Archive

Archive for the ‘WebSphere’ Category

Connect WebSphere to Salesforce.com via SSL

November 5th, 2008 3 comments

So, you’ve got your spiffy WAS app that connects to salesforce.com, and deployed it on the app server, but when it actually tries to connect you’re getting errors like this:

[11/5/08 14:04:15:256 PST] 00000033 SystemOut     O CWPKI0022E: SSL HANDSHAKE FAILURE:  A signer with SubjectDN “CN=cs2-api.salesforce.com, OU=Applications, O=”Salesforce.com, Inc.”, STREET=The Landmark at 1 Martket, L=San Francisco, ST=California, POSTALCODE=94105, C=US, SERIALNUMBER=2991326, OID.2.5.4.15=”V1.0, Clause 5.(b)”, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US” was sent from target host:port “unknown:0”.  The signer may need to be added to local trust store “/apps/WebSphere/AppServer/profiles/AppSrv01/config/cells/ucasd16Cell01/trust.p12” located in SSL configuration alias “NodeDefaultSSLSettings” loaded from SSL configuration file “security.xml”.  The extended error messag e from the SSL handshake exception is: “No trusted certificate found”.

What to do? What your server is saying is, “I don’t have a trusted signer that matches the cert that I’m being presented with”. You probably see this all the time when you hit an untrusted (usually internal) web site and your browsers asks if you want to proceed (e.g., “The security certificate presented by this website was not issued by a trusted certificate authority.”). Typically you click yes, because you know the web site you’re hitting is one you trust. However, your server can’t do that, so you need to import that certificate for it.

There are a couple of ways to do this, and you can try each, depending on the site at salesforce.com that you’re hitting.

Read more…

Categories: WebSphere Tags: