`
angelbill3
  • 浏览: 256926 次
  • 性别: Icon_minigender_2
  • 来自: 杭州
社区版块
存档分类
最新评论

【问题】Certificate chaining error in Websphere

 
阅读更多
在Websphere里尝试通过SSL连接LDAP服务器,遇到如下错误:

used by:com.ibm.jsse2.util:KIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=VeriSign class 3  xxxxxxx is not trusted; internal cause is:
  java.security.cert.CertPathValidatorException: Certificate chaining error
  at com.ibm.jsse2.util.h.b(h.java:86)
  at com.ibm.jsse2.util.h.b(h.java:2)
  at com.ibm.jsse2.util.g.a(g.java:27)

查阅了下资料,应该是在默认的trust store list里没有加入我所连接的地址。

具体方法

在IBM Websphere console界面操作如下:

1# Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates > Retrieve from port

填入表单项:Host\Post\Alias

点击:Retrieve signer information > Apply

2# Security > SSL certificate and key management > Manage endpoint security configurations >Inbound(CellDefaultSSLSettings) > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Retrieve from port

填入表单项:Host\Post\Alias

点击:Retrieve signer information > Apply




-------------------------------------------
注:前提是CA证书已经导入到keystore里了。如果没有导入进来,请搜索导入方法。

【参考】http://stackoverflow.com/questions/27701181/certificate-chaining-error-in-websphere




分享到:
评论

相关推荐

Global site tag (gtag.js) - Google Analytics