发表新帖
发表新帖

Certificate chaining error in Websphere

前端 未结
关注
2 549
难免孤独
难免孤独 2020-12-30 14:30

I am trying to consume a RESTful service from url https://someurl.com. I have added the following properties in my code:

 Security.setProperty(\"ssl.SocketFa
相关标签:
2条回答
  • 失恋的感觉
    2020-12-30 15:18

    I'm assuming you have a web application, which is trying to access that restful service.

    First, you should not set your stores via javax.net.ssl.* properties, but use SSL configurations provided in WebSphere. So comment all these setProperty() calls. Second, you have to add your service server certificate to the trust store.

    Login to web admin console:

    • Go to Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates
    • Click Retrieve from port button, and specify hostname, 443 port, and Alias.
    • Click Retrieve singer information button.
    • Verify, if correct certificate is imported (parent).
    • Save, and restart.

    In some versions, the child certificate was imported (not the root), in that case, you will have to manually download the root certificate and intermediate (e.g. via browser, and import that one to the NodeDefaultTrustStore, but this time using Add button, not Retrieve..

    0 讨论(0)
  • 梦如初夏
    2020-12-30 15:19

    This means your certificate is not added in cacerts. Try to execute this command as

    keytool -list -v -keystore your_path_to_cacerts (Provide the list of cert in cacerts) check by matching the serial number of your certificate. If it is not there then please follow the steps given below

    To export the Intermediate certificate: Internet Explorer -> Tools -> Internet Options -> Content -> Certificates -> To view the Certificate Path: Select Certificate -> View -> Certification Path -> To Export the Certificate: Select Certificate -> Export -> DER

    encoded Binary Format -> Save ( From Firefox -> Tools -> Options -> Advanced -> Encryption -> View Certificates ) (Given here - http://www-01.ibm.com/support/docview.wss?uid=swg21592616) after this add this exported certificate with below command

    keytool -import -trustcacerts -Keystore CACERTS(path) -alias alias -file cert path export in step 3

    My issue was the same and I am able to resolve it by following these steps

    0 讨论(0)
 看不清?
提交回复
热议问题