Solution:
I'm pretending you have a web application, which is attempting to access that restful service.
First, you must not place your stores via javax.net.ssl.*
properties, however use SSL configurations given in WebSphere. Hence comment all these setProperty()
calls. Second, you have to include your service server certificate to the trust store
Login to web admin console:
Go to Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates
Click on Retrieve from port
button, and seclude hostname, 443 port, and Alias.
Click On Retrieve singer information
button.
Accomplish, in case right certificate is imported (parent).
Save, and restart.
In few versions, the child certificate was imported (not the root), in that instance, you will have to manually download the root certificate and instanr (for example through browser, and import that one to the NodeDefaultTrustStore
, however this time employing Add
button, not Retrieve..
I lately had this similar problem with our db provider, they sent me their .crt file and I had to make a keystore with it.
keytool -import -alias "name" -file "/path/to/file" -keystore "/path/to/keystore/file" -storetype pkcs12 -storepass "keystorepass"
then at my main class I identified truststore and truststore pass:
System.setProperty("javax.net.ssl.trustStore", "/path/to/keystore/file");
System.setProperty("javax.net.ssl.trustStorePassword", "keystorepass");
One method to confirm that all of the necessary certificates are in your keystore is employing the “keytool” from the bin directory of the interface in use.
Begin an Administrator Command Prompt.
Navigate to the bin directory of the API method you are employing.
Type keytool –list
and review the certificates stocked. You must view at least one Verisign certificate authored by Avalara with an expiration date greater than the current date.
In case not, you may require to recreate the keystore with 'keytool' employing the "genkey" option and re-import your application certificates in case any of the components of the certificate chain are missing or out of date.