Topic
  • 2 replies
  • Latest Post - ‏2012-05-31T13:06:23Z by udaitheruler
JasonJava
JasonJava
16 Posts

Pinned topic WPS 7.0 on UNIX - SSL HANDSHAKE FAILURE

‏2012-01-18T00:04:57Z |
Appreciate any help in advance !

Env: UNIX box with WebSphere Application Server 7.0.0.11 and WebSphere Process Server 7.0.0.3

We just developed an application in WPS 7.0, it needs to make an outbound HTTPs web service call to another host. In my local test environment (WID 7), it works perfectly, after I added the signer certificate to "SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates" using "Retrieve from Port" option to get the certificate from the web service host.

However, the same trick does not seem to work on the Unix box with the same version. It is giving the following SSL handshake message even though I can see the same signer certificate added under "SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates"

1/17/12 16:11:05:662 CST 00000bf7 WSX509TrustMa E CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN "CN=DPCLSTPWS, O=your company, ST=CA , C=US" was sent from target host:port "121.101.21.89:3818". The signer may need to be added to local trust store "/opt/IBM2/wpspf/v70/WPSNode01/config/cells/WPSCell/trust.p12" located in SSL configuration alias "NodeDefaultSSLSettings" loaded from SSL configuration file "security.xml". The extended error message from the SSL handshake exception is: "PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target".

Do we have to add to the NodeDefaultKeystore too on UNIX box ?
  • JasonJava
    JasonJava
    16 Posts

    Re: WPS 7.0 on UNIX - SSL HANDSHAKE FAILURE

    ‏2012-01-30T06:17:54Z  
    I found out that the signer certificate needs to be imported in both CellDefaultTrustStore and NodeDefaultTrustStore.
  • udaitheruler
    udaitheruler
    1 Post

    Re: WPS 7.0 on UNIX - SSL HANDSHAKE FAILURE

    ‏2012-05-31T13:06:23Z  
    • JasonJava
    • ‏2012-01-30T06:17:54Z
    I found out that the signer certificate needs to be imported in both CellDefaultTrustStore and NodeDefaultTrustStore.
    hi can you please tell how u solved this issue. thanks in advance.