Callback URL Cert problem

Email lists > Google Checkout API integration

Thread: Callback URL Cert problem

Search this list only Search all lists
Callback URL Cert problem
United States	2007-10-04 11:57:31
I'm getting this error from Google: //MESSAGE FROM GOOGLE We encountered an error trying to access your server at https://www.chooserenewables.com/xcart/payment/ps _gcheckout.php -- the error we got is: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: basic constraints check failed: pathLenConstraint violated - this cert must be the last cert in the certification path //END MESSAGE FROM GOOGLE Below is my output for testing the cert and it all looks correct to me with the root cert->intermediary cert->website cert. Any idea what is going on? thanks... #PROMPT: openssl s_client -connect www.chooserenewables.com:443 - showcerts < /dev/null CONNECTED(00000003) depth=2 /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/O=www.chooserenewables.com/OU=Domain Control Validated/ CN=www.chooserenewables.com i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http:// certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 -----BEGIN CERTIFICATE----- MIIFEjCCA/qgAwIBAgIDQAnvMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQG EwJV ...more cert lines... 7i+WJziRDDuLLY7R6KZQJCNxXXycd8/DyNuyXLOTivWcqz52WBb9LE2falBx Ekjp qpB3r52N -----END CERTIFICATE----- 1 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com// emailAddress=infovalicert.com -----BEGIN CERTIFICATE----- MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcT G1Zh ...more cert lines... SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw== -----END CERTIFICATE----- 2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http:// certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority -----BEGIN CERTIFICATE----- MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMC VVMx ...more cert lines... qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsX BTWV U+4= -----END CERTIFICATE----- --- Server certificate subject=/O=www.chooserenewables.com/OU=Domain Control Validated/ CN=www.chooserenewables.com issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http:// certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 --- No client certificate CA names sent --- SSL handshake has read 4401 bytes and written 340 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: B0D99397937200B11A0E872DF8B216842DA07FC26D4F657576AB41591F7B 1A18 Session-ID-ctx: Master-Key: BBF4B6677153E9522E3A8F0F8FBDEF0989D9C0031368A239046B08949776 26863AFCE83032AA5D44904CE75A28F0A7F8 Key-Arg : None Krb5 Principal: None Start Time: 1191516011 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) --- DONE --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "API Integration Basics" group. To post to this group, send email to google-checkout-api-integrationgooglegroups.com To unsubscribe from this group, send email to google-checkout-api-integration-unsubscribegooglegroups.com For more options, visit this group at http://groups.google.com/group/google-checko ut-api-integration?hl=en -~----------~----~----~----~------~----~------~--~---

Re: Callback URL Cert problem
United States	2007-10-04 14:18:18
Hi It looks like you have an unnecessary intermediate certificate or reversed intermediate and root. Your current hierarchy is: go daddy class 2 ca -> go daddy secure cert valicert -> go daddy class 2 go daddy secure cert -> domain You could should restructure it to the following go daddy class 2 ca -> go daddy secure cert go daddy secure cert -> domain -Peng On Oct 4, 9:57 am, ricozinn <ricoz...gmail.com> wrote: > I'm getting this error from Google: > //MESSAGE FROM GOOGLE > We encountered an error trying to access your server athttps://www.chooserenewables.com/xcart/payment/ ps_gcheckout.php-- the > error we got is: sun.security.validator.ValidatorException: PKIX path > validation failed: java.security.cert.CertPathValidatorException: > basic constraints check failed: pathLenConstraint violated - this cert > must be the last cert in the certification path > //END MESSAGE FROM GOOGLE > > Below is my output for testing the cert and it all looks correct to me > with the root cert->intermediary cert->website cert. Any idea what is > going on? > > thanks... > > #PROMPT: openssl s_client -connectwww.chooserenewables.com:443- > showcerts < /dev/null > CONNECTED(00000003) > depth=2 /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 > Certification Authority > verify error:num=20:unable to get local issuer certificate > verify return:0 > --- > Certificate chain > 0 s:/O=www.chooserenewables.com/OU=DomainControl Validated/ > CN=www.chooserenewables.com > i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http:// > certificates.godaddy.com/repository/CN=Go Daddy Secure Certification > Authority/serialNumber=07969287 > -----BEGIN CERTIFICATE----- > MIIFEjCCA/qgAwIBAgIDQAnvMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQG EwJV > ...more cert lines... > 7i+WJziRDDuLLY7R6KZQJCNxXXycd8/DyNuyXLOTivWcqz52WBb9LE2falBx Ekjp > qpB3r52N > -----END CERTIFICATE----- > 1 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 > Certification Authority > i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class > 2 Policy Validation Authority/CN=http://www.valicert.com// > emailAddress=i...valicert.com > -----BEGIN CERTIFICATE----- > MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcT G1Zh > ...more cert lines... > SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw== > -----END CERTIFICATE----- > 2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http:// > certificates.godaddy.com/repository/CN=Go Daddy Secure Certification > Authority/serialNumber=07969287 > i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 > Certification Authority > -----BEGIN CERTIFICATE----- > MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMC VVMx > ...more cert lines... > qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsX BTWV > U+4= > -----END CERTIFICATE----- > --- > Server certificate > subject=/O=www.chooserenewables.com/OU=DomainControl Validated/ > CN=www.chooserenewables.com > issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http:// > certificates.godaddy.com/repository/CN=Go Daddy Secure Certification > Authority/serialNumber=07969287 > --- > No client certificate CA names sent > --- > SSL handshake has read 4401 bytes and written 340 bytes > --- > New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA > Server public key is 1024 bit > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1 > Cipher : DHE-RSA-AES256-SHA > Session-ID: > B0D99397937200B11A0E872DF8B216842DA07FC26D4F657576AB41591F7B 1A18 > Session-ID-ctx: > Master-Key: > BBF4B6677153E9522E3A8F0F8FBDEF0989D9C0031368A239046B08949776 26863AFCE83032AA5D44904CE75A28F0A7F8 > Key-Arg : None > Krb5 Principal: None > Start Time: 1191516011 > Timeout : 300 (sec) > Verify return code: 20 (unable to get local issuer certificate) > --- > DONE --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "API Integration Basics" group. To post to this group, send email to google-checkout-api-integrationgooglegroups.com To unsubscribe from this group, send email to google-checkout-api-integration-unsubscribegooglegroups.com For more options, visit this group at http://groups.google.com/group/google-checko ut-api-integration?hl=en -~----------~----~----~----~------~----~------~--~---

Re: Callback URL Cert problem
	2007-10-05 16:13:55

Do you have any idea how to restructure it using Apache?  I've installed these certs before in apache, but never even considered the structure like this. ; Is there any documention on that, or what is the appropriate keywords to google for? Thanks.   On 10/4/07, GoogleCheckoutDevProPeng < Checkout-Dev-Pro+Penggoogle.com">Checkout-Dev-Pro+Penggoogle.com> wrote: Hi It looks like you have an unnecessary intermediate certificate or reversed intermediate and root. ; Your current hierarchy is: go daddy class 2 ca -> go daddy secure cert valicert -> go daddy class 2 go daddy secure cert -> domain You could should restructure it to the following go daddy class 2 ca -> go daddy secure cert go daddy secure cert -> domain -Peng On Oct 4, 9:57 am, ricozinn < ricoz...gmail.com">ricoz...gmail.com> wrote: >; I'm getting this error from Google: > //MESSAGE FROM GOOGLE > We encountered an error trying to access your server athttps://www.chooserenewables.com/xcart/payment/ps_gcheckout.php-- the > error we got is: sun.security.validator.ValidatorException: PKIX path > validation failed: java.security.cert.CertPathValidatorException: > basic constraints check failed: pathLenConstraint violated - this cert > must be the last cert in the certification path > //END MESSAGE FROM GOOGLE >; > Below is my output for testing the cert and it all looks correct to me > with the root cert->intermediary cert->website cert. ; Any idea what is > going on? > > thanks... > > #PROMPT: openssl s_client - connectwww.chooserenewables.com:443- >; showcerts < /dev/null > CONNECTED(00000003) > depth=2 /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 > Certification Authority > verify error:num=20:unable to get local issuer certificate > verify return:0 > --- > Certificate chain > ;0 s:/O=www.chooserenewables.com/OU=DomainControl Validated/ > CN= www.chooserenewables.com > ;  i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http:// > certificates.godaddy.com/repository/CN=Go Daddy Secure Certification > Authority/serialNumber=07969287 > -----BEGIN CERTIFICATE----- > MIIFEjCCA/qgAwIBAgIDQAnvMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJV > ...more cert lines... > 7i+WJziRDDuLLY7R6KZQJCNxXXycd8/DyNuyXLOTivWcqz52WBb9LE2falBxEkjp > qpB3r52N > -----END CERTIFICATE----- > ;1 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 > Certification Authority >   i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class > 2 Policy Validation Authority/CN=http://www.valicert.com// > emailAddress= i...valicert.com">i...valicert.com > -----BEGIN CERTIFICATE----- > MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh > ...more cert lines... > SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw== > -----END CERTIFICATE----- > ;2 s:/C=US/ST=Arizona/L=Scottsdale/O= GoDaddy.com, Inc./OU=http:// > certificates.godaddy.com/repository/CN=Go Daddy Secure Certification > Authority/serialNumber=07969287 >   i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 > Certification Authority > -----BEGIN CERTIFICATE----- > MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx > ...more cert lines... > qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV > U+4= > -----END CERTIFICATE----- > --- > Server certificate > subject=/O=www.chooserenewables.com/OU=DomainControl Validated/ > CN=www.chooserenewables.com > issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http:// > certificates.godaddy.com/repository/CN=Go Daddy Secure Certification > Authority/serialNumber=07969287 > --- > No client certificate CA names sent > --- > SSL handshake has read 4401 bytes and written 340 bytes > --- > New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA > Server public key is 1024 bit > Compression: NONE > Expansion: NONE > SSL-Session: >    Protocol  : TLSv1 > ;   Cipher    : DHE-RSA-AES256-SHA >   Session-ID: > B0D99397937200B11A0E872DF8B216842DA07FC26D4F657576AB41591F7B1A18 >   Session-ID-ctx: >  ; Master-Key: > BBF4B6677153E9522E3A8F0F8FBDEF0989D9C0031368A239046B0894977626863AFCE83032AA5D44904CE75A28F0A7F8 > ; Key-Arg  : None >  ; Krb5 Principal: None >  ; Start Time: 1191516011 > ; Timeout  : 300 (sec) > ;   Verify return code: 20 (unable to get local issuer certificate) > --- > DONE --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "API Integration Basics" group. To post to this group, send email to google-checkout-api-integrationgooglegroups.com To unsubscribe from this group, send email to google-checkout-api-integration-unsubscribegooglegroups.com For more options, visit this group at http://groups.google.com/group/google-checkout-api-integration?hl=en -~----------~----~----~----~------~----~------~--~---

[1-3]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists