Websphere 6.1 java ssl handshake exception No trusted certificate found

 转自:http://www.pdncommunity.com/pdn/board/message?board.id=payflow&message.id=7226

 

If you are experiencing problems connecting to Paypal websites from Websphere 6.1 only, and not from any other web servers like Tomcat, then this might be the solution to your problem.  It took me three days to figure out, and I don't want others to go through the same pain that I did.   The error message from Paypal will have a code of -12 and message:Timeout waiting for response Exceeded Reconnect attempts, check context for error, Current reconnect attempt = 4 If you turn on log debugging for Payflow API , then the java Stack Trace will contain a cause that looks like this: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate found  at com.ibm.jsse2.n.a(n.java:37)  The solution is to add the signer certificates for the paypal test and live websites to your trust store in WebSphere 6.1.  Here are the steps:  Under the Websphere admin console, on the left menu, Select Security -> SSL certificate and key management. In the right side main window, under Related Items section, choose "Key stores and certificates". In the new window that pops up, you should see three links: NodeDefaultKeyStore NodeDefaultTrustStore NodeLTPAKeys Click on "NodeDefaultTrustStore". In the "NodeDefaultTrustStore" window's "Configuration" tab, under the "Additional Properties" section, click on "Signer Certificates". In the signer certificates window, you should see three entries: -default -dummyclientsigner -dummyserversigner You should also see four buttons - Add, Delete, Extract, Retrieve from port. Select "Retrieve from port" if you don't already have the signer certificate from the paypal website. In order to retrieve the signer certificate for the test paypal website, these are the values to type in: Host: pilot-payflowpro.paypal.com Port: 443 Alias: Payflow_Pilot, this can be anything you want, its just a short name for the site. Click the button "Retrieve signer information".  This will return the signer certificate info for the paypal test website. Hit Apply. You will be prompted to "Save" or "Retrieve".  Click "Save" to save the signer certificate for the pilot Payflow web service into the trust keystore.  This will return the signer certificate info. If you would like to see snapshots of the Websphere admin console, please visit this link that shows how to solve the same problem for the Google website at  http://www.hostmultiplesites.com/googlewebsphere.html     Message Edited by PayPal_ToddS on 05-27-2009 01:46 PM Message Edited by Lesiley on 05-27-2009 01:48 PM Message Edited by Lesiley on 05-27-2009 01:49 PM 1 Kudos! Thanks! 05-27-2009 01:33 PM   Subscribe to this message's RSS Feed Highlight this Message Print this Message E-Mail this Message to a Friend Report Abuse to a Moderator

Re: Websphere 6.1 java ssl handshake exception No trusted certificate found   [ Edited ] Options      DonM Newbie Posts: 2 Registered: 06-02-2009 Message 2 of 3 Viewed 3,097 times Thanks for the info.  This is exactly what I need.  Only one problem.  When I click on "Retrieve signer information", I get this message:   CWPKI0661E: Unable to get certificate signer information from hostname "pilot-payflowpro.paypal.com" and port "443". Verify hostname and port are correct.   To bypass this problem, I found this post:   http://www.pdncommunity.com/pdn/board/message?board.id=payflow&thread.id=2976 (page 2)   which suggests using a DummyTrustManager class to overwrite Sun's JDK.  It works.  I am now able to connect and get the credit authorization.   Is this a good solution or is it an unsafe temporary work-around?   Any suggestions for correcting the CWPKI0661E error above? Message Edited by DonM on 06-02-2009 07:15 AM Kudos! Thanks! 06-02-2009 07:13 AM   Mark Message as New Subscribe to this message's RSS Feed Highlight this Message Print this Message E-Mail this Message to a Friend Report Abuse to a Moderator

Re: Websphere 6.1 java ssl handshake exception No trusted certificate found Options      DonM Newbie Posts: 2 Registered: 06-02-2009 Message 3 of 3 Viewed 3,078 times This apparently is a firewall issue.  In my Java application I am going through a proxy and the WebSphere 6.1 console is not.  I downloaded the certificate through my browser and then used the the "Add" button instead of the "Retrieve from port" option.  It works now without the DummyTrustManager work-around. Kudos! Thanks! 06-02-2009 12:01 PM