Geeks With Blogs

@vonlar
  • vonlar Forcing me to use your website to send you work is NOT a good way of doing business. Try integrating email into your work process #fail about 1591 days ago
  • vonlar Absolutely LOVE Outlook 2010. The whole thread thing is hugely productive, although I'm scared of hitting the ignore button about 1591 days ago
  • vonlar @ferventcoder wow you mean Kansas actually has programmers? ;) I thought all they had were tornados, and houses with witch feet under them. about 1591 days ago
  • vonlar @CalebJenkins Dude, I would so make a special trip to D-town just for the free tickets! :) about 1591 days ago
  • vonlar My new Twitter handle is now @_RandyWalker !! Hope it's easier to use for every1 about 1591 days ago
  • vonlar @ferventcoder Things are fantastic on this end, thanks for asking. How's Tulsa? about 1591 days ago
  • vonlar Wasting my day away trying to create an SSL Cert. about 1592 days ago

News Add to Technorati Favorites
Randy Walker Entrepreneur, VB MVP

Having done some thorough research with code signing certifications and SSL certs, am I wrong in thinking that FedEx has royally screwed up?  I had to double and triple check that the link provided wasn’t a phishing attack of some sort, and it all looks valid.  Forcing your customers to install a cert that doesn’t have a root already installed in Windows is major trouble!  Why would VeriSign sell FedEx such a crappy product?

I have a cheap Comodo SSL cert for my Exchange server, and it wreaks all sorts of havok when connecting my Windows Mobile device to it.  Someone has made a very poor decision, or perhaps I’m missing something.

Dear Valued FedEx Customer:

Please ensure that your appropriate team members (e.g., Application Server Administrators) are aware of the following FedEx planned update:

Chained Secure Socket Layer (SSL) Test Certificate Update

In order to maintain customer confidence in our Web connections, FedEx is renewing our SSL certificate with VeriSign, a trusted certificate holding authority.  FedEx moved to a chained SSL certificate type for our test environment on Mar. 19, 2009, and will move for our production environment on Aug. 1, 2009.  This transition is due to the FedEx certificate holding authority transitioning from non-chained to chained Web server SSL certificates.

Customers using custom interfacing applications will need to verify that their systems support chained certificates.  For web servers that do not support chained certificates, administrators should contact their server software provider for technical assistance.  If you are unsure whether your application works with chained certificates, it is recommended that you test your application in the FedEx test environment.  Applications should be redirected to gatewaybeta.fedex.com for testing. 

Customers needing a local copy of the FedEx test certificate installed on their system can download the updated certificate here or by typing the link http://fedex.com/us/developer/downloads/dev_cert.zip into your browser.  A separate certificate will need to be installed for production.  We will notify you when the production certificate is available for download.  FedEx supplied API clients (e.g., ATOM) are not affected by these changes.

If you have any questions or need technical assistance, please contact the FedEx Help Desk at 1.877.339.2774 or send an e-mail to websupport@fedex.com.

Thank you for choosing FedEx.

The FedEx Web Integration Solutions Team

Posted on Friday, March 20, 2009 12:41 PM | Back to top


Comments on this post: New FedEx SSL Cert is bound to cause problems

# re: New FedEx SSL Cert is bound to cause problems
Requesting Gravatar...
I had that same letter run across my desk today. A bit of a shocker. I don't any great knowledge about this but as best I can tell this only matters if you have a third party app that connects with FedEx. The certificate for FedEx's website was just renewed two months ago with a CA root of Verisign. I am hopeful this won't effect the stuff we do with FedEx on the web.
Left by Joshua P on Mar 26, 2009 6:55 PM

# re: New FedEx SSL Cert is bound to cause problems
Requesting Gravatar...
What a pain in the back.
I put my test site together, tested everything. After two days my demo broke in front of my client. The Fedex Web Service just returned a generic error, doesn't even tell me it's the SSL issue.

I am still having trouble with the Chained Secure Socket Layer SSL Cert.

Let me know if anyone has instruction how to update the cert.
Left by Nelson C on Mar 28, 2009 10:05 PM

# re: New FedEx SSL Cert is bound to cause problems
Requesting Gravatar...
i trying to add fedex web service into my application when i add that into my web reference it give me these error msg

<faultcode>soapenv:Client</faultcode>
<faultstring>[ALSB Transform:382516]Failed to evaluate expression for callout to java method "public static final java.lang.String com.fedex.nxgen.base.v1.util.InternalTransactionId.doCreateId(java.lang.String,java.lang.String)". Argument index: 2, exception: Result of expression is null or empty array</faultstring>
can you please help in this
Regards
Baskar
Left by Baskar on Jun 30, 2009 7:20 AM

# re: New FedEx SSL Cert is bound to cause problems
Requesting Gravatar...
I'm using godaddy for hosting services and they don't support Chained Certificates and at this time there is not talks to support them. So anyone using fedex and godaddy is just out of luck.
Left by kevin on Aug 12, 2009 3:35 PM

# re: New FedEx SSL Cert is bound to cause problems
Requesting Gravatar...
Just got off the phone with Curt at FedEx. He and his cohort came up with the following to install the other intermediate certs via a command line prompt:

c:\CFusionMX7\runtime\jre\bin>keytool -import -trustcacerts -file intermediate.pem -alias gateway.fedex.com -keystore ..\lib\security\cacerts

c:\CFusionMX7\runtime\jre\bin>keytool -import -trustcacerts -file gateway.pem -alias versignclass3ca2 -keystore ..\lib\security\cacerts

We copied the cert files into the directory and then used these dos commands to install. The cannot be installed using MMC (Microsoft Management Console)

The caveat here is that it worked on our set up:

Windows 2003
IIS 6
ColdFusion

Curt had mentioned with all of the other server set ups, use of technology, etc., there is no single silver bullet to this. This is just one way to skin the cat.
Left by Kurt Eherenman on Aug 14, 2009 2:56 PM

# re: New FedEx SSL Cert is bound to cause problems
Requesting Gravatar...
When I trying to install the other intermediate certs via a command line prompt it ask for the
Enter keystore password:

What would be that.

I have downloaded the SSL from fedex site and got three files in th zip..
1. intermediate.pem
2. gateway.pem
3. gateway.p7c

Please help me in installing these certs.
We are using Java We services.

-Rohit
Left by Rohit on Sep 01, 2010 8:25 AM

Your comment:
 (will show your gravatar)
 


Copyright © Randy Walker | Powered by: GeeksWithBlogs.net | Join free