Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Java Secure Socket Extension (JSSE)

java.security.cert.CertificateException: Untrusted Server Certificate Chain

Hello,

Even though there are several topics on this i could not avoid posting another on this. I followed all the steps which where there in the previous discussion of the same topic.

My application which is installed in SunOne App server is accessing a https site. I got the trusted CA certs from that URL and i imported that in the cacerts of the JDK, the one which the SunOne App server uses. The SunOne App server is in the Solaris box. The command i used for importing the cacerts is as follows

/usr/j2se/bin/keytool -import -alias ComodoCAPremiumCert -file /stage/CustTest/RootCA/ComodoCAPremium.b64 -keystore /usr/j2se/jre/lib/security/cacerts

I could view the certs in the cacerts. The certificate has expiry date till 2006 dec. The clock setting are fine in both the servers.

But i still get the same exception as follows.

Caught exception here: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Server Certificate Chain

Anybody please help me solve this.

Thanks in Advance

Thirumaran

[1093 byte] By [maran1977a] at [2007-10-1 3:58:50]
«« reading only Image files from a directory
»» Untrusted Server Certificate Chain
# 1
any help?
maran1977a at 2007-7-8 22:50:59 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
# 2

In my understanding, your problem might be related to the command which you used to import ca cert.

There are two different types of entries in a keystore:

1) private key and certificate 揷hain?for the corresponding public key.

2) trusted certificate: self-signed cert

If you use ?usr/j2se/bin/keytool -import -alias ComodoCAPremiumCert -file /stage/CustTest/RootCA/ComodoCAPremium.b64 -keystore /usr/j2se/jre/lib/security/cacerts? you will end up with a key entry of first type. I feel you may need the second type ?trusted cert, then you need to install root CA cert which generates https server抯 cert into your keystore.

Try ?usr/j2se/bin/keytool -import -trustcacerts -alias ComodoCAPremiumCert -file /stage/CustTest/RootCA/ComodoCAPremium.b64 -keystore /usr/j2se/jre/lib/security/cacerts?br>

It抯 worth to mention another two things:

1.find out which keystore jre are using. Run

搄ava -Djavax.net.debug=all yourClassHere?br>It will tell you where is client抯 keystore, in my case:

搕rustStore is: C:\Program Files\Java\j2re1.4.2_07\lib\security\cacerts? although I have another keystore under C:\Program Files\Java\jre\lib\security\cacerts

2.after import https server抯 root CA, you may check it to make sure it is there, by using

keytool 杔ist 朼lias yourAlias 杒eystore yourKeyStore

Reference:

http://saloon.javaranch.com/cgi-bin/ubb/ultimatebb.cgi?ubb=get_topic&f=64&t=001123

Hope it helps,

Bonnie

bonniewa at 2007-7-8 22:50:59 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
# 3
How do you get the certs from a site? I have looked all over theweb trying to figure out how to setup my cacerts file, but there isnever any mention of how to get the certificate to begin with?
wayneb64a at 2007-7-8 22:50:59 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
Security
Java Secure Socket Extension (JSSE)

Security New Topic

Security Hot Topic

Security

All Classified