Hi All, I face a problem when invoke backend system. I am unable to invoke due to this certificate chain verifier rejected during SSL handshake. There are 3 certs(CA root cert, intermediate cert and server cert) and I had put it all into IS Trusted CA certificate directory. These certs chain are correct when we check the issuer and the subject of these certs. However, when I perform openssl verify, the cert chain seems to be not correct. When I reported to this backend system, they claimed that all other companies manage to invoke them successfully but only our EAI product not able to hit them. Is there anyway that IS server can bypass this chain verify? the externded setting below seems like not working.
watt.security.cert.wmChainVerifier.trustByDefault=true
use portecle-1.7.zip to check whether the certificates are the same with the ones you’ve been provided.
Also please note that after you put the partner’s certificates in the Trusted CA directory, you should restart IS server. From IS ver. 7 you can also use “Refresh Trusted CA Certificates Cache”, but it doesn’t work without some fix.
Hi,
i think you have transformed the certificates in the digital DER format?
try following:
/usr/sfw/bin/openssl s_client -showcerts -connect host:port you will get the complete chain from the host, check whether the certificates are the same with the ones you’ve been provided.