You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Jeff Lowery <je...@mavericklabel.com> on 2012/10/17 22:49:17 UTC
ofbizssl.jks trusted certs not being found by framework
Hi all,
I'm trying to access UPS and FedEx servers (ofbiz1104) and get certificate errors; the ofbizssl.jks file is located in base/config.
An error I see is:
2012-10-17 13:14:50,629 (http-0.0.0.0-8080-4) [ HttpClient.java:490:WARN ] Certificate error when accessing url [https://wwwcie.ups.com/ups.app/xml/Rate]: No trusted certificate found
If I list certs in the ofbizssl.jks keystore, I see:
Alias name: wwwcie.ups.com (verisign class 3 secure server ca - g3)
Creation date: Oct 12, 2012
Entry type: trustedCertEntry
Owner: CN=wwwcie.ups.com, OU=J2EE, O=United Parcel Service, L=Mahwah, ST=New Jersey, C=US
Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Serial number: ...
Valid from: Thu Mar 01 16:00:00 PST 2012 until: Mon Apr 11 16:59:59 PDT 2016
Certificate fingerprints:
...
Signature algorithm name: SHA1withRSA
Version: 3
I tried exporting/reimporting to another .jks… no errors, all keys imported, but the new .jks doesn't work, either.
One curious thing I've discovered: if I put a dummy env var into the keystoreFile value (in ofbiz-containers) such as "${flum}/...", I see an error in the log saying it can't find the path ".../runtime/catalina/${flum}/...". I tried putting a copy of the keystore in runtime/catalina/framework/base/config, but that didn't help.
Thanks,
Jeff
Re: ofbizssl.jks trusted certs not being found by framework
Posted by Jacques Le Roux <ja...@les7arts.com>.
You might try these
https://cwiki.apache.org/confluence/display/OFBIZ/FAQ+-+Tips+-+Tricks+-+Cookbook+-+HowTo#FAQ-Tips-Tricks-Cookbook-HowTo-Certificate
https://cwiki.apache.org/confluence/display/OFBIZ/How+to+configure+authorize.net+certificates
Jacques
Jeff Lowery wrote:
> Hi all,
>
> I'm trying to access UPS and FedEx servers (ofbiz1104) and get certificate errors; the ofbizssl.jks file is located in
> base/config.
>
> An error I see is:
>
> 2012-10-17 13:14:50,629 (http-0.0.0.0-8080-4) [ HttpClient.java:490:WARN ] Certificate error when accessing url
> [https://wwwcie.ups.com/ups.app/xml/Rate]: No trusted certificate found
>
> If I list certs in the ofbizssl.jks keystore, I see:
>
> Alias name: wwwcie.ups.com (verisign class 3 secure server ca - g3)
> Creation date: Oct 12, 2012
> Entry type: trustedCertEntry
>
> Owner: CN=wwwcie.ups.com, OU=J2EE, O=United Parcel Service, L=Mahwah, ST=New Jersey, C=US
> Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust
> Network, O="VeriSign, Inc.", C=US
> Serial number: ...
> Valid from: Thu Mar 01 16:00:00 PST 2012 until: Mon Apr 11 16:59:59 PDT 2016
> Certificate fingerprints:
> ...
> Signature algorithm name: SHA1withRSA
> Version: 3
>
> I tried exporting/reimporting to another .jks… no errors, all keys imported, but the new .jks doesn't work, either.
>
> One curious thing I've discovered: if I put a dummy env var into the keystoreFile value (in ofbiz-containers) such as
> "${flum}/...", I see an error in the log saying it can't find the path ".../runtime/catalina/${flum}/...". I tried putting a copy
> of the keystore in runtime/catalina/framework/base/config, but that didn't help.
>
> Thanks,
>
> Jeff