Access to add and change pages is restricted. See:

How to configure certificates

In order to use creditcard processing service, you need to import site certificates into the keystore you are using. If you havent changed the keystore, the default one should be your jdk\jre\lib\security\cacerts and the default password is changeit.


1. Download certificates, the certificates will be different if  you are using test site vs. production site. One way to download would be to go to the URL in your web browser and export the certificates into files. Make sure  you export all the certificates - at the time of writing had a chain of 3 certificates.

2. Import the certificates back into your keystore using keytool -import [certificate_path] -alias [cert_alias] -keystore [path_to_keystore]. After looking at the code the alias for main certificate seemed like it had to be AUTHORIZE_NET since thats the string thats used to look up the certificate from keystore. I havent tried using any other name for the alias, but someone probably can and post the results here.

 3. If you need to debug whats going on - you can either change log4j.xml file and add the entry for the base.util package and any other relevant package you want to debug or change file under ofbiz and make verbose=true, this will show you the details about certificates reading and checking.

  • No labels

1 Comment

  1. Unknown User (tburdeinei)

    You also need to check your permissions for these keystore- my default install had read-only to owner and nothing else.

    Check your work with keytool -list -v -keystore cacerts -storepass changeit | more

    (this is where your keystore is named cacerts and your storepass is the default changeit)

    Also - the keystore you need to add these to are your java installs keystore, NOT your ofbiz keystore

    The directions above exclude the needed -trustcacerts flag. You also need to name your aliases differently for each part of the cert chain. I had success with :

     keytool -import  -alias AUTHORIZE_NET -keystore cacerts -trustcacerts -file