Hello everybody,
I would like to use a Java Client (Internet Payment Gateway) from TeleCash / First Data with Lucee 5.2.9.31.
The use of the Java Classes by creating CF objects in Lucee is working well.
In addition to various certificates, the client requires the use of a special truststore, which is delivered with the client.
If I try to connect to the TeleCash web service, I get the error:
Lucee 5.2.9.31 Error (javax.net.ssl.SSLHandshakeException)
Message
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Therefore, I suspect that Lucee wants to access the truststore to validate the certificates, which does not work because it is not known to Lucee.
After unsuccessfully trying to bind the truststore.jks file with -Djavax.net.ssl.trustStore / -Djavax.net.ssl.trustStorePassword to the JVM, I found that Lucee uses its own truststore, which is located in the file lucee-server/context/security/cacerts.
When I try to add the TeleCash truststore.jks with
sudo keytool -import -trustcacerts -file truststore.jks -also TeleCash -keystore cacerts
I get the error message: Keytool error: java.lang.Exception: Input no X.509 certificate
That’s ok because there are no X.509 certificates in the truststore.jks file.
My question:
How can I bind the TeleCash truststore.jks to Lucee so I can use the TeleCash Java Client with Lucee?
For anyone who has to do an SSL certificate integration with Lucee. I struggled with this integration.
This solution worked for me. I did not know Lucee had a SSL Certificate installation tool. In my case I am setting up Authorize.net. This year they moved to Cloudfront and had a 5 step rollout. Things went well until step 4b. We had to install new SSL certificates for Authorize.net. The documentation was terrible and did not work. Calling Authorize.net I spoke with two people who could not help me and suggested I go to the community forum where others had the same issue.
To resolve the issue in Lucee please do the following:
Log into the Administrator for Server (not Web).
Go to SSL Certificates under Services.
Under Host enter entrust.net and click install.
Everything suddenly started working for me.
I believe that this tool installs the certificate into the JRE for Lucee. Windows installation of those certificates doesn’t do that apparently.
My verbose response is in hopes search engines will pick up on this and help others. Errors I ran into included:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target,
truststore, keystore, cacerts
I was tring to install ssl certificates on Windows.