|
You shouldn't need to use DCM to do this. What you need is a keystore (you can generate one on your PC using keytool) to hold the CA certificate they are using. You then need to add the following code to switch to that keystore: // Location of the client keystore. System.setProperty("javax.net.ssl.trustStore", "/path/to/.keystore"); // Use Sun's reference implementation of a URL handler for the "https" URL protocol type. System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.interna l.www.protocol"); // dynamically register sun's ssl provider Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); Matt -----Original Message----- From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of tim Sent: Monday, October 30, 2006 7:12 PM To: 'Web400' Subject: [WEB400] Digital Certificate Manager issue Hello, I am writing a java application which will validate credit card information. I am using API's in an SDK from CyberSource. When I run the app on my PC it works fine. When I run it on the iSeries I get "Certificate is not signed by a trusted certificate authority." On the Cybersource website, I am able to generate a key. I when I tried to import the key (key.p12) into the *system certificate store selecting "Server or Client", I get the message "An error occurred during certificate validation. The issuer of the certificate may not be in the certificate store or the issuer may not be enabled." To get around that message I import the certificate into internet explorer which creates my "trusted root certificate authority". I then export it and import it using DCM specifying "certificate Authority". When I View Certificate Authories, I see "CyberSourceCertAuth" listed as follows: Common name CyberSourceCertAuth Organization unit Organization name Locality or city State or province Zip or postal code Country or region Additional information: Key length 1024 Private key No Certificate Authority (CA) enabled Yes Signed certificate Yes Serial number 343224324383831393931324324237393034353438 Validity period 03/14/03 04:53:40 - 03/14/12 04:53:40 Issuer: Common name CyberSourceCertAuth Organization unit Organization name Locality or city State or province Zip or postal code Country or region Certificate Revocation List (CRL) Location: CRL Location Name None assigned LDAP Server None assigned Now when I try to re-import the *.P12 file as a "Server or client" certificate , it gives me the following message "A duplicate key exists in the certificate store. The certificate or the label may already be in the certificate store. The label must be unique" and it creates two additional CA's, but no server or client cert as follows: Certificate Authority (CA) Status serialNumber=1374246484016790434557,CN=CyberSource_SJC_US Enabled serialNumber=16225033542424206433,CN=v342455 Enabled CyberSource Certificate Enabled When I run my app, I still get the same message. Can anyone shed any light on this? Thanks.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.