Boa tarde senhores, peço desculpas pela minha ignorância, sou juninho nesse negócio de SSL.
Tenho um servidor BEA WEBLOGIC 8.1 e um aplicativo servidor que implementa WebServices publicados neste servidor BEA.
Gerei a chave e inclusive o CA do certificado, importei para o servidor mas obtive o erro:
[size=18]; nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found [/size]
Isto ao tentar consumir o serviço atráves do Axis.
Os passo que executei no para gerar o certificado foram os seguintes extraídos da Web:
1.- Open a command prompt and change to directory E:\openpages\OpenpagesDomain. At the command prompt type PATH=E:\bea\jdk150_04\bin;%PATH%\
2.- Generate a local keystore containing a public/private key pair from the command line execute the following:
keytool -genkey -dname “cn=JBHBJ2ESR002, o=Risk Control, l=Tacoma, s=Washington, c=US” -keyalg RSA -alias business -keypass Kpassword -keystore BEAKeyStore.jks -storepass Spassword -validity 365
This command creates the keystore named “BEAKeyStore.jks” in the same directory where the keytool was executed (OpenPagesDomain). The “keystore” password in the example is ‘Spassword’ - this is used when accessing or updating the BEAKeyStore.jks file. The other password (-keypass Kpassword) is used when importing the final CA cert into the keystore. After generating the above command, the keystore now contains a self-signed certificate.
To view details of the keystore, use the following command:
keytool -list -keystore BEAKeyStore.jks
You are prompted for the keystore password. This would be ‘Spassword’ in our example. On viewing the results, you will see an entry for ‘business’.
**Note: Make a copy of the BEAKeyStore.jks file (the keystore) and store it in a different directory for safe keeping. Certificates will be loaded into this keystore, and if the BEAKeyStore file needs to be regenerated for any reason, a new certificate request will need to be made to the CA. It is important to have a backup of the original file. See note in step 6 below for additional details
3. Generate a Certificate Signing Request, again using keytool:
keytool -certreq -alias business -keystore BEAKeyStore.jks -sigalg “MD5withRSA” -file ca_cert_request.csr
You will be prompted for both passwords:
Enter keystore password: Spassword
Enter key password for : Kpassword
This generates a request using the identity/alias “business”, matching the alias used in the keystore creation process, in a file named ca_cert_request.csr in OpenPagesDomain. This file needs to be submitted to a CA, specifying that the certificate is for a BEA WebLogic91 web server. The CA will authenticate this request and will send back a certificate, authenticating your public key.
Dai enviei a request ao certificador e recebi o arquivo .cer
e executei o seguinte passo:
keytool -import -alias root-certificate -keystore BEAKeyStore.jks -trustcacerts -file root-certificate.crt
If prompted to confirm addition of this certificate to the keystore, say ‘yes’.
Subi o console do BEA
Coloquei os parâmetros na aba SSL do console do bea. e quando chamei a requisição tomei o erro citado.
Por favor me qualquer ajuda ou manual de referencia, ou livro é muito bem válida