Error in creating keystore for wM 8.2 IS using Portecle

Rankesh_Kumar1 · February 14, 2014, 5:03pm

@Kushal,

If you are running your IS on Unix/Linux, you need to be root to operate on port less than 1024.

Ref: Privileged Ports

HTH.

Thanks,
Rankesh

Kushal_Bangabash · February 14, 2014, 5:12pm

Thanks Rankesh…this was useful information

Regards,
Kushal

rmg · February 14, 2014, 9:00pm

Rankesh,

Thanks for the note…it seems a useful point.

Kushal_Bangabash · February 26, 2014, 5:38pm

Hi Rankesh and RMG,

While i am trying to send an outbound transaction to our external partners, i am getting this error:-

iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier

Currently, i believe that the external partner is rejecting my server’s certificate it is receiving at the beginning of the 2 way SSL handshake. Is it because that my partner’s system is unable to trust our server certificate??

Thanking in advance,
Kushal

rmg · February 26, 2014, 5:47pm

Yes…and also make sure the partner was given the new cert chain configured in their system as well and that way 2-way SSL hand shake works…

This error is almost always caused by a misconfiguration on either the SSL client or SSL server side.

Make sure to install the CA from both sites into the Integration Server’s Trusted Root directory, so that Integration Server can trust the certificate chain presented by SSL Server.

HTH,
RMG

Tong_Wang · February 26, 2014, 9:23pm

not only the CA root, also the CA intermediate cert need to be loaded in the Trust Store.
You don’t need to load the server cert to the trust store though.
Also, make sure the server returned the cert chain that they claimed having. You can use openssl to get the cert chain (sometimes, the browser will automatically fix the chain for you, which has different behavior than WM IS)

rmg · February 26, 2014, 11:16pm

Also on what OS are you trying to configuring this keystore on Windows or Unix (that IS hosted on) ? so depends on that you need to select the provider (a small note)

HTH,
RMG

Kushal_Bangabash · February 27, 2014, 11:17am

Thank you all.

I have already placed my CA root and intermediate in our IS truststore. Working to get the CA and intermediate of partner as well in truststore.

@RMG - our IS is on Unix box. Does this require any special way to create the provider WSDL ?

Thanks in advance,
Kushal

MR_as173d · February 28, 2014, 5:32am

After getting the certificates before installing, cross verify the certificates which are going to use and other party using the same by checking validity, Serial Number and once if every thing in sync then install the certificate and do a testing. Kindly let us know the updates.

rmg · March 3, 2014, 5:18pm

I was talking about Provider on the Keystore Properties screen.What did you set it there SUN or some thing else?

HTH,
RMG

Kushal_Bangabash · March 7, 2014, 5:11pm

Hi RMG,

Apologies for the late reply. The provider is set to SUN and the keystore type is JKS.

Thanks and regards,
Kushal

rmg · March 7, 2014, 6:53pm

OK assumed.

Suresh_Palanisamy3 · April 11, 2014, 8:19am

Both Public and CA certs can be shared to other partner and same applies to the partner

Kushal_Bangabash · January 29, 2021, 9:47am

Just a real late reply but the configuration had worked out. Completely forgot to update and thank everyone.

system · April 29, 2021, 9:47am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.