This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
OlafMeuther
Commander
Commander
‎2021-01-05 14:20
280 views

REST Driver Initialization error

Jump to solution

We are using a REST-driver to provisionize user data to our procurement managment system. During the initialization of the driver the connection via OAuth2 failed with the following status message:

[01/05/21 14:33:29.860]:REST-<Provider> ST:REST-<Provider>: RESTSubscriptionShim.init()
[01/05/21 14:33:29.863]:REST-<Provider> ST:REST-<Provier>: Connecting to REST service via OAuth2
[01/05/21 14:33:29.920]:REST-<Provider> ST:SubscriptionShim.init() returned:
[01/05/21 14:33:29.921]:REST-<Provider> ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product build="20180222_0635" instance="REST-<Provider>" version="1.0.0.2">Identity Manager REST Driver</product>
<contact>NetIQ Corporation.</contact>
</source>
<output>
<status level="fatal" type="app-authentication">javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found</status>
</output>
</nds>

The certificate is situated in an java keystore we mention in the subKeystoireFile parameter and its password in the subKeystorePassoword parameter. We checked the validation of the certificate itself (it is valid until 2029).

What might cause the issue?

Thanks in advance!

Labels (1)
Labels
Reply
Report Inappropriate Content
1 Solution

Accepted Solutions
OlafMeuther
Commander
Commander
‎2021-01-06 15:23

Jump to solution

Thank you all for your help! The external firm has delivered a second certificate we had to add into the java keystore. The email was sent to the false department so that we did not get the information in time.

The incident is solved by adding the second certificate into the kaystore.

View solution in original post

Reply
Report Inappropriate Content
5 Replies
Sebastijan
Vice Admiral
Vice Admiral
‎2021-01-05 14:28

Jump to solution

As far as I know javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found means that you are missing truststore parameter (subTrustStoreFile), or that truststore does not hold trusted ca cert chain of calling party.

So this is not problem with keystore (used for mutual cert authentication), but truststore (used to verify end point certificate that you are connecting to).

Reply
Report Inappropriate Content
geoffc
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2021-01-05 17:48

Jump to solution

Generally I whack away and import the entire chain of certs up to the root (Iintermediates as well) into the cacerts and the specified keystores (all of them). I get chastisted by Steve at tiimes for it, but it is much easier than fiddling with this here, that there.

Reply
Report Inappropriate Content
cpedersen
Admiral
Admiral
‎2021-01-05 19:15

Jump to solution

Is there any other way to do it ? 🤔

0 Likes
Reply
Report Inappropriate Content
OlafMeuther
Commander
Commander
‎2021-01-06 15:23

Jump to solution

Thank you all for your help! The external firm has delivered a second certificate we had to add into the java keystore. The email was sent to the false department so that we did not get the information in time.

The incident is solved by adding the second certificate into the kaystore.

View solution in original post

Reply
Report Inappropriate Content
geoffc
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2021-01-06 15:44

Jump to solution

To summarize: The key is to get the entire certificate chain into the keystore.  When you are missing an intermediate cert you get this error. 

All your keys are belong to base, or somesuch.

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.