1 2 3 Previous Next 36 Replies Latest reply on Sep 18, 2009 1:07 PM by 800484 Go to original post
      • 30. Re: SEC_ERROR_CA_CERT_INVALID
        807567
        I have valid CA certificate from verisign. I want to setup production like environment for testing.

        Would you please clarify me the followings:
        1. I installed certificate into web server. Let's say uat.webserver.com
        2. Does it require to export this (web server)certificate into app server or not? if so, should i change flag attributes?
        3. I dont have certificate on app server. should I generate self-signed certificate? if so, the host name would be uat.appserver.com. do i need to change flags?
        4. If step 3 is required, should i export this certificate into web server.
        • 31. Re: SEC_ERROR_CA_CERT_INVALID
          807567
          receivables wrote:
          I have valid CA certificate from verisign. I want to setup production like environment for testing.

          Would you please clarify me the followings:
          1. I installed certificate into web server. Let's say uat.webserver.com
          2. Does it require to export this (web server)certificate into app server or not? if so, should i change flag attributes?
          No, you don't need to touch web server certificate UNLESS you have configured client auth on the application server which I guess is not the case.
          3. I dont have certificate on app server. should I generate self-signed certificate? if so, the host name would be uat.appserver.com. do i need to change flags?
          Yes, install a self-signed certificate on the application server.
          4. If step 3 is required, should i export this certificate into web server.
          Yes, install the application server certificate into the web server NSS db with the right trust flags and restart the web server.
          • 32. Re: SEC_ERROR_CA_CERT_INVALID
            807567
            I have resolved yesterday itself. I did exactly what you mentioned here.

            I really appreciate for all your support and patience.
            • 33. Re: SEC_ERROR_CA_CERT_INVALID
              807567
              1. I have received a certificate from our client. I have added an entry into keystore.jks and then imported into webserver using the web admin command like wadm>migrate-jks-keycert. Is that right approach or should place these entry into application server too? We have sent our certificate to the client. We have written a java client to test handshake between our server and client machine.Could you please advise on this?

              2. In order to test verisign payment gateway through our uat environment what are the necessary steps are required. should I take certificates from the production along with verisign.jar? Please light on this.
              • 34. Re: error sending request (IO timeout error)
                807567
                Unfortunately my server was down because of this error appeared in errors log.

                failure (24446): for host x.x.x.x trying to GET /../respective page, service-http reports: HTTP7758: error sending request (IO timeout error)

                Please throw some light on this.
                • 35. Re: error sending request (IO timeout error)
                  800484
                  Do you get this error on reverse proxy server error logs? why is it timing out? Is the origin server down? Are all request to /../respective page supposed to be served by origin server?
                  • 36. Re: error sending request (IO timeout error)
                    800484
                    [Here is a link to blog about enabling client authentication in reverse proxy and origin server in Sun Web Server 7.0|http://blogs.sun.com/meena/entry/enabling_client_certificate_authentication_in]. Its easy.

                    and a blog about trust flags [http://blogs.sun.com/meena/entry/notes_about_trust_flags]
                    1 2 3 Previous Next