users@glassfish.java.net

Re: ssl n00b

From: Jeanfrancois Arcand <Jeanfrancois.Arcand_at_Sun.COM>
Date: Tue, 20 Feb 2007 12:11:27 -0500

Hi Lucas,

which version of GlassFish are you using? If you are using GlassFish v2,
can you edit ${glassfish.home}/domains/domain1/config/domain.xml:

change http-listener ...port="443: blocking-enabled="true".../>

and see if it works? If you are using v1, then this is another problem.

Thanks

-- Jeanfrancois

Lucas Jordan wrote:
> I am trying to configure an instance of glassfish to respond to
> notifications from google checkout. I have it working in 'sandbox' mode
> over port 80, but to make it work for real, it must be over port 443.
> Google says....
>
> "To implement the Notification API, you need to establish a web service
> that receives and processes Google Checkout notifications. Your web
> service must be secured by SSL v3 or TLS and must use a valid SSL
> certificate. The API callback URL that you use for your production
> account must use port 443, which is the default port for HTTPS. The API
> callback URL that you use for your Sandbox account may use either port
> 443 or port 80."
>
> when I tried to use port port 443 the google integration tools tells me:
>
> "We encountered an error trying to access your server at
> https://digitalxtractions.net/portal/notification -- the error we got
> is: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target"
>
> This is the only information I have about the error, nothing is logged
> on the server side. In my searching, this error seems to be often found
> on the client side, and has something to do with the client not being
> able trust the server. I am not sure how this translates to my
> circumstance thought, since I am an SSL n00b :)
>
> I guess what I don't understand is, is my server not trusting googles
> certs? how do I tell glassfish to accept all certs? or just those from
> google? or is google not trusting me, since I have not installed any
> certs or anything on the server? Is certificate even the right word?
>
> Any help out be awesome!
> -Lucas
>
>