【有关问题】Certificate chaining error in Websphere
【问题】Certificate chaining error in Websphere
在Websphere里尝试通过SSL连接LDAP服务器,遇到如下错误:
used by:com.ibm.jsse2.util:KIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=VeriSign class 3 xxxxxxx is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.jsse2.util.h.b(h.java:86)
at com.ibm.jsse2.util.h.b(h.java:2)
at com.ibm.jsse2.util.g.a(g.java:27)
查阅了下资料,应该是在默认的trust store list里没有加入我所连接的地址。
具体方法
在IBM Websphere console界面操作如下:
1# Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates > Retrieve from port
填入表单项:Host\Post\Alias
点击:Retrieve signer information > Apply
2# Security > SSL certificate and key management > Manage endpoint security configurations >Inbound(CellDefaultSSLSettings) > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Retrieve from port
填入表单项:Host\Post\Alias
点击:Retrieve signer information > Apply
-------------------------------------------
注:前提是CA证书已经导入到keystore里了。如果没有导入进来,请搜索导入方法。
【参考】http://stackoverflow.com/questions/27701181/certificate-chaining-error-in-websphere
在Websphere里尝试通过SSL连接LDAP服务器,遇到如下错误:
used by:com.ibm.jsse2.util:KIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=VeriSign class 3 xxxxxxx is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.jsse2.util.h.b(h.java:86)
at com.ibm.jsse2.util.h.b(h.java:2)
at com.ibm.jsse2.util.g.a(g.java:27)
查阅了下资料,应该是在默认的trust store list里没有加入我所连接的地址。
具体方法
在IBM Websphere console界面操作如下:
1# Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates > Retrieve from port
填入表单项:Host\Post\Alias
点击:Retrieve signer information > Apply
2# Security > SSL certificate and key management > Manage endpoint security configurations >Inbound(CellDefaultSSLSettings) > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Retrieve from port
填入表单项:Host\Post\Alias
点击:Retrieve signer information > Apply
-------------------------------------------
注:前提是CA证书已经导入到keystore里了。如果没有导入进来,请搜索导入方法。
【参考】http://stackoverflow.com/questions/27701181/certificate-chaining-error-in-websphere