Punchout Error

Here is how to add security certificates into WebSphere. This link is just kind of an outline and you will have to work through some details. http://publib.boulder.ibm...rievesignercert.html

Q: When I punchout to vendors which use secure http (https) I get this diagnostic. What does it mean? com.ibm.jsse2.util.h: No trusted certificate found A: Essentially this means that the webserver used to host your Remote Punchout Servlet needs to be configured to support the HTTPS protocol with this vendor. IBM Websphere Application Server (WAS) version 6.1.x has increased security compared to version 6.0.x and by default does not connect to sites which have not been explicitly allowed for. The instructions below should be sufficient to configure your WAS server: 1. Log in to WebSphere admin console 2. Click Security > SSL certificate and key management 3. Click "Manage endpoint security configurations" 4. In the "Inbound" section, click on the item that has "CellDefaultSSLSettings" in the name 5. Click on "Key stores and certificates" 6. Click "CellDefaultTrustStore" 7. Click "Signer certificates" 8. Click "Retrieve from port" 9. In the "Host" field, enter the URL representing the site, without the protocol identifier; e.g., "PunchoutVendorURL.com" 10. In the "Port" field, enter "443" (the default HTTPS port) -or- a vendor-provided non-standard port number. 11. In the alias field, enter the same value used in step 9 above, -or- a descriptive name for the vendor, such as "My_test" 12. Click "Retrieve signer information" You should then see a "Retrieved signer information" section with data about the certificate. 13. Click OK 14. Restart the WebSphere application server == END ==

Ugh - the prior example was not the 'general' instructions, but instructions specific for configuring IBM WAS 6.1 to communicate via https with GHX... For other vendors you can follow the same steps, but replacing where applicable the values for your particular vendor.

I am getting the same error but we are using Websphere 6.0.2.11.  Lawson had instructed me to use the iKeyman utility but I am not have any success.  Has anyone else had any success adding new certicates using iKeyman? We run RSS under Portal under AIX and Punchiut is on a NT server. Do I need to ad the key to the AIX Websphere or am I correct in assuming that this issue is ioslated to the Punchout server? Any suggestions would be appreciated.

It has been quite some time. I think, when I tried using iKeyman, each time the web server was restarted we would loss the keys. That is why we went with the IBM instructions on 'Retrieve from port'.... Everything has worked since then. Have you tried Dwight's earlier directions?. Here is also the link to the IBM article. http://publib.boulder.ibm...rievesignercert.html

I was able to figure it out. I had to add the new ceriticates to the cacerts file which was in the C:\Program Files\IBM\WebSphere\AppServer\java\jre\lib\security\ driectory. I will be documenting this and sending it to Lawson for those customers that are still on the old release of Webshere.

How did you update the cacerts file? Did you use ikeyman and did it prompt for a password? Thanks