What can we help you with?


000002290


3485

02/02/2022 17:12 PM

2.0

Problem Description


You received the error, "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found".

Cause


This error indicates your application does not trust the root CA (Certifying Authority) and/or the intermediate CAs of the CyberSource SSL server certificate

Resolution


To resolve this issue, you must download the root and intermediate certificates and import them into the Java KeyStore used by your application.

These instructions assume you are using Internet Explorer as your web browser.

Download the Root and Intermediate Certificates

There are 3 certificates that need to be downloaded:

  • Entrust,
  • Entrust Root Certification Authority,
  • Entrust Certification Authority - L1E.
  1. Navigate to the host your application is trying to communicate with:

For the Simple Order and SOAP Toolkit APIs

 
live transactionshttps://ics2ws.ic3.com/commerce/1.x/transactionProcessor/
test transactions https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor/

For Batch Upload (Offline Transaction File Submission)

 
live transactionshttps://batch.cybersource.com/upload/UploadBatchFile
test transactionshttps://batchtest.cybersource.com/upload/UploadBatchFile
 
  1. Select your .p12 key when prompted.

If you haven't imported your .p12 key into Internet Explorer, go to Tools > Internet Options > Content > Certificates > Import > then import your .p12 key.

Root certificate (Entrust.net Secure Server Certification Authority)

  1. Click Next > Finish.
  2. specify a filename
  3. Click View Certificate > Details > Copy to File > next > next >
  4. Click on (Select) Entrust
  5. Click on File > Properties > Certificates > Certification Path

First intermediate certificate (Entrust Root Certification Authority)

  1. Click File > Properties > Certificates > certification path
  2. select Entrust Root Certification Authority
  3. Click View Certificate > Details > Copy to File > next > next
  4. specify a filename
  5. Click next > and finish.

Second intermediate certificate (Entrust Certification Authority - L1E)

  1. Click on File > Properties > Certificates > certification path
  2. select Entrust Certification Authority - L1E > View Certificate > Details > Copy to File > next > next
  3. Specify a filename
  4. Click next > and finish.
     
 
  1. Import the certificate into your keystore. Below are *definitions followed by instructions.
         
*cybsCertAny alias of your choice. Note that aliases are unique in the keystore, so you must choose a different alias for each certificate. Suggested aliases: CybsEntrustRoot, CybsEntrustIntermediate, CybsEntrustL1E.
*JAVA_HOMEPath to your Java installation
*PATH_TO_MERCHANT_KEYSTOREPath to the keystore that you generated during the batch upload implementation
*MERCHANT_KEYSTOREName of the keystore that you generated during the batch upload implementation
*cybsCert.cerCertificate you exported from step 2
*keytoolUtility included in the Java SDK
*cacertsDefault Java keystore
  

For the Simple Order or SOAP Toolkit APIs

Type the following command without line breaks:
keytool -import -alias cybsCert -keystore JAVA_HOME/jre/lib/security/cacerts -file cybsCert.cer
 

For Batch Upload

Type the following command without line breaks:

keytool -import -alias cybsCert -keystore PATH_TO_MERCHANT_KEYSTORE/MERCHANT_KEYSTORE.jks -file cybsCert.cer

  1. Enter password for keystore. The default password is 'changeit' for cacerts (Simple Order and SOAP Toolkit APIs). Note that if you've changed the default password of cacerts then use that password instead of 'changeit'. For the batch file upload, the password is your merchant ID.
  2. Repeat steps 3 and 4 for the remaining two certificates.

You have successfully imported the certificates. If the error persists, you have updated the wrong keystore (i.e. cacerts file). Execute a 'java -version' to verify you've updated the keystore for the correct version of java you're currently running.
Many applications use a keystore different than the default cacerts file. For example, the Cybersource Batch Upload API uses a self-generated keystore following the format of .jks. The location of this keystore is specified in the properties file for the batch upload solution. Make sure this keystore is updated if you're implementing the batch upload solution

Was this article helpful?


Articles Recommended for You