|
We are running this on the iseries just straight java. We have been fighting with this all day. We have done the keytool and added the certificate to \qiBM\ProdData\Java400\jdk14\lib\security\cacerts. But we still get this error: com.taylor.docgate.DocgateException: DocgateDAOAImpl.Login.IOException: javax.net.ssl.SSLHandshakeException: Certificate is not signed by a trusted certificate authority. What are we missing? Am I doing this wrong? Is there an IBM person out there that can get in conatact with some help? Mike Wills Lawson Programmer/Administrator Taylor Development Email: mnwills@xxxxxxxxxxxxxx Direct Line: (507) 625-3187 -----Original Message----- From: Pete Helgren [mailto:pete@xxxxxxxxxx] Sent: Tuesday, November 11, 2003 1:49 PM To: Midrange Systems Technical Discussion Subject: RE: Certificate is not signed by a trusted certificate authority - java error Mike, we had an internal e-mail that dealt with a customer who had a certificate in IIS which they had to export to have Tomcat recognize it. These are the instructions which may or may not help but perhaps give you a clue: Export the certificate from IIS as follows: Start Internet Services Manager on your 2000 Server Open the default web site properties (or a virtual directory's properties, if the certificate is associated with that) Click the Directory Security tab Click "View Certificate" Click the Details tab Click "Copy to File" In the wizard, choose "Yes, export the private key" Choose PKCS #12 format without the strong protection (an IIS thing only) Assign a private key password (example: secret1) Pick a destination file - like \win2k\mycert.pfx A keystore file must already exist in order to move the certificate in the pfx file to the Java keystore file. If you don't already have one, here's how you can create a keystore file: cd \j2sdk1.4.2\bin keytool -genkey -alias junk -keyalg RSA -keystore \tomcat\keystore Example of a password to assign when prompted: secret2 Here's how to copy the pfx file to the keystore file: Copy the attached files to \j2sdk1.4.2\bin cd \j2sdk1.4.2\bin java keymove pkcs12 \win2k\mycert.pfx secret1 jks \tomcat\keystore secret2 If you created a "junk" key pair just to build the keystore file, you can get rid of it by doing the following: cd \j2sdk1.4.2\bin keytool -delete -alias junk -keystore \tomcat\keystore Once that is done, the \tomcat\keystore file can be referenced in Tomcat's server.xml configuration in the 8443 connector's XML tag/attributes. An example of that is: <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true"> <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="c:\Tomcat\keystore" keystorePass="secret2"/> </Connector> Not sure what server you are running but this might get the "creative juices" flowing. Pete Helgren Timp Tech/Ed Tech Labs > -----Original Message----- > From: midrange-l-bounces@xxxxxxxxxxxx > [mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Wills, Mike N. > (TC) > Sent: Tuesday, November 11, 2003 10:49 AM > To: Midrange Systems Technical Discussion > Subject: Certificate is not signed by a trusted certificate authority > - java error > > > I am posting it here to hopefully get a quicker response. I have > received none so far from either java list. > > I am trying to connect to an internal SSL site with java and keep on > getting this error: > com.taylor.docgate.DocgateException: DocgateDAOAImpl.Login.IOException: > javax.net.ssl.SSLHandshakeException: Certificate is not signed by a > trusted certificate authority. > > How do get java to accept our SSL site as a trusted site? We do have a > "root certificate" for the company. > > What we are beginning to think is that java is either not using the > right cacerts file or it doesn't like the new entry in the file. Can > anyone at all help me out? > > Mike Wills > Lawson Programmer/Administrator > Taylor Corporation > Email: mnwills AT taylorcorpNOSPAM DOT com > AIM: iSeriesCodePoet > _______________________________________________ > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing > list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, > unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take > a moment to review the archives at > http://archive.midrange.com/midrange-l. > _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.