Hi all,

I’m creating a Java Client application that connects to a Reverse Invoke HTTPS port.

I was able to connect to the customer’s URL using both browser and plain Java HttpsURLConnection.
But when I try to create the connection using webMethods Client API (com.wm.app.b2b.client.Context) I aways get the exception:

I debugged the code and saw that the wmChainVerifier has no trustedDNs or signers. Is it correct?

I tried to use the same solution I used for the HttpsURLConnection but had no joy.

Any suggestion?

Thanks!

Juliano,

This message means the server’s certificate chain is not configured correctly. Integration Server’s client SSL implementation is less tolerant to problems in that area. It could be a missing certificate or extra certificate in the chain.

The openssl s_client -connect host:port -showcerts command can be helpful to figure out what the issue is.

Hi tbond,

Thanks for the quick reply…

I just ran the openssl you sent and got:

What does this mean?

Thanks!

That just tells you that your OpenSSL configuration does not trust the certificate returned by the server. That is normal unless you have the root certificate configured using the -CAfile option.

What you need to look at is the certificate chain returned from the server. It should show a series of certificates each one in order. It is right after the verify message.

I got those.

First is the customer’s certificate then a Verisign certificate.
The customer’s certificate is a version 3 cert.
Verisign’s is a Version 1.

But what’s the catch?

Version 1 certificates are obsolete but they are still around. Version 1 certs don’t have extensions such as “CA = true”. They can be part of the cert chain along with version 3.

Each certificate should have an issuer DN which matches the subject DN in the next certificate. The last certificate in the chain has to be verifiable by one of the certificates in your trusted CA list.

If you continue to have issues please open a SR with Global support.