Certificate not Trusted error

Hello,

My site is hosted with IX webhosting. I bought SSL thru them and they installed SSL for me. SSL seems to be working ok from the browser.

https://www.airlineoperationsgroup.com/test.html

The site have a payment system that makes payments via a payment gateway provider. The problem occurs when the payment gateway application try to send a payment status back to our website via the SSL. This only happens when the payment gateway application try to access our website via SSL link, so you won’t be able to see the error by just going to https using a web browser. The payment gateway provider claims that the Root Certificate has not been installed properly. The error that they got is

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted

I have contacted IX webhosting and reported the problem, but they said eveything seems to be Ok on their side…

I have no idea of what is really going on with this. Could someone help me to verify if the certificate is installed correctly by viewing certificate info via web browser?

Thanks,
Toey

Hi Toey,

My thought would be this…and by the way the certificate/site looks fine in Firefox.

The certificate you are using is a EssentialSSL certificate, which is signed from the ‘COMODO Certification Authority’.
The ‘COMODO Certification Authority’ was issued in 2006.
So…your ‘payment gateway application’ may not have that ‘trusted root’ in its root store, and maybe there is an update to the root store of the application that needs loading.
That would be where I would start in resolving this issue.

Garry

Garry is absolutely correct. I’ve run an installation check from our system and the root and intermediate certificates are all installed correctly on your web server. I also notice that the payment gateway is a Java platform. If it is an older iteration of Java, it may not even have the Addtrust and UTN root and intermediate certs in it’s trusted root store, nevermind the Comodo Certification Authority. The key to getting it to work properly will be getting the payment gateway operator to update the root store on their side.

Gary & Richards,

Thank you very much for your help. I appreciate it.

I will forward this to my payment gateway provider.

Toey

(R)

Last question…

May be a dumb question… sorry I am really new to SSL thing…

If my payment gateway provider doesn’t have those Addtrust and UTN root and intermediate certs in their trusted root, where can they get the certificates?
IX didn’t send me any certificates because they installed it for me. So, should I ask IX to send me those certificates?
Should they be able to save/export it from web browser? (IE 7 have an option to export certificates)

Thanks,
Toey

Hi,

The Addtrust and UTN root have been around a very long time and ‘should’ already be in the root store.

They are the same certificates that you find in the root store of the browser you use.

Garry

The payment gateway provider asked me to send the certificates. I asked for the certificates from IX and sent to the payment gateway provider, but they still can’t get it to work… :frowning: I guess there is nothing I can do except waiting for them to resolve the problem…

Thanks for all your help!
Toey

Toey,

Our root certificate started showing up in Java 1.5x. Do you happen to know the exact version that is being used on either end? This is vital.