• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Junilu Lacar
  • Martin Vashko
  • Jeanne Boyarsky
  • Tim Cooke
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Scott Selikoff
  • salvin francis
  • Piet Souris

Untrusted server cert chain ?

Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm trying to connect to an https site with this java code
when I try to read from BufferedReader, I have a SSLException: untrusted server cert chain.

Could anyone explain me if I can solve it?How ?
Thank you,
Horaci Macias
Ranch Hand
Posts: 214
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
javax.net.ssl.SSLException: untrusted server cert chainjava.lang.Throwable(java.lang.String)java.lang.Exception(java.lang.String)java.io.IOException(java.lang.String)javax.net.ssl.SSLException(java.lang.String)
basically means that your client doesn't trust the server (or any of the server's signers).
There could be any number of reasons for this,
a) the server's certificate is a self-signed one
b) The server does not provide a large enough "certificate chain" to go back to one of the certs in the jre/lib/security/cacerts.
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I ran into this problem myself. I fixed this by updating the cacerts file
in the JVM ($JAVA_HOME/jre/lib/security) with the same file from a JDK1.4 installation. Apparently, the JDK 1.4 knows about a lot more licensing
agencies (like Verisign, Thawte etc) than JDK 1.3 ever did. This would
work for all certificates issued by known agencies/common agencies, even test/trial ones. If you use a custom certificate, then you would have to export the certificate out of your server and import it into the JVM of your app server/web server.
Hope this helps.
So I left, I came home, and I ate some pie. And then I read this tiny ad:
Sauce Labs - World's Largest Continuous Testing Cloud for Websites and Mobile Apps
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!