You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ofbiz.apache.org by Jeff Lowery <je...@mavericklabel.com> on 2012/10/17 22:49:17 UTC

ofbizssl.jks trusted certs not being found by framework

Hi all,

I'm trying to access UPS and FedEx servers (ofbiz1104) and get certificate errors;  the ofbizssl.jks file is located in base/config.  

An error I see is:

2012-10-17 13:14:50,629 (http-0.0.0.0-8080-4) [         HttpClient.java:490:WARN ] Certificate error when accessing url [https://wwwcie.ups.com/ups.app/xml/Rate]: No trusted certificate found

If I list certs in the ofbizssl.jks keystore,  I see:

Alias name: wwwcie.ups.com (verisign class 3 secure server ca - g3)
Creation date: Oct 12, 2012
Entry type: trustedCertEntry

Owner: CN=wwwcie.ups.com, OU=J2EE, O=United Parcel Service, L=Mahwah, ST=New Jersey, C=US
Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Serial number: ...
Valid from: Thu Mar 01 16:00:00 PST 2012 until: Mon Apr 11 16:59:59 PDT 2016
Certificate fingerprints:
	...
	 Signature algorithm name: SHA1withRSA
	 Version: 3

I tried exporting/reimporting to another .jks… no errors, all keys imported, but the new .jks doesn't work, either.

One curious thing I've discovered:  if I put a dummy env var into the keystoreFile value (in ofbiz-containers) such as "${flum}/...", I see an error in the log saying it can't find the path ".../runtime/catalina/${flum}/...". I tried putting a copy of the keystore in runtime/catalina/framework/base/config, but that didn't help.

Thanks,

Jeff

Re: ofbizssl.jks trusted certs not being found by framework

Posted by Jacques Le Roux <ja...@les7arts.com>.

You might try these
https://cwiki.apache.org/confluence/display/OFBIZ/FAQ+-+Tips+-+Tricks+-+Cookbook+-+HowTo#FAQ-Tips-Tricks-Cookbook-HowTo-Certificate
https://cwiki.apache.org/confluence/display/OFBIZ/How+to+configure+authorize.net+certificates

Jacques

Jeff Lowery wrote:
> Hi all,
> 
> I'm trying to access UPS and FedEx servers (ofbiz1104) and get certificate errors;  the ofbizssl.jks file is located in
> base/config. 
> 
> An error I see is:
> 
> 2012-10-17 13:14:50,629 (http-0.0.0.0-8080-4) [         HttpClient.java:490:WARN ] Certificate error when accessing url
> [https://wwwcie.ups.com/ups.app/xml/Rate]: No trusted certificate found 
> 
> If I list certs in the ofbizssl.jks keystore,  I see:
> 
> Alias name: wwwcie.ups.com (verisign class 3 secure server ca - g3)
> Creation date: Oct 12, 2012
> Entry type: trustedCertEntry
> 
> Owner: CN=wwwcie.ups.com, OU=J2EE, O=United Parcel Service, L=Mahwah, ST=New Jersey, C=US
> Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust
> Network, O="VeriSign, Inc.", C=US 
> Serial number: ...
> Valid from: Thu Mar 01 16:00:00 PST 2012 until: Mon Apr 11 16:59:59 PDT 2016
> Certificate fingerprints:
> ...
> Signature algorithm name: SHA1withRSA
> Version: 3
> 
> I tried exporting/reimporting to another .jks… no errors, all keys imported, but the new .jks doesn't work, either.
> 
> One curious thing I've discovered:  if I put a dummy env var into the keystoreFile value (in ofbiz-containers) such as
> "${flum}/...", I see an error in the log saying it can't find the path ".../runtime/catalina/${flum}/...". I tried putting a copy
> of the keystore in runtime/catalina/framework/base/config, but that didn't help.  
> 
> Thanks,
> 
> Jeff