untrusted cert chains
Hi,
I have installed SSL 3 on my IIS server. Am trying to connect to the server with my java code. When i connect to the sever using HTTPSURLConnection it gives me this error. Then i imported the certificate of the server using keytool but still it was giving me the same error. No when i again try to import it it gives the error "KeyStore was tampered".
Can anyone please tell me what is the correct way to connect to the server using jsse.
thanX
-Vaijayanti
Hi Vaijayanthi,
If you are getting keytool error: java.io.IOException: Keystore was tampered this error--> try deleting the keystore file and re-creating it .
FOR EXAMPLE:
Please go through the following URL to how to create the ketstore:
http://xml.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_SSL.html
IF there is still problems please post the full error message you are getting.
Hope this will help you.
Regards,
Anil.
Technical Support Engineer.
Hi,
If you are getting untrusted server sert chain error, then there will be a problem with the certificate being received from the remote server or cllient. Check that your trust store contains the certificate of the remote macine or the CA that signed it and that the certificate has not expired.
Hope this will help you.
Regards,
Anil.
ThanX a lot Anil,Now my code is running. Actually the way i was importing the certificate was wrong. But now it is working fine. Thanks again.-Vaijayanti
How have you solved this problem ? Because I've got one too and can't do anything whit it.Thank you.
Hi Anil,
I got similar problem with JSSE.
Basically i want to get a page from the https server.
I am using URL class to get the page. I have set the truststore properties and handler.pkgs . This is working fine before the PKI is enabled. If i enable the PKI in the server i am getting
Connection aborted by peer : socket write error
what could be the reason?. any suggestions?.
thanks
kumar
hi,
1. Make sure JSSE is installed properly.
2. Import the certificate in the keystore with the command
keytool -import -file "cert name" -keystore "c:\jdk1.3\jre\lib\security\cacerts"
2. U may get the problem while running the code if threre are more than one JRE installed. So there may be more than one cacerts file on ur machine and on runtime it may be picking the cacerts file from the wrong path.
3. Run the code. This is the sample code
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
Security.addProvider(
new com.sun.net.ssl.internal.ssl.Provider());
URL url = new URL("your url");
HttpsURLConnection con = (HttpsURLConnection)url.openConnection();
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
Try this. Hope this will help u. If if is giving error as keystore has tampered replace the cacerts with jssecacerts
-Vaijayanti
hi,Thanks for the suggestions but unfortunately that is not the problem.As i said earlier everything working fine if i turn off the PKI in the apache. Problem is only when i turn on the PKI in the apache. Any suggestions?.thankskumar
