We are in the process of writing an interface for credit card prepayment authorizations in sales order. Our solution will go through business services and consume a third-party wsdl for cc authorization/settlement. The wsdl is accessed through a non-authenticated SSL session and we are not required to have a certificate. When the developer runs the sales order locally on his machine, he can enter our proxy server information in jdeveloepr and the response is successful and an authorization code is returned.

We have deployed his code to the bssv server and, per Oracle, entered the proxy server information in the jdeinterop.ini. However, the request fails with the following error -

CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN "signer info here" was sent from target host:port "signerwebsite:443". The signer may need to be added to local trust store "D:/IBM/WebSphere/AppServer/profiles/AppSrv01/config/cells/usatxmdrj16Node01Cell/nodes/usatxmdrj16Node01/trust.p12" located in SSL configuration alias "NodeDefaultSSLSettings" loaded from SSL configuration file "security.xml". The extended error message from the SSL handshake exception is: "No trusted certificate found".

In this scenario, does our WebSphere bssv server need to be setup with SSL in order to access the https website? Or can that be handled through the proxy server once it leaves our internal network, like it does when we run locally?

Thanks, John

8.12,, Oracle, Sun, WAS
Re: BSSV & SSL - Paymentech

For future reference -

We were able to solve the issue without having to enable SSL in WebSphere. We had to add the sending signer to the local trust store on our bssv server, open up port 443 for this server on the firewall and restart bssv services. Then we were able to access paymentech's website from business services.

Here are the instructions for adding the signer to the trust store -

In the WebSphere administrative console, find the sending server truststore. Go to signer certificates, add from Port, and connect directly to the target host and port, which are indicated in the message, to retrieve the signer directly into the truststore.