Possible that the root certificate (alias: ibmroot, Serial number:
456507a5) of the SSL certificate was not installed properly in Trusted Root
Certification Authority. Please see the output of localhost.jks below. I’m
not sure where to get this root certificate as it seems not available in svn (https://dev.eclipse.org/svnroot/technology/org.eclipse.higgins/trunk/plugins/org.eclipse.higgins.sts.binding.axis1x.service/WebContent/ConfigurationFiles/).
All my local STS installations I generated my own keystore using java keytool
or openSSL. You can get step by step instructions to generate your own keystore
using java keytool at http://wiki.eclipse.org/Generating_a_Private_Key_and_a_Keystore
or using openSSL at http://www.openssl.org/docs/HOWTO/.
$ keytool.exe -v -list -keystore localhost.jks
Enter keystore password: changeit
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: leaf
Creation date: Feb 28, 2007
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=localhost, OU=Higgins, O=Eclipse, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507af
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17
21:29:57 EST 2026
Certificate fingerprints:
MD5:
71:00:6F:85:5D:50:44:88:FA:47:80:33:19:A8:51:8E
SHA1:
7D:04:95:69:A4:AD:91:ED:8D:07:8E:87:BB:33:62:04:A0:41:BC:F8
Certificate[2]:
Owner: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507a5
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57
EST 2026
Certificate fingerprints:
MD5:
91:5E:32:E4:94:F9:E7:89:84:B0:F5:C8:2E:04:4D:39
SHA1:
13:BD:DD:E9:6D:C4:3C:BE:84:E3:94:CD:97:6F:BE:59:4A:BF:62:A0
*******************************************
*******************************************
Alias name: ibmroot
Creation date: Feb 28, 2007
Entry type: trustedCertEntry
Owner: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507a5
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17
21:29:57 EST 2026
Certificate fingerprints:
MD5:
91:5E:32:E4:94:F9:E7:89:84:B0:F5:C8:2E:04:4D:39
SHA1:
13:BD:DD:E9:6D:C4:3C:BE:84:E3:94:CD:97:6F:BE:59:4A:BF:62:A0
*******************************************
*******************************************
From:
higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-bounces@xxxxxxxxxxx] On
Behalf Of Mary Ruddy
Sent: Monday, March 24, 2008 9:26 AM
To: 'Higgins (Trust Framework) Project developer discussions'
Subject: [higgins-dev] Problem running STS IdP Solution demo
The
following problem was experienced trying to run the STS IdP Solution
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Hello,
I've a problem when I try to deploy the demos "STS IdP Solution" with
the "Extensible Protocol RP Website Solution" using Cardspace.
I generate a card on the IdP, but when I want to use it on the RP, after I
select the card in Cardspace, and it tries to get the personal informations on
the IdP... Here comes this problem in the Windows Event Viewer :
"There was a failure making a WS-Trust exchange with an external
application. No suitable endpoints were found for the identity provider."
I have an internal exception saying there's a problem with the https://localhost/TokenService/services/MetadataUsernameToken
url and SSL (remote certificate not correct)...
I use the same keystore (localhost.jks) for signing cards and for ssl in tomcat
as provided in the demo.
I have not changed the ManagedConfiguration.xml of the IdP; also the
icard.properties and web.xml of the RP seem good about keystores.
I have installed certficates in IE, everything's ok on the IdP and RP web
sites, and the https://localhost/TokenService/services/MetadataUsernameToken
url reponds in IE.
Can you please help me?!!