Super-Networking Blog

Google Checkout Cart Integration Problem

by admin on Feb.07, 2008, under Systems

I was getting the following error from Google in their Google Checkout Integration Console:

We encountered an error trying to access your server at

https://www.website.com/ (URL Path Changed)

the error we got  is: javax.net.ssl.SSLHandshakeException:

sun.security.validator.ValidatorException: PKIX path building failed:

sun.security.provider.certpath.SunCertPathBuilderException:

unable to find valid certification path to requested target

Google’s Info on Cart Integration issues is here

About this error is says:

Use a valid SSL certificate so you can receive callbacks. (If you’re only testing in the sandbox, you won’t need an SSL certificate. Feel free to use an HTTP callback URL for testing purposes.)

So you check out your certificate and it is valid, you go to your site over https and everything looks great. I read that sometimes your certificate chain can be broken so I found these instructions:

To view the current certificate chain being returned by your server:

In Firefox:
1. Navigate to your callback URL in your browser.
2. Click the lock icon in the address bar of your browser.
3. Click ‘View’ under the ‘Security’ tab.
4. Click ‘Details.’
5. Locate the current certificate chain under ‘Certificate Hierarchy.’

In Internet Explorer:
1. Navigate to your callback URL in your browser.
2. Double click the lock icon in the lower right hand corner of the status Bar in your browser.
3. Click the ‘Certification Path’ tab in the window that appears.

Additionally, you can view the current certificate chain being returned by your server by using the OpenSSL and the following command:
openssl s_client -connect {website domain}:443 -showcerts

In both Firefox and IE the chain looked fine. But both browsers have a tendency to fix a missing chain so I downloaded and installed openssl and ran that command above. Found the chain was messed up.

I went into the certificate stores on the webservers, went into Intermediate Certification Authorities only to find the CA for our SSL certificate had expired.

We had a VeriSign SSL Cert and here are the instructions on how to fix it:

https://www.verisign.com/support/ssl-certificates-support/page_dev028341.html

After doing an iisreset on all of the servers with the new CA cert everything started working. I hope this keeps some people from running into the same headaches I ran into.

:, , , , ,

415 views

Leave a Reply

Security Code:

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Your Ad Here

Visit our friends!

A few highly recommended friends...

Archives

All entries, chronologically...