• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

SSLException: untrusted server cert chain

 
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a secured socket layer that is open across a network betwene a client and a server.
Unfortunately, the client cuts the connection just as they are opening the SSLScoket with the following exception:
Exception javax.net.ssl.SSLException untrusted server cert chain
I have a self-signed keytool created and I may be forgetting something since this is my first Secured Socket Layer.
Thanks
 
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Since ur client is not recognising your server certification, one thing u have missed is to import that server certification in ur browser. IE or Netscape have their own mechanisms for installing the client at the client side

------------------
I.K.VISHWANATH
 
Khalid Bou-Rabee
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am using an application not an applet
 
Ranch Hand
Posts: 103
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Khalid Bou-Rabee:
I have a secured socket layer that is open across a network betwene a client and a server.
Unfortunately, the client cuts the connection just as they are opening the SSLScoket with the following exception:
Exception javax.net.ssl.SSLException untrusted server cert chain
I have a self-signed keytool created and I may be forgetting something since this is my first Secured Socket Layer.
Thanks


Are you working at socket level? or, are you using https ?
I have the exact same problem - We are using RSA's B-Safe product that gives us SSL impleementation. Our problem now is to write a servlet on our SilverStream App Server and load the correct certificates. We want to be able to use Https protocol from our java client. This is my first SSL application, and I really don't know where to begin.
Thanks in advance for any help,
Savithri
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello.
I also had this problem a few months ago...and I finally got the answer.
In the certificate extensions you can see "pathlen = undefined".
In jdk1.2.2, -2 is returned by X%=)Certificate.getBasicConstraints when there is a undefined pathlen with a non CA cert. This leads to the untrusted server cert chain exception.
In kestrel, it is now returned Integer.MAX_VALUE, and it works perfectly.
Thus, try your code with the jdk 1.' as I did.
Eric
 
Eric Lafargue
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In my previous answer, I made a typewritting mistake. Please read "use the jdk1.3" instead of "use the jdk1.'"
Eric
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My problem is I am trying to download a file from a site which is secured using https. I get the following exception while doing so.
javax.net.ssl.SSLException: untrusted server cert chain
Can anybody guide me on this matter...
 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I ran into this problem myself. I fixed this by updating the cacerts file
in the JVM ($JAVA_HOME/jre/lib/security) with the same file from a JDK1.4 installation. Apparently, the JDK 1.4 knows about a lot more licensing
agencies (like Verisign, Thawte etc) than JDK 1.3 ever did. This would
work for all certificates issued by known agencies/common agencies, even test/trial ones. If you use a custom certificate, then you would have to export the certificate out of your server and import it into the JVM of your app server/web server.
Hope this helps.
 
Quick! Before anybody notices! Cover it up with this tiny ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic