× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



If you're accessing a url via the as400 webcrawler can also be used.   
 
 
-----Original Message-----
From: Matt.Haas@xxxxxxxxxxx
To: web400@xxxxxxxxxxxx
Sent: Tue, 31 Oct 2006 9:55 AM
Subject: Re: [WEB400] Digital Certificate Manager issue


You shouldn't need to use DCM to do this. What you need is a keystore
(you can generate one on your PC using keytool) to hold the CA
certificate they are using. You then need to add the following code to
switch to that keystore:

// Location of the client keystore.
System.setProperty("javax.net.ssl.trustStore", "/path/to/.keystore");
// Use Sun's reference implementation of a URL handler for the "https"
URL protocol type.
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.interna
l.www.protocol");
// dynamically register sun's ssl provider
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); 


Matt

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On Behalf Of tim
Sent: Monday, October 30, 2006 7:12 PM
To: 'Web400'
Subject: [WEB400] Digital Certificate Manager issue

Hello,

 

I am writing a java application which will validate credit card
information.
I am using API's in an SDK from CyberSource. When I run the app on my PC
it
works fine.

 

When I run it on the iSeries I get "Certificate is not signed by a
trusted
certificate authority."

 

On the Cybersource website, I am able to generate a key. I when I tried
to
import the key (key.p12) into the *system  certificate store selecting
"Server or Client", I get the message "An error occurred during
certificate
validation. The issuer of the certificate may not be in the certificate
store or the issuer may not be enabled."

 

To get around that message I import the certificate into internet
explorer
which creates my "trusted root certificate authority". I then export it
and
import it using DCM specifying "certificate Authority". When I View
Certificate Authories, I see "CyberSourceCertAuth" listed as follows:

 


Common name

CyberSourceCertAuth


Organization unit

 


Organization name

 


Locality or city

 


State or province

 


Zip or postal code

 


Country or region

 

Additional information: 


Key length

1024


Private key

No


Certificate Authority (CA) enabled

Yes


Signed certificate

Yes


Serial number

343224324383831393931324324237393034353438


Validity period

03/14/03 04:53:40 - 03/14/12 04:53:40

Issuer: 


Common name

CyberSourceCertAuth


Organization unit

 


Organization name

 


Locality or city

 


State or province

 


Zip or postal code

 


Country or region

 

Certificate Revocation List (CRL) Location: 


CRL Location Name

None assigned


LDAP Server

None assigned

 

 

Now when I try to re-import the *.P12 file as a "Server or client"
certificate , it gives me the following message "A duplicate key exists
in
the certificate store. The certificate or the label may already be in
the
certificate store. The label must be unique" and it creates two
additional
CA's, but no server or client cert as follows:

 


 

Certificate Authority (CA)

Status





serialNumber=1374246484016790434557,CN=CyberSource_SJC_US

Enabled




serialNumber=16225033542424206433,CN=v342455

Enabled




CyberSource Certificate

Enabled

 

 

When I run my app, I still get the same message.

 

Can anyone shed any light on this?

 

Thanks.


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.