Monday, April 27, 2015

SSL HANDSHAKE FAILURE | Signer Certificate retrieve from port


CWPKI0022E: SSL HANDSHAKE FAILURE:  A signer with SubjectDN "CN=localhost, O=IBM, C=US" was sent from target host:port "localhost:443".  The signer may need to be added to local trust store "C:/IBM/WCD70_2/wasprofile/config/cells/localhost/nodes/localhost/trust.p12" located in SSL configuration alias "NodeDefaultSSLSettings" loaded from SSL configuration file "security.xml".  The extended error message from the SSL handshake exception is: "PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target".
00000053 SystemOut     O
00000053 SystemOut     O CWPKI0022E: SSL HANDSHAKE FAILURE:  A signer with SubjectDN "CN=localhost, O=IBM, C=US" was sent from target host:port "localhost:443".  The signer may need to be added to local trust store "C:/IBM/WCD70_2/wasprofile/config/cells/localhost/nodes/localhost/trust.p12" located in SSL configuration alias "NodeDefaultSSLSettings" loaded from SSL configuration file "security.xml".  The extended error message from the SSL handshake exception is: "PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target".
00000053 SystemOut     O
00000053 SystemOut     O
00000053 SystemOut     O CWPKI0428I: The signer might need to be added to the local trust store. You can use the Retrieve from port option in the administrative console to retrieve the certificate and resolve the problem. If you determine that the request is trusted, complete the following steps: 1. Log into the administrative console.  2. Expand Security and click SSL certificate and key management. Under Configuration settings, click Manage endpoint security configurations. 3. Select the appropriate outbound configuration to get to the (cell):localhost:(node):localhost management scope. 4. Under Related Items, click Key stores and certificates and click the NodeDefaultTrustStore key store. 5. Under Additional Properties, click Signer certificates and  Retrieve From Port.  6. In the Host field, enter localhost in the host name field, enter 443 in the Port field, and localhost_cert in the Alias field. 7. Click Retrieve Signer Information.  8. Verify that the certificate information is for a certificate that you can trust. 9. Click Apply and Save.
00000053 SystemOut     O
00000053 ExtendedInfo  I   CWXFR9010I: Extended information : [URL=https://localhost:8006/webapp/wcs/preview/servlet/static/helloworld/dewalt] [parameters=deleteCartCookie=true  ] [userId=-1002]
00000053 LoggingHelper E /GenericJSPPageError.jsp - java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target
                                 javax.servlet.jsp.JspException: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target
    at com.ibm.commerce.foundation.internal.client.taglib.RESTTag.myExecute(RESTTag.java:1238)
    at com.ibm.commerce.foundation.internal.client.taglib.RESTTag.execute(RESTTag.java:1067)
    at com.ibm.commerce.foundation.internal.client.taglib.RESTTag.doEndTag(RESTTag.java:537)

Goto Admin console -->Security section and
SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates
Retrieve from port

1 comment: