and/or yahooca's responsibility as they are the original providers and maintainers of the original and changed SSL certificates.
So come on BT as the world's largest providers of information technology surely someone can send one lousy email to MS telling them about the new certificate?
Just one email from BT is all it would take. Then all these real and actual security breaches for logging into BT Mail would disappear and logging in would be safe and secure. As it stands with the SSL certificate mismatch there's no way BT can guarantee this.
After all there's no point in having an SSL certicate if it means nothing to the end users security as they login to their mailbox. Does it?

SSL certificates not visible while RFC destination creation

Hi all,
I am setting up an RFC destination to connect to external server and which uses SSL certificates for its authorization.
So i have imported the Client certificates into STRUST.
While setting up an RFC connection of type G, in the security tab when we select the SSL security certificate radio button, will we be able to see the certificates(in the combo box) that we have imported in STRUST.
Currently, though i have imported the Client certificates into STRUST, i am not able to see them in the SS security certificates combo box.
Kindly help me out.
Cheers,
Siva Maranani.

Well, first of all we should avoid confusion by using the term "ABAP destination" rather than "RFC destination" (although ABAP transaction SM59 still has this old title).
When referring to an "ABAP destination of type G" we are talking of an outbound http connection to a non-ABAP server (e.g. an SAP J2EE server or any other http server).
I'm not sure whether you are aware that in this context "SSL client certificate" refers to the ABAP system (which is the SSL client in this scenario). This is different from scenarios where "X.509 client certificate" refers to a certificate which is assigned to an individual user (using a web browser). In the given scenarios, where two systems are the communication peers, SSL cannot be used for user authentication. That fact is often misunderstood.
By default you'll find 3 different SSL certificates (actually: PSEs) in an ABAP system (which can be used only after enabling SSL, of course - see note 510007 for instructions):
- SSL Server
- SSL Client (anonymous)
- SSL Client (Default)
Well, the "SSL Client (anonymous)" is actually not really a "client certificate" but used for outgoing http requests where you do not intend to send your own SSL client certificate. Since you cannot use the server's SSL client certificates for user authentication it might make sense to use "SSL Client (anonymous)" is most cases.
Please notice: you have to add the server's SSL certificate (respectively the root CA certificate and potentially intermediate CA certificates) to the certificate list of the "SSL Client (anonymous)" PSE (using STRUST). By default, that list is empty - consequently no SSL server certificate is trusted (in contrast to a web browser which is already shipped with a long list of "trusted CAs").
Only when the (remote) server demands SSL client certificates it might make sense to use either "SSL Client (Default)" or to define a new SSL client certificate (for the ABAP system that submits the https request).
Please notice:
SSL client certificates need to be issued by an Certification Authority (CA) in order to be accepted by the SSL server.
In addition to importing the SSL server's certificate to the certificate list of the SSL client PSE (see above: anonymous SSL client) you also need to export the root CA certificate (and potentially all intermediate CA certificates) of the SSL client certificate and import it to the (remote) SSL server's keystore (kindly refer to the manuals of that server for instructions).
Kind regards, Wolfgang
PS: I assume that you have imported some certificates to the certificate list of a SSL client PSE. In SM59 only those SSL client PSEs are listed: "SSL Client (anonymous)", "SSL Client (Default)" and all SSL client PSEs that you might have defined in addition (using transaction STRUST => Environment => SSL Client Identities).

Digital ID certificate not trusted

I'm trying to add digital ID certificates for governmental employees with whom I communicate by e-mail. I used an e-mail including those certificates (*.cer format) to transmit the certs to the new IPad, and I was able to install them, but they are all listed as "Not Trusted". How do I go about designating that they are to be trusted?
I also added my own digital ID cert (*pfx format), and it has exactly the same situation: installed, but "not trusted."
Thanks.

Thanks for reply but the message comes up every time I log into Santander. Interestingly this happens on Safari and Chrome but if I use my old browser Camino it comes up as secure. Will ring Santander again today and my ISP to see if they can shed any light. The same issue has occurred on ebay too but that seems to have resolved itself. Will let you know if I make any progress

Invalid WSDL - Certificate not trusted - Exception while publishing WSDL in OSR from HTTPS Server

Hi,
I am publishing a Web Service in OSR from an HTTPS Server. I am getting exception as
Error message:
WSDLException: faultCode=INVALID_WSDL: java.io.IOException: java.security.cert.CertificateException: Server certificate ....... is not trusted!
To remove this exception I have done following steps
a) Added Certificate from remote server in Identity Store of WebLogic Server using keytool utilitity
keytool -import -alias devCertificate -file c:/certificates/okdsoa.cer -truststore demoIdentityStore.jks
b) Added Certificate from remote server in the trust store of weblogic server using keytool utility
keytool -import -alias devCertificate -file c:/certificates/okdsoa.cer -truststore demoTrust.jks
This didnot help.
Then I imported certificate to OSR using PStoreTool command as
PStoreTool.bat add -config C:/OSRHome/registry111/conf/clientconf.xml -certFile c:/certificates/okdsoa.cer
Bounced the servers but that also didnot help.
Can you please suggest?
Thanks,
Parshant

I found the fix from Oracle Support Knowlededge Base
sslTool serverInfo --url https://HOST:9043 --certFile newcert.cer
PStoreTool located in REGISTRY_HOME/bin/PStoreTool add -config
WEBLOGIC_HOME/user_projects/domains/[osr_domain_name]/servers/[osr_server_name]/tmp/_WL_user/registry/[unique id]/public/conf/pstore.xml -certFile newcert.cer
I was updating wrong file with the certificate. It had to be pstore.xml. This solved my issue.
Thanks & Regards,
Parshant

Apple root certificates not trusted?

I was looking through Keychain Access, and came across these two Apple root certificates that Keychain reports as "This root certificate is not trusted."
com.apple.kerberos.kdc
com.apple.systemdefault
There was also a "localhost" certificate with a Comcast email address that was similarly marked as not trusted.
Any idea why any of these would not be trusted?
Thanks,
JC

Yes, reinstalling is the backup plan.
But this Macbook is about one year old. I should not cause that much trouble.

Can't access Exchange ActiveSync server - SSL certificates not being used

When I try to set up my email via Exchange ActiveSync to a corporate server, I am unable to connect. I am using the same exact settings as on an iPhone, where I am able to successfully connect.
Reading the console log in the iPhone configuration utility, the problem appears to be that the iPad is not using the corporate certificates I have installed to enable SSL access to the Exchange server. These certificates are installed in the exact same way they are on my iPhone, where they work correctly.
Has anyone else had a similar problem accessing Exchange mail using SSL certificates? Any ideas on how to fix this? Or is this a bug in the iPad software?

IM having the same problem. iPhone works fine on exchange atvwork but iPad with same settings says cannot connect to exchange server. Have you figured anything out yet?
Tom

Certificates NOT trusted

Hello all.......
I have issues w/ "com.apple.systemdefault" certificate (& other Apple certificates) not being trusted... I have yet to find a response to queries re: same.... Is this something no one can answer OR maybe a too simple a problem to take time with?
TIA, Jack

Hello all.......
I have issues w/ "com.apple.systemdefault" certificate (& other Apple certificates) not being trusted... I have yet to find a response to queries re: same.... Is this something no one can answer OR maybe a too simple a problem to take time with?
TIA, Jack

Firefox blocks sites certificate not trusted

I reset firefox to try and cure a email printing issue where firefix was printing all emails in tiny font. After the reset firefox would not access sites like google because the certificate was not trusted. I tried turning off my security system - Norton - but that didn't correct the problem. I also reinstalled firefox but the problem persisted. Also made sure that I had the proper time set in the computer. I'm using IE to get my emails and access sites that firefox is blocking me from but would like to cure the firefox issue.

hello, a possible solution depends on different factors:
* what is the '''error code''' shown under ''technical details'' on the error page?
in case the error code equals ''sec_error_unknown_issuer'', please attempt to add an exception on the bottom of the error page & inspect the certificate (see the screenshot attached for instructions):
* which '''issuer information''' does the certificate contain?
thank you!
[["This Connection is Untrusted" error message appears - What to do]]

Thawte SSL certificate not trusted?

Similar Messages

Maybe you are looking for