Win a copy of Terraform in Action this week in the Cloud forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

Certificate chaining error: issuer DN != subject DN

 
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I know this is a verrry basic problem with SSL but please bear with me.

We have a client that connects to a secure webservice and was working fine till the certificate on the server machine was due to expire so it was renewed and setup on the webserver. The certificate on the webserver is :
+XXX global root
+XXXX Certificate Authority
+XXXXX CA
+www.xx.com


Now on the client machine I just saved the certificate from the browser when accessing the secure page of the server into a .cer file. This saved the "www.xx.com" certificate alone. I imported that using the keytool into the keystore that the client application refers to for the SSL Handshake.

I keep getting the above mentioned error!! I've tried everything from adding the whole chain of certificates onto the client's keystore to make sure I chain all the way to the root one but still nothing.

Any ideas what I am missing or where can i start looking again. Really appreciate anything here
 
Kareem Gad
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Got it figured out!

It was a configuration issue on apache for the SSL, where the CA certificate key file was configured with the property name SSLCertificateChainFile, while when we checked previous versions of the configuration we used to put it with the property SSLCACertificateFile when we did that we got it fixed.

Now another error :

In one way or another it says "Certificate missing Basic constraints extensions"

Anyone have any idea why this is happening ?
 
reply
    Bookmark Topic Watch Topic
  • New Topic