Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Java Secure Socket Extension (JSSE)

IOException caught: javax.net.ssl.SSLException: untrusted server cert chain

I am trying to implement SSL into my Tomcat servlet container, but now several of my servlet calls are returning:

IOException caught: javax.net.ssl.SSLException: untrusted server cert chain

I have done everything I can think of to try and correct this issue. I have imported my certificate from Verisign and the Verisign CA certificate into the keystore. I even imported both certificates into the cacerts file, but I still get the error. I have updated the java.security file and downloaded the SSL jar files into %JAVA_HOME%\jre\lib\ext. I can't figure out why I would continue to see this error message. Are there any tools I can use to help me debug this error? Thanks.

[693 byte] By [theking75a] at [2007-10-3 2:52:14]
«« How to redirect output to a byte array?
»» Open Adobe
# 1
The client's truststore needs to trust the server's keystore. You need to export the server certs from the keystore and import them into the client's truststore.
ejpa at 2007-7-14 20:41:11 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
# 2

I thought the whole point of executing my Java servlets from Tomcat was that it made everything happen on the server side and nothing needed to happen on the client side. This is an application used by thousands of people. You mean to tell me I have to tell them all to import the certificates into their local truststore for them to still be able to use the application?

theking75a at 2007-7-14 20:41:11 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
# 3
Or else you have to provide a server certificate from an already trusted source, i.e. a certificate authority, instead of a self-signed certificate.
ejpa at 2007-7-14 20:41:11 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
# 4
This not a self-signed certificate. It was purchased from Verisign.
theking75a at 2007-7-14 20:41:11 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
# 5
Maybe it's the server not trusting the clients? Do you have wantClientAuth=true or needClientAuth=true at the server?
ejpa at 2007-7-14 20:41:11 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
Security
Java Secure Socket Extension (JSSE)

Security New Topic

Security Hot Topic

Security

All Classified