I actually just got done implementing Cybersource on the iSeries(small
world).  You need to install a certificate named entrust_ssl_ca.cer on your
iSeries through DCM (Digital Certificate Manager).  I would just email you
the .cer file, but I don't know if I am legally allowed to do that so please
get in touch with your Cybersource rep and ask them for that file.

Also note, you do NOT need to install your .p12 files through DCM.  They are
simply used by the Java processes for WS-Security profile purposes as I
understand it (they have all that serialized into a class).  Instead you
just need to have them sitting on your IFS in the directory specified in the
cybs.properties keysDirectory name/value pair.

HTH,
Aaron Bartell
http://mowyourlawn.com



-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of tim
Sent: Monday, October 30, 2006 6:13 PM
To: Midrange Forumn
Subject: Digital Certificate Manager issue

Hello,

 

I am writing a java application which will validate credit card information.
I am using API's in an SDK from CyberSource. When I run the app on my PC it
works fine.

 

When I run it on the iSeries I get "Certificate is not signed by a trusted
certificate authority."

 

On the Cybersource website, I am able to generate a key. I when I tried to
import the key (key.p12) into the *system  certificate store selecting
"Server or Client", I get the message "An error occurred during certificate
validation. The issuer of the certificate may not be in the certificate
store or the issuer may not be enabled."

 

To get around that message I import the certificate into internet explorer
which creates my "trusted root certificate authority". I then export it and
import it using DCM specifying "certificate Authority". When I View
Certificate Authories, I see "CyberSourceCertAuth" listed as follows:

 


Common name

CyberSourceCertAuth


Organization unit

 


Organization name

 


Locality or city

 


State or province

 


Zip or postal code

 


Country or region

 

Additional information: 


Key length

1024


Private key

No


Certificate Authority (CA) enabled

Yes


Signed certificate

Yes


Serial number

343224324383831393931324324237393034353438


Validity period

03/14/03 04:53:40 - 03/14/12 04:53:40

Issuer: 


Common name

CyberSourceCertAuth


Organization unit

 


Organization name

 


Locality or city

 


State or province

 


Zip or postal code

 


Country or region

 

Certificate Revocation List (CRL) Location: 


CRL Location Name

None assigned


LDAP Server

None assigned

 

 

Now when I try to re-import the *.P12 file as a "Server or client"
certificate , it gives me the following message "A duplicate key exists in
the certificate store. The certificate or the label may already be in the
certificate store. The label must be unique" and it creates two additional
CA's, but no server or client cert as follows:

 


 

Certificate Authority (CA)

Status





serialNumber=1374246484016790434557,CN=CyberSource_SJC_US

Enabled




serialNumber=16225033542424206433,CN=v342455

Enabled




CyberSource Certificate

Enabled

 

 

When I run my app, I still get the same message.

 

Can anyone shed any light on this?

 

Thanks.

 

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.