No trusted certificate found

Sort:
You are not authorized to post a reply.
Author
Messages
Xin Li
Veteran Member
Posts: 133
Veteran Member

    We have installed e-punchout app and tried to configure to work with Grainger and IBM vendor sites. Both sent us their certificates and asked to install the certificates on our end. We did that. When click on Punchout Vendor icon link, it threw out error as:
    "com.ibm.jsse2.util.h: No trusted certificate found".

    Anyone had such experience? Your help is greatly appreciated.

    Dwightd
    Basic Member
    Posts: 12
    Basic Member
      As posted under a different topic, "Punchout Error" from Jay Riddle:

      Q: When I punchout to vendors which use secure http (https) I get this diagnostic. What does it mean?
      com.ibm.jsse2.util.h: No trusted certificate found
      A: Essentially this means that the webserver used to host your Remote Punchout Servlet needs to be configured to support the HTTPS protocol with this vendor. IBM Websphere Application Server (WAS) version 6.1.x has increased security compared to version 6.0.x and by default does not connect to sites which have not been explicitly allowed for. The instructions below should be sufficient to configure your WAS server:

      1. Log in to WebSphere admin console
      2. Click Security > SSL certificate and key management
      3. Click "Manage endpoint security configurations"
      4. In the "Inbound" section, click on the item that has "CellDefaultSSLSettings" in the name
      5. Click on "Key stores and certificates"
      6. Click "CellDefaultTrustStore"
      7. Click "Signer certificates"
      8. Click "Retrieve from port"
      9. In the "Host" field, enter the URL representing the site, without the protocol identifier; e.g., "PunchoutVendorURL.com"
      10. In the "Port" field, enter "443" (the default HTTPS port) -or- a vendor-provided non-standard port number.
      11. In the alias field, enter the same value used in step 9 above, -or- a descriptive name for the vendor, such as "My_test"
      12. Click "Retrieve signer information" You should then see a "Retrieved signer information" section with data about the certificate.
      13. Click OK
      14. Restart the WebSphere application server
      == END ==
      Xin Li
      Veteran Member
      Posts: 133
      Veteran Member

        Thanks for your. When I clicked on "Retrieve signer information", I got error message as "CWPKI0661E: Unable to get certificate signer information from hostname "www-01.ibm.com" and port "443". Verify hostname and port are correct."  Please advice what should I look for the cause?

        Dwightd
        Basic Member
        Posts: 12
        Basic Member
          The diagnostic seems fairly clear - it would appear that the URL (and/or
          port number) you used is not correct, as per the diagnostic. Why not try
          simply "www.ibm.com" and see what happens.

          -Dwight
          Xin Li
          Veteran Member
          Posts: 133
          Veteran Member

            Thanks for the reply. URL is provided by vendor.

            Dwightd
            Basic Member
            Posts: 12
            Basic Member
              Since the vendor provided you with the URL which resulted in the "
              "CWPKI0661E: Unable to get certificate signer information from hostname
              "www-01.ibm.com" and port "443". Verify hostname and port are correct."
              diagnostic I would suggest you bring this to the vendor's attention.
              John Henley
              Senior Member
              Posts: 3348
              Senior Member
                Is the vendor IBM? If not, that might be part of the problem...it's looking to www-01.ibm.com ...
                Thanks for using the LawsonGuru.com forums!
                John
                Xin Li
                Veteran Member
                Posts: 133
                Veteran Member

                  Yes. this is from IBM. IBM gave us the URL to connect to their b2b site using ssl.

                  Tim
                  Basic Member
                  Posts: 6
                  Basic Member
                    I read a post recently indicating that if you already have a certificate installed for that host, this message will be displayed. It doesn't have anything to do with not being able to connect.

                    As a sanity check, try connect to the site with your browser on the indicated port and see if you get an SSL-encrypted response.
                    You are not authorized to post a reply.