You need to sign in to do that
Don't have an account?
"Could not find trusted certificate"
I'm porting to the new partner API, using Java and Axis 1.1. Things were going fine then I started hitting the exception listed below. I went back and ran a simple global describe script that was working earlier in the day and got the same exception. Is is possible that something has changed with the server side certificates? I would not expect a certificate to work and then stop working a few minutes later...
Actually, this traceback is from API version 2.0, but the 2.5 traceback is nearly the same. Both versions are now doing the same thing.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Could not find trusted certificate
at org.apache.axis.AxisFault.makeFault(AxisFault.java:129)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:131)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
at org.apache.axis.client.Call.invoke(Call.java:2553)
at org.apache.axis.client.Call.invoke(Call.java:2248)
at org.apache.axis.client.Call.invoke(Call.java:2171)
at org.apache.axis.client.Call.invoke(Call.java:1691)
at salesforce.SalesforceConnectorBindingStub.login(SalesforceConnectorBindingStub.java:413)
Message Edited by SergeantAgni on 01-07-2004 04:45 PM
Hi SergeantAgni,
We are tracking a problem related to the certificate issue that you have been experiencing. It seems to only be affecting Axis clients, which is kind of strange. Don't change your code, this is an issue on our end.
I am also receiving the same type of error:
Login failed: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
Please let us know if a solution was found. Thanks
Hello All,
Please see the post on the announcements board for a resolution.
I've upgraded to the latest JRE but am still experiencing the same problem. This is the message that returns from SForce.
-- End POST request --
<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fjavax.net.ssl.SSLHandshakeException: java.security.cert.CertificateEx
ception: Untrusted Server Certificate Chainault> <faultCode>Server</faultCode><faultString>java.security.cert.CertificateExceptio
n: Untrusted Server Certificate Chain</fau
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at cltString></SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Hi rrr,
What is the url that you are getting this response from?
https://www.salesforce.com/services/Soap/u/2.5
Hi rrr,
Are you still getting that error response?
Yes, we still get the same error.
I've upgraded to the latest Java SDK and no longer see the problem.
Thanks
--Brad
As noted by many people on this thread, simply upgrading your JDK version resolves this issue.
I did however, have a machine where I wanted to preserve the current JDK version and simply upgrade the certificate store.
To add further complications, there were multiple versions of the JDK on this machine.
After following the directions as per the link - http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57436 - I was still getting the "SSLHandshakeException: Could Not find Trusted Certificate." error.
The problem turned out be resolved when I explicitly pointed to the appropriate JDK version, AND I also had to point to the appropriate certificate store via a command line swich.
If it helps anyone out, who might want to patch an existing JDK, I have included the contents of a batch file I wrote to perform this process. You'll also note at the bottom of the script, I have included the command line parameters I had to include to make stop the error occurring.
You'll obviously have to change JDK versions and paths to match your environment.
Hope this helps,
Dom
@echo off
echo "This follows the procedure as defined in http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57436"
echo "This batch file assumes that you have downloaded and unzipped the certificates."
echo "unzip them to d:\spool\install\Verisign"
c:
cd \j2sdk1.4.1_02\jre\lib\security
echo "make sure you have made a backup copy of c:\j2sdk1.4.1_02\jre\lib\security\cacerts!!!
rem copy cacerts cacerts.bak
pause
rem echo "about to delete existing certificates"
rem c:\j2sdk1.4.1_02\bin\keytool -delete -alias verisignclass2ca2028 -keystore .\cacerts -storepass changeit
rem c:\j2sdk1.4.1_02\bin\keytool -delete -alias verisignclass3ca2028 -keystore .\cacerts -storepass changeit
rem pause
d:
cd \spool\install\Verisign
echo "about to import new certificates
c:\j2sdk1.4.1_02\bin\keytool -import -v -keystore C:\j2sdk1.4.1_02/jre/lib/security/cacerts -storepass changeit -alias verisignclass2ca2028 -file "./VeriSign - Thawte Combined Roots/VeriSign_Roots/PCA2ss_v4.509
c:\j2sdk1.4.1_02\bin\keytool -import -v -keystore C:\j2sdk1.4.1_02\jre/lib/security/cacerts -storepass changeit -alias verisignclass3ca2028 -file "./VeriSign - Thawte Combined Roots/VeriSign_Roots/PCA3ss_v4.509
pause
echo "about to save a verbose certificate listing to c:\j2sdk1.4.1_02\jre\lib\security\certificates.txt"
c:
cd \j2sdk1.4.1_02\jre\lib\security
c:\j2sdk1.4.1_02\bin\keytool -list -v -keystore .\cacerts -storepass changeit > certificates.txt
echo "to this this, simply run the SFDC quickstart and prove that the login method works"
echo "if these new certificates are not recognised you may need to explicitly point to this keystore via a command line paramater"
echo "eg. java -version:1.4.1_02 -Djavax.net.ssl.trustStore=C:\j2sdk1.4.1_02\jre\lib\security\cacerts"
pause
This thread has been answered by a bunch of people saying you have to upgrade to the latest JRE.
True.
However, even after doing this, I kept getting the No certificate found error.
One additional problem I had was that JBuilder was still pointing to the old JRE. I had to go into Project->Project Properties, and
1) add the new JDK path to the list of options available
2) change the JDK path to point to that newly added path.
Of course, if I had just read the instructions in the sforce release notes, I wouldn't have tripped over this for so long.
RTFM I guess.