The issuerDN and subjectDN don't appear to match in your "self signed"
certificates. This is
why Certicom is thinking they are not self signed.

From your log:

Issuer:C=US, ST=Texas, L=McKinney, O=Experian-Scorex, OU=Support,
CN=TransactWebCertificate
Subject:C=US, ST=Texas, L=McKinney, O=Experian-Scorex, OU=Support,
CN=205.174.35.197

Note the log indicates the CN is different, so Certicom is looking for a CA
certificate with a SubjectDN that
matches the IssueDN of that certificate. If it doesn't find a trusted CA
that matches that IssuerDN it will
not be able to complete the chain and trust it.

Verify whether the IssuerDN and SubjectDN inthe certificate really match
exactly. If not, confirm whether
those certs really are self signed, or if they really do have CA's that you
need to add to your trusted CA list
on your client. If the certificates are supposed to be self signed, then
chang the subjectDN and IssuerDN to match.

Tony

"George Aung" wrote in message
news:3f0c2062$1@newsgroups.bea.com...
>
> We are in the process of migrating from WLS 5.1 to WLS 7.2 and we are

having issues
> with using SSL client(i.e. call other secured URLs from WebLogic 7.2 -

Self Signed
> and from commerical CAs) This is a working code in WLS 5.1.
>
> THis is what we used to do in WLS 5.1, JDK1.2.2 on Solairs 7 with 1.0.2

versions
> of jnet.jar, jsse.jar and jcert.jar.
>
> 1) Import client certs from self signed using keytool into
jdk>/jre/lib/security/jssecacerts.
> 2) Ensure that jsse.jar, jnet.jar and jcert.jar are in the class path.
> 3) Following code snippet works like a charm:-
>
>

System.setProperty"java.protocol.handler.pkgs","com.sun.net.ssl.internal.www
..protocol");
> Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
>
> String fullUrlStr = (m_useHTTPS ? HTTPS : HTTP) + m_url;
> m_logger.log("full url str=" + fullUrlStr, LogLevel.DEBUG, methodName);
>
> URL url = new URL( fullUrlStr );
>
> HttpURLConnection conn = (HttpURLConnection)url.openConnection();
> conn.setDoInput( true );
> conn.setDoOutput( true );
> conn.setUseCaches( false );
> if( dataType == DATA_XML ){
> conn.setRequestProperty("Content-Type", "text/xml");
> }else {
> //
> // netscape & .Net workaround
> //
> conn.setRequestProperty("Content-Type",

"application/x-www-form-urlencoded");
> }
> //
> // post data
> //
> DataOutputStream output = null;
> output = new DataOutputStream( conn.getOutputStream() );
> output.writeBytes( data );
> output.flush();
> output.close();
>
> // Return codes
> // 2** SUCCESS
> // 3** REDIRECTION
> // 4** CLIENT ERROR
> // 5** SERVER ERROR
> if( conn.getResponseCode() >= 400 ) {
> throw new IOException( conn.getResponseMessage() );
> }
> BufferedReader input = new BufferedReader( new InputStreamReader(
> conn.getInputStream() ) );
>
> String str = null;
> while( ((str = input.readLine())) != null ) {
> respData.append( str );
> }
> input.close();
>
> return respData.toString();
>
>
>
> When we do the same with WLS7.2, JDK 1.3.1_06 on Solaris 8 with jsse.jar

version
> 1.0.3 then we get the
> following exception. ( WebLogic seems to be intercepting SSL - BEA uses

certicom
> to do this ). BEA has suggested removing jsse.jar and remove registering

of "com.sun.net.ssl.internal.www.protocol"
> as security provider and add "weblogic.net" into security provider and use

weblogic.net.http.HttpURLConnection
> instead of HttpURLConnection. This only seems to work with versign or

thawte but
> not with Self Signed sites and we have alot of vendors that we connect

that are
> self signed. Any clues?:
>
>
>
> Home class name = com.juniper.bus.decision.ejb.DecisionHome
> JDK Protocol Handlers and Security Providers:
> java.protocol.handler.pkgs - com.sun.net.ssl.internal.www.protocol
> provider[0] - SUN - SUN (DSA key/parameter generation; DSA signing;

SHA-1,
> MD5 digests; SecureRandom; X.509 certificates; JKS keystore)
> provider[1] - SunRsaSign - SUN's provider for RSA signatures
> provider[2] - SunJSSE - Sun JSSE provider(implements RSA Signatures,

PKCS12,
> SunX509 key/trust factories, SSLv3, TLSv1)
>
>
> <000000>
export
> limited>
> <000000>
applied>
> <000000>
SSLSocket>
> <000000>


> 8109733>
> <000000>
Muxing>
> <000000>


> 2189658>
> <000000>
offset =
> 0 length = 77>
> <000000>


> <000000>
false>
> <000000>


> <000000> <7837106

readRecord()>
> <000000> <7837106 received

HANDSHAKE>
> <000000>
ServerHello>
> <000000>
Certificate>
> <000000>
validation
> checks: 205.174.35.197>
> <000000>
validateErr
> = 4>
> <000000> < cert[0] = Serial

number:
> 246526388047040191922181
> Issuer:C=US, ST=Texas, L=McKinney, O=Experian-Scorex, OU=Support,

CN=TransactWebCertificate
> Subject:C=US, ST=Texas, L=McKinney, O=Experian-Scorex, OU=Support,

CN=205.174.35.197
> Not Valid Before:Thu Jul 03 11:32:43 EDT 2003
> Not Valid After:Sat Jul 03 11:42:43 EDT 2004
> Signature Algorithm:SHAwithRSA
> >

> <000000>
4>
> <000000>
incomplete>
> <000000>
returns:
> 4>
> <000000>
CERT_CHAIN_INCOMPLETE>
> <000000>
com.certicom.tls.record.alert.Alert@4d99c
> Severity: 2 Type: 42
> java.lang.Throwable: Stack trace
> at weblogic.security.utils.SSLSetup.debug(SSLSetup.ja va:245)
> at com.certicom.tls.record.alert.Alert.(Unknown Source)
> at

com.certicom.tls.record.handshake.HandshakeHandler .fireAlert(Unknown
> Source)
> at

com.certicom.tls.record.handshake.ClientStateRecei vedServerHello.handle(Unkn
own
> Source)
> at

com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMessage(Un
known
> Source)
> at

com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMessages(U
nknown
> Source)
> at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown

Source)
> at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
> at

com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknown
> Source)
> at

com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Unknown
> Source)
> at com.certicom.tls.record.WriteHandler.write(Unknown Source)
> at

java.io.BufferedOutputStream.flushBuffer(BufferedO utputStream.java:67)
> at

java.io.BufferedOutputStream.flush(BufferedOutputS tream.java:125)
> at java.io.FilterOutputStream.flush(FilterOutputStrea m.java:121)
> at

weblogic.net.http.HttpURLConnection.writeRequests( HttpURLConnection.java:97)
> at

weblogic.net.http.HttpURLConnection.getInputStream (HttpURLConnection.java:28
4)
> at

java.net.HttpURLConnection.getResponseCode(HttpURL Connection.java:235)
> at

weblogic.net.http.HttpURLConnection.getResponseCod e(HttpURLConnection.java:6
62)
> at

com.juniper.core.util.HTTPHelper.sendPostData(HTTP Helper.java:499)
> at

com.juniper.core.util.HTTPHelper.sendPostData(HTTP Helper.java:413)
> at com.juniper.utility.scorex.ScorexDAO.post(ScorexDA O.java:1516)
> at

com.juniper.utility.scorex.ScorexDAO.getApplicatio nResponse(ScorexDAO.java:1
769)
> at com.juniper.utility.scorex.ScorexDAO.apply(ScorexD AO.java:320)
> at

com.juniper.bus.decision.vdao.DecisionScorexDAO.ap ply(DecisionScorexDAO.java
:108)
> at

com.juniper.bus.decision.JuniperScorexDAO.apply(Ju niperScorexDAO.java:40)
> at

com.juniper.bus.decision.DecisionBO.decisionApplic ation(DecisionBO.java:161)
> at

com.juniper.bus.decision.ejb.DecisionBean.decision Application(DecisionBean.j
ava:71)
> at

com.juniper.bus.decision.ejb.DecisionBean_afavb0_E OImpl.decisionApplication(
DecisionBean_afavb0_EOImpl.java:100)
> at com.juniper.bus.apply.ApplyBO.decision(ApplyBO.jav a:588)
> at com.juniper.bus.apply.ApplyBO.process(ApplyBO.java :169)
> at com.juniper.bus.apply.ejb.ApplyBean.process(ApplyB ean.java:89)
> at

com.juniper.bus.apply.ejb.ApplyBean_11sitq_EOImpl. process(ApplyBean_11sitq_E
OImpl.java:314)
> at

com.juniper.app.apply.web.action.ApplicationAction .confirmAction(Application
Action.java:279)
> at

com.juniper.app.apply.web.action.ApplicationAction .perform(ApplicationAction
..java:100)
> at

org.apache.struts.action.ActionServlet.processActi onPerform(ActionServlet.ja
va:1786)
> at

org.apache.struts.action.ActionServlet.process(Act ionServlet.java:1585)
> at

org.apache.struts.action.ActionServlet.doPost(Acti onServlet.java:509)
> at javax.servlet.http.HttpServlet.service(HttpServlet .java:760)
> at javax.servlet.http.HttpServlet.service(HttpServlet .java:853)
> at

weblogic.servlet.internal.ServletStubImpl$ServletI nvocationAction.run(Servle
tStubImpl.java:1058)
> at

weblogic.servlet.internal.ServletStubImpl.invokeSe rvlet(ServletStubImpl.java
:401)
> at

weblogic.servlet.internal.ServletStubImpl.invokeSe rvlet(ServletStubImpl.java
:306)
> at

weblogic.servlet.internal.WebAppServletContext$Ser vletInvocationAction.run(W
ebAppServletContext.java:5445)
> at

weblogic.security.service.SecurityServiceManager.r unAs(SecurityServiceManage
r.java:780)
> at

weblogic.servlet.internal.WebAppServletContext.inv okeServlet(WebAppServletCo
ntext.java:3105)
> at

weblogic.servlet.internal.ServletRequestImpl.execu te(ServletRequestImpl.java
:2588)
> at weblogic.kernel.ExecuteThread.execute(ExecuteThrea d.java:213)
> at weblogic.kernel.ExecuteThread.run(ExecuteThread.ja va:189)
> >

> <000000>
0 length
> = 2>
> <000000>
> <000000>
handshake,
> stack trace follows
> javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or

unuseable
> certificate was received.
> at

com.certicom.tls.interfaceimpl.TLSConnectionImpl.f ireException(Unknown
> Source)
> at

com.certicom.tls.interfaceimpl.TLSConnectionImpl.f ireAlertSent(Unknown
> Source)
> at

com.certicom.tls.record.handshake.HandshakeHandler .fireAlert(Unknown
> Source)
> at

com.certicom.tls.record.handshake.HandshakeHandler .fireAlert(Unknown
> Source)
> at

com.certicom.tls.record.handshake.ClientStateRecei vedServerHello.handle(Unkn
own
> Source)
> at

com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMessage(Un
known
> Source)
> at

com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMessages(U
nknown
> Source)
> at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown

Source)
> at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
> at

com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknown
> Source)
> at

com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Unknown
> Source)
> at com.certicom.tls.record.WriteHandler.write(Unknown Source)
> at

java.io.BufferedOutputStream.flushBuffer(BufferedO utputStream.java:67)
> at

java.io.BufferedOutputStream.flush(BufferedOutputS tream.java:125)
> at java.io.FilterOutputStream.flush(FilterOutputStrea m.java:121)
> at

weblogic.net.http.HttpURLConnection.writeRequests( HttpURLConnection.java:97)
> at

weblogic.net.http.HttpURLConnection.getInputStream (HttpURLConnection.java:28
4)
> at

java.net.HttpURLConnection.getResponseCode(HttpURL Connection.java:235)
> at

weblogic.net.http.HttpURLConnection.getResponseCod e(HttpURLConnection.java:6
62)
> at

com.juniper.core.util.HTTPHelper.sendPostData(HTTP Helper.java:499)
> at

com.juniper.core.util.HTTPHelper.sendPostData(HTTP Helper.java:413)
> at com.juniper.utility.scorex.ScorexDAO.post(ScorexDA O.java:1516)
> at

com.juniper.utility.scorex.ScorexDAO.getApplicatio nResponse(ScorexDAO.java:1
769)
> at com.juniper.utility.scorex.ScorexDAO.apply(ScorexD AO.java:320)
> at

com.juniper.bus.decision.vdao.DecisionScorexDAO.ap ply(DecisionScorexDAO.java
:108)
> at

com.juniper.bus.decision.JuniperScorexDAO.apply(Ju niperScorexDAO.java:40)
> at

com.juniper.bus.decision.DecisionBO.decisionApplic ation(DecisionBO.java:161)
> at

com.juniper.bus.decision.ejb.DecisionBean.decision Application(DecisionBean.j
ava:71)
> at

com.juniper.bus.decision.ejb.DecisionBean_afavb0_E OImpl.decisionApplication(
DecisionBean_afavb0_EOImpl.java:100)
> at com.juniper.bus.apply.ApplyBO.decision(ApplyBO.jav a:588)
> at com.juniper.bus.apply.ApplyBO.process(ApplyBO.java :169)
> at com.juniper.bus.apply.ejb.ApplyBean.process(ApplyB ean.java:89)
> at

com.juniper.bus.apply.ejb.ApplyBean_11sitq_EOImpl. process(ApplyBean_11sitq_E
OImpl.java:314)
> at

com.juniper.app.apply.web.action.ApplicationAction .confirmAction(Application
Action.java:279)
> at

com.juniper.app.apply.web.action.ApplicationAction .perform(ApplicationAction
..java:100)
> at

org.apache.struts.action.ActionServlet.processActi onPerform(ActionServlet.ja
va:1786)
> at

org.apache.struts.action.ActionServlet.process(Act ionServlet.java:1585)
> at

org.apache.struts.action.ActionServlet.doPost(Acti onServlet.java:509)
> at javax.servlet.http.HttpServlet.service(HttpServlet .java:760)
> at javax.servlet.http.HttpServlet.service(HttpServlet .java:853)
> at

weblogic.servlet.internal.ServletStubImpl$ServletI nvocationAction.run(Servle
tStubImpl.java:1058)
> at

weblogic.servlet.internal.ServletStubImpl.invokeSe rvlet(ServletStubImpl.java
:401)
> at

weblogic.servlet.internal.ServletStubImpl.invokeSe rvlet(ServletStubImpl.java
:306)
> at

weblogic.servlet.internal.WebAppServletContext$Ser vletInvocationAction.run(W
ebAppServletContext.java:5445)
> at

weblogic.security.service.SecurityServiceManager.r unAs(SecurityServiceManage
r.java:780)
> at

weblogic.servlet.internal.WebAppServletContext.inv okeServlet(WebAppServletCo
ntext.java:3105)
> at

weblogic.servlet.internal.ServletRequestImpl.execu te(ServletRequestImpl.java
:2588)
> at weblogic.kernel.ExecuteThread.execute(ExecuteThrea d.java:213)
>
>
>
>
>