[30.01.2014 08:58:25:923 EET] 000000b9 WSX509TrustMa E CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN "....." was sent from target host:port "host_name:port_number".
The signer may need to be added to local trust store "/opt/IBM/WebSphere/AppServer/profiles/AppSrv02/config/cells/wastest851Cell01/trust.p12" located in SSL configuration alias "NodeDefaultSSLSettings"
loaded from SSL configuration file "security.xml".
The extended error message from the SSL handshake exception is: "PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by " ....Elektronik Sertifika Hizmet Sağlayıcısı..." is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error".
CWPKI0428I: The signer might need to be added to the local trust store.
You can use the Retrieve from port option in the administrative console to retrieve the certificate and resolve the problem.
If you determine that the request is trusted, complete the following steps:
1. Log into the administrative console.
2. Expand Security and click SSL certificate and key management. Under Configuration settings, click Manage endpoint security configurations.
3. Select the appropriate outbound configuration to get to the (cell):wastest851Cell01 management scope.
4. Under Related Items, click Key stores and certificates and click the CellDefaultTrustStore key store.
5. Under Additional Properties, click Signer certificates and Retrieve From Port.
6. In the Host field, enter hostname in the host name field, enter portnumber in the Port field, and hostname_cert or in the Alias field.
7. Click Retrieve Signer Information.
8. Verify that the certificate information is for a certificate that you can trust.
9. Click Apply and Save
If you can not import and install SSL certificates using script ikeyman.sh , use WAS admin console ,
While inserting a certificate from WAS admin console , connection may refused by proxy server.
"Making proxy out-of-service > insert SSL certificate using retrieve signer information in related scope > Open proxy again. " may work
http://www-01.ibm.com/support/docview.wss?uid=swg21650234
http://www-01.ibm.com/support/docview.wss?uid=swg21592616
Hiç yorum yok:
Yorum Gönder