This week's giveaway is in the JDBC forum.
We're giving away four copies of Java Database Connections & Transactions (e-book only) and have Marco Behler on-line!
See this thread for details.
Win a copy of Java Database Connections & Transactions (e-book only) this week in the JDBC forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
Bartenders:
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

SSLException: untrusted server cert chain  RSS feed

 
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a secured socket layer that is open across a network betwene a client and a server.
Unfortunately, the client cuts the connection just as they are opening the SSLScoket with the following exception:
Exception javax.net.ssl.SSLException untrusted server cert chain
I have a self-signed keytool created and I may be forgetting something since this is my first Secured Socket Layer.
Thanks
 
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Since ur client is not recognising your server certification, one thing u have missed is to import that server certification in ur browser. IE or Netscape have their own mechanisms for installing the client at the client side

------------------
I.K.VISHWANATH
 
Khalid Bou-Rabee
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using an application not an applet
 
Ranch Hand
Posts: 103
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by Khalid Bou-Rabee:
I have a secured socket layer that is open across a network betwene a client and a server.
Unfortunately, the client cuts the connection just as they are opening the SSLScoket with the following exception:
Exception javax.net.ssl.SSLException untrusted server cert chain
I have a self-signed keytool created and I may be forgetting something since this is my first Secured Socket Layer.
Thanks


Are you working at socket level? or, are you using https ?
I have the exact same problem - We are using RSA's B-Safe product that gives us SSL impleementation. Our problem now is to write a servlet on our SilverStream App Server and load the correct certificates. We want to be able to use Https protocol from our java client. This is my first SSL application, and I really don't know where to begin.
Thanks in advance for any help,
Savithri
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello.
I also had this problem a few months ago...and I finally got the answer.
In the certificate extensions you can see "pathlen = undefined".
In jdk1.2.2, -2 is returned by X%=)Certificate.getBasicConstraints when there is a undefined pathlen with a non CA cert. This leads to the untrusted server cert chain exception.
In kestrel, it is now returned Integer.MAX_VALUE, and it works perfectly.
Thus, try your code with the jdk 1.' as I did.
Eric
 
Eric Lafargue
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In my previous answer, I made a typewritting mistake. Please read "use the jdk1.3" instead of "use the jdk1.'"
Eric
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My problem is I am trying to download a file from a site which is secured using https. I get the following exception while doing so.
javax.net.ssl.SSLException: untrusted server cert chain
Can anybody guide me on this matter...
 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I ran into this problem myself. I fixed this by updating the cacerts file
in the JVM ($JAVA_HOME/jre/lib/security) with the same file from a JDK1.4 installation. Apparently, the JDK 1.4 knows about a lot more licensing
agencies (like Verisign, Thawte etc) than JDK 1.3 ever did. This would
work for all certificates issued by known agencies/common agencies, even test/trial ones. If you use a custom certificate, then you would have to export the certificate out of your server and import it into the JVM of your app server/web server.
Hope this helps.
 
This tiny ad is wafer thin:
how do I do my own kindle-like thing - without amazon
https://coderanch.com/t/711421/engineering/kindle-amazon
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!