No trusted certificate found

As posted under a different topic, "Punchout Error" from Jay Riddle: Q: When I punchout to vendors which use secure http (https) I get this diagnostic. What does it mean? com.ibm.jsse2.util.h: No trusted certificate found A: Essentially this means that the webserver used to host your Remote Punchout Servlet needs to be configured to support the HTTPS protocol with this vendor. IBM Websphere Application Server (WAS) version 6.1.x has increased security compared to version 6.0.x and by default does not connect to sites which have not been explicitly allowed for. The instructions below should be sufficient to configure your WAS server: 1. Log in to WebSphere admin console 2. Click Security > SSL certificate and key management 3. Click "Manage endpoint security configurations" 4. In the "Inbound" section, click on the item that has "CellDefaultSSLSettings" in the name 5. Click on "Key stores and certificates" 6. Click "CellDefaultTrustStore" 7. Click "Signer certificates" 8. Click "Retrieve from port" 9. In the "Host" field, enter the URL representing the site, without the protocol identifier; e.g., "PunchoutVendorURL.com" 10. In the "Port" field, enter "443" (the default HTTPS port) -or- a vendor-provided non-standard port number. 11. In the alias field, enter the same value used in step 9 above, -or- a descriptive name for the vendor, such as "My_test" 12. Click "Retrieve signer information" You should then see a "Retrieved signer information" section with data about the certificate. 13. Click OK 14. Restart the WebSphere application server == END ==

Thanks for your. When I clicked on "Retrieve signer information", I got error message as "CWPKI0661E: Unable to get certificate signer information from hostname "www-01.ibm.com" and port "443". Verify hostname and port are correct."  Please advice what should I look for the cause?

The diagnostic seems fairly clear - it would appear that the URL (and/or port number) you used is not correct, as per the diagnostic. Why not try simply "www.ibm.com" and see what happens. -Dwight

Thanks for the reply. URL is provided by vendor.

Since the vendor provided you with the URL which resulted in the " "CWPKI0661E: Unable to get certificate signer information from hostname "www-01.ibm.com" and port "443". Verify hostname and port are correct." diagnostic I would suggest you bring this to the vendor's attention.

Is the vendor IBM? If not, that might be part of the problem...it's looking to www-01.ibm.com ...

Yes. this is from IBM. IBM gave us the URL to connect to their b2b site using ssl.

I read a post recently indicating that if you already have a certificate installed for that host, this message will be displayed. It doesn't have anything to do with not being able to connect. As a sanity check, try connect to the site with your browser on the indicated port and see if you get an SSL-encrypted response.