function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
atlantisatlantis 

javax.net.ssl.SSLHandshakeException -- SSL HANDSHAKE FAILURE

I built web app with partner wsdl 19.0 to connect to Force.com

 

App server: IBM WAS6,  jre: 1.4.2    It works fine.

 

But after WAS6 upgrates to WAS7, and I changed the jre to 1.6.  It has exceptions below:

 

I would really appreciate it if anyone could give me any clue?

 

 

Best Regards,

 

Atlantis

 

 

==========================================================

[8/4/10 15:47:25:861 CST] 00000029 servlet       I com.ibm.ws.webcontainer.servlet.ServletWrapper init SRVE0242I: [FileStorageEAR] [/file] [FilterProxyServlet]: Initialization successful.

[8/4/10 15:47:25:891 CST] 00000029 servlet       I com.ibm.ws.webcontainer.servlet.ServletWrapper init SRVE0242I: [FileStorageEAR] [/file] [AuthSvlt]: Initialization successful.

[8/4/10 15:47:31:790 CST] 00000029 WSX509TrustMa E   CWPKI0022E: SSL HANDSHAKE FAILURE:  A signer with SubjectDN "CN=*.cs0.force.com, EMAILADDRESS=networkengineering@salesforce.com, OU=Applications, O="Salesforce.com, Inc.", L=San Francisco, ST=California, C=US" was sent from target host:port "c.cs2.visual.force.com:443".  The signer may need to be added to local trust store "C:/Program Files/IBM/SDP/runtimes/base_v7/profiles/was70profile1/config/cells/FTD0098Node02Cell/nodes/FTD0098Node02/trust.p12" located in SSL configuration alias "NodeDefaultSSLSettings" loaded from SSL configuration file "security.xml".  The extended error message from the SSL handshake exception is: "PKIX path building failed: java.security.cert.CertPathBuilderException: invalid certificate, key identifier is missing from authority key identifier extension".

[8/4/10 11:22:13:239 CST] 0000002c SystemErr     R AxisFault
 faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
 faultSubcode:
 faultString: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: invalid certificate, key identifier is missing from authority key identifier extension
 faultActor:
 faultNode:
 faultDetail:
    {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: invalid certificate, key identifier is missing from authority key identifier extension
    at com.ibm.jsse2.n.a(n.java:42)
    at com.ibm.jsse2.sc.a(sc.java:277)
    at com.ibm.jsse2.gb.a(gb.java:354)
    at com.ibm.jsse2.gb.a(gb.java:292)
    at com.ibm.jsse2.hb.a(hb.java:118)
    at com.ibm.jsse2.hb.a(hb.java:162)
    at com.ibm.jsse2.gb.n(gb.java:262)
    at com.ibm.jsse2.gb.a(gb.java:177)
    at com.ibm.jsse2.sc.a(sc.java:71)
    at com.ibm.jsse2.sc.g(sc.java:167)
    at com.ibm.jsse2.sc.a(sc.java:357)
    at com.ibm.jsse2.sc.startHandshake(sc.java:97)
    at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
    at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
    at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
    at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
    at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
    at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
    at org.apache.axis.client.Call.invoke(Call.java:2767)
    at org.apache.axis.client.Call.invoke(Call.java:2443)
    at org.apache.axis.client.Call.invoke(Call.java:2366)
    at org.apache.axis.client.Call.invoke(Call.java:1812)
    at com.sforce.soap.partner.SoapBindingStub.getUserInfo(SoapBindingStub.java:3633)
    at com.fidelity.bean.InteractWithSf.verify(InteractWithSf.java:41)
    at com.fidelity.svlt.AuthSvlt.doPost(AuthSvlt.java:67)
    at com.fidelity.svlt.AuthSvlt.doGet(AuthSvlt.java:51)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:718)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1661)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1595)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:104)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:77)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:908)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:932)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:500)
    at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)
    at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:341)
    at com.ibm.ws.webcontainer.servlet.FilterProxyServlet.dispatch(FilterProxyServlet.java:88)
    at com.ibm.ws.webcontainer.servlet.FilterProxyServlet.service(FilterProxyServlet.java:62)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1661)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1595)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:104)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:77)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:908)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:997)
    at com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor.invokeFilters(DefaultExtensionProcessor.java:985)
    at com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor.handleRequest(DefaultExtensionProcessor.java:682)
    at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3826)
    at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:276)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:931)
    at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1583)
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:186)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:455)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:384)
    at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:83)
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1550)
Caused by: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: invalid certificate, key identifier is missing from authority key identifier extension
    at com.ibm.jsse2.util.e.b(e.java:78)
    at com.ibm.jsse2.util.e.b(e.java:45)
    at com.ibm.jsse2.util.d.a(d.java:12)
    at com.ibm.jsse2.gc.a(gc.java:15)
    at com.ibm.jsse2.gc.checkServerTrusted(gc.java:48)
    at com.ibm.ws.ssl.core.WSX509TrustManager.checkServerTrusted(WSX509TrustManager.java:358)
    at com.ibm.jsse2.hb.a(hb.java:116)
    ... 61 more
Caused by: java.security.cert.CertPathBuilderException: invalid certificate, key identifier is missing from authority key identifier extension
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.createCASelector(PKIXCertPathBuilderImpl.java:705)
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:594)
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:357)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:258)
    at com.ibm.jsse2.util.e.b(e.java:51)
    ... 67 more

    {http://xml.apache.org/axis/}hostname:FTD0098


Best Answer chosen by Admin (Salesforce Developers) 
atlantisatlantis

Finally , i found a solution to fix it

 

I got a certificate from browser and import it into WAS7.

 

To find how to import cert into was7, refer to link

http://www.hostmultiplesites.com/googlewebsphere.html

 

Dont forget to restart was.

 

Anybody who wanna know the reason why was7 doesnt work, refer to

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/csec_sslsecinstallclientsignret.html

 

OK, now it works.

 

Also, thanks zg and simon's reply again.

 

Regards,

Atlantis

All Answers

atlantisatlantis

[continued]

 

[8/4/10 11:22:13:239 CST] 0000002c SystemErr     R javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: invalid certificate, key identifier is missing from authority key identifier extension
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at org.apache.axis.client.Call.invoke(Call.java:2767)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at org.apache.axis.client.Call.invoke(Call.java:2443)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at org.apache.axis.client.Call.invoke(Call.java:2366)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at org.apache.axis.client.Call.invoke(Call.java:1812)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.sforce.soap.partner.SoapBindingStub.getUserInfo(SoapBindingStub.java:3633)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.fidelity.bean.InteractWithSf.verify(InteractWithSf.java:41)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.fidelity.svlt.AuthSvlt.doPost(AuthSvlt.java:67)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.fidelity.svlt.AuthSvlt.doGet(AuthSvlt.java:51)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at javax.servlet.http.HttpServlet.service(HttpServlet.java:718)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1661)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1595)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:104)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:77)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:908)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:932)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:500)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:341)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.servlet.FilterProxyServlet.dispatch(FilterProxyServlet.java:88)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.servlet.FilterProxyServlet.service(FilterProxyServlet.java:62)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1661)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1595)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:104)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:77)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:908)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:997)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor.invokeFilters(DefaultExtensionProcessor.java:985)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor.handleRequest(DefaultExtensionProcessor.java:682)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3826)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:276)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:931)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1583)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:186)
[8/4/10 11:22:13:249 CST] 0000002c SystemErr     R     at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:455)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:384)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:83)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1550)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R Caused by: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: invalid certificate, key identifier is missing from authority key identifier extension
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.n.a(n.java:42)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.sc.a(sc.java:277)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.gb.a(gb.java:354)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.gb.a(gb.java:292)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.hb.a(hb.java:118)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.hb.a(hb.java:162)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.gb.n(gb.java:262)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.gb.a(gb.java:177)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.sc.a(sc.java:71)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.sc.g(sc.java:167)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.sc.a(sc.java:357)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.sc.startHandshake(sc.java:97)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     ... 50 more
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R Caused by: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: invalid certificate, key identifier is missing from authority key identifier extension
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.util.e.b(e.java:78)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.util.e.b(e.java:45)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.util.d.a(d.java:12)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.gc.a(gc.java:15)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.gc.checkServerTrusted(gc.java:48)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.ws.ssl.core.WSX509TrustManager.checkServerTrusted(WSX509TrustManager.java:358)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.hb.a(hb.java:116)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     ... 61 more
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R Caused by: java.security.cert.CertPathBuilderException: invalid certificate, key identifier is missing from authority key identifier extension
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.security.cert.PKIXCertPathBuilderImpl.createCASelector(PKIXCertPathBuilderImpl.java:705)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:594)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:357)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:258)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     at com.ibm.jsse2.util.e.b(e.java:51)
[8/4/10 11:22:13:259 CST] 0000002c SystemErr     R     ... 67 more

atlantisatlantis

BTW, the Axis version I used is 1.4

zgcharley_09zgcharley_09

Hi, Atlantis

 

Take follow tips as references.

 

1), Please make sure the certificates in your trust store(trust.p12) are not expired. 

 

2), The security provider --IBMJSSE2 is used. Is the same security provider used both after and before upgrade?

 

 

Thanks

 

zg

atlantisatlantis

Hi zg,

 

Thank you for your reply.

 

1. I am not sure if I got the correct certificate. I can find two ways to get it.

  • client cert:  under link App Setup->Develop->API->Client Certificate
  • self-signed/ca-signed cert: under link Admin Setup->Security Controls->Certificate and Key Management

Is there any other way to find available cert?

 

I test client cert and self-signed cert which will expire in 2011, but it doesnt work. I can see that the two cert's signer are not the one mentioned in the error msg.

 

2. both was6 and was 7 use IBMJSSE2.

 

 

In all, i think there are two questions i am facing.

1. did i get correct cert?

2. was the was7 configured correctly? (including import cert etc)

 

zg, what do you think?

 

Thanks

SuperfellSuperfell

The client certs downloadable from the app are not related to SSL connections to salesforce (no client cert is needed for that). Its possible that your JSSE setup is missing the root certificate that the main saleforce certificate is signed with.

atlantisatlantis

Hi Simon,

 

Thanks for your reply.

 

I am not familiar with this kind of JSSE setup, but I would appreciate it if you could tell me how to do it with screen shot?

 

Or show the other resources I can find.

 

 

Thank you and best regards,

Atlantis

SuperfellSuperfell

Sorry, I've got no idea, from what i've seen the ibm library is nothing but trouble, not sure why you'd want to use it over the default implementation in the JDK.

atlantisatlantis

Hi Simon,

 

I dont understand your statement.

 

"not sure why you'd want to use it over the default implementation in the JDK."

 

I didnt do anything in java.

Could you explain it more detailed?

 

Thanks

Atlantis

SuperfellSuperfell

The JDK comes with a built-in implementation of the SSL support, something in your environment is overriding it to use the IBM JSEE library instead. (which is ultimately then generating the error you see)

atlantisatlantis

Finally , i found a solution to fix it

 

I got a certificate from browser and import it into WAS7.

 

To find how to import cert into was7, refer to link

http://www.hostmultiplesites.com/googlewebsphere.html

 

Dont forget to restart was.

 

Anybody who wanna know the reason why was7 doesnt work, refer to

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/csec_sslsecinstallclientsignret.html

 

OK, now it works.

 

Also, thanks zg and simon's reply again.

 

Regards,

Atlantis

This was selected as the best answer