Everything else was fine and dandy until I hit bits of error with messages in the log:
SRVE0068E: Uncaught exception created in one of the service methods of the servlet
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
Caused by: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by XXXXXXX is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
I found this solution and poked around in the WebSphere Admin Console. It was a straightforward task of instructing WebSphere to contact the webservice host (even if in my case, it was actually itself) in order to retrieve the SSL information in the form of a "handshake".
This simple step closed the loop. My original assumption was that WebSphere would use the SSL certificate from the same keystore. This was incorrect. The keystore used by the application server as a host is different from the truststore that it uses when it performs the role of a webservice client.
No comments:
Post a Comment