Search...
FAQs Subscribe
Pie
FAQs
Recent topics Flagged topics Hot topics Best topics
Search...
Search within Security Search Coderanch
Advance search Google search
Register / Login
permaculture playing cards
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
thread boost meaningless drivel building better world book book review grid advertise on coderanch
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • paul wheaton
  • Ron McLeod
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:

SSLHandshakeException: certificate expired

 
Vijay Rastogi
Greenhorn
Posts: 2
posted 20 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Hi

We are trying to establish SSL connection to a secure web application from another application and both the applications are
running in WAS4.0.7. We are getting SSLHandShake exception while trying to get the data in https mode but if we make a connection in http mode, we are successfully able to retrieve the data.

javax.net.ssl.SSLHandshakeException: certificate expired
at com.ibm.jsse.be.a(Unknown Source)
at com.ibm.jsse.be.startHandshake(Unknown Source)
at com.ibm.net.ssl.www.protocol.https.b.n(Unknown Source)
at com.ibm.net.ssl.www.protocol.https.p.connect(Unknown Source)
at com.ibm.net.ssl.www.protocol.http.bw.getOutputStream(Unknown Source)
at com.ibm.net.ssl.internal.www.protocol.https.HttpsURLConnection.getOutputStream(Unknown Source)
at com.myapp.net..................

In some of the articles on the net, it is suggested to use the jsse jar provided by sun but we don't have such flexibility to use jsse jar provided by sun.

How to fix this issue.

Thanks.
 
tommy k. lee
Greenhorn
Posts: 20
posted 20 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Have you made sure that the System Date / Times on the two machines are consistent? JSSE is extremely sensitive to System Time and Dates inconsistencies.

SCJP,SCJD SCEA, SCWCD, SCBCD<br />OCP DBA 8i / 9i<br />CISSP, PMP, PHR<br />CCNA, CCDA <br /><a href="http://www.certgear.com" target="_blank" rel="nofollow">http://www.certgear.com</a>;

 
Vijay Rastogi
Greenhorn
Posts: 2
posted 20 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Yes, we do have the consistent Date/Times for the two applications.
 
Pallav Jakhotiya
Greenhorn
Posts: 3
posted 20 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Just check for the validity of the certificate.
Your certificate might have expired.
If possible also check the CRLs for the same.

HTH

Pallav Jakhotiya

 
Zachary Clark
Greenhorn
Posts: 1
posted 20 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
When you establish an https connection WAS will use either the certificates in cacerts or DummyServerKeyFile.jks as the client certificates for authentication. It is likely that whichever of these is being used contains an expired certificate. It is also possible the trust store contains an expired certificate, the exception would be thrown in that case too. Check those keystores and remove or update the expired certs. IBM has patches to do this for you I believe.

-Z
 
Steve Ferguson
Greenhorn
Posts: 1
posted 20 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
To clarify, I was fighting with the same issue, and the cert needed to be reloaded in the cacerts within the jdk that ships with WebSphere. Reloading the one in /opt/WebSphere/AppServer/etc/DummyServerTrustFile.jks had no effect on the expired certificate problem. here is where to get the new root certs for verisign and thawte.

Also, for more info on reloading certs, see this ]article


[ August 11, 2004: Message edited by: Steve Ferguson
[ August 11, 2004: Message edited by: Steve Ferguson ]
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
reply
    Bookmark Topic Watch Topic
  • New Topic
Boost this thread!
Similar Threads
More...