Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HTTPS/ certificate problem

 
carl jensen
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My application was working fine until last week when we moved servers and changed from a Verisign to a self-signed certificate.
Now, I get the following exception:
Exception: javax.net.ssl.SSLException: untrusted server cert chain
This happens when a servlet tries to communicate to another servlet with the following code:
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");

URL url = null;
HttpURLConnection urlConnection = null;

try {
String postURL = config.get("gateway.posturl.path");
url = new URL(postURL);
urlConnection = (HttpURLConnection) url.openConnection();
urlConnection.setRequestMethod("POST");
urlConnection.setDoInput(true);
urlConnection.setDoOutput(true);
urlConnection.setUseCaches(false);
urlConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
printout = new DataOutputStream (urlConnection.getOutputStream());
printout.writeBytes("zapp" + "=" + xml);
printout.flush();
printout.close();
//get the response
urlConnection.connect();
If I try to access the servlet with a web page (bypassing the first servlet), everything is fine.
I am pretty sure that the problem is related to the certificate switch.
Any help would be much appreciated!
Thank-you,
-carl jensen
 
Lewin Chan
Ranch Hand
Posts: 214
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The untrusted server cert chain means exactly that.
The https client doesn't trust the certificate presented by the server, either because it isn't explicitly trusted, or because it doesn't have a certificate chain that contains a certificate that is explicitly trusted...
There are a number of "cacerts" that are already present in a java installation "jre\lib\security\cacerts". I'm guessing that that is what you're using, you could export the self-signed certificate and import it into the keystore.

Hope that helps
 
carl jensen
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the reply. Do you have any idea how I go about exporting and importing this thing?
Thanks-you,
-Carl Jensen
 
Napa Sreedhar
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
keytool is used to do that.
Try..
$keytool --help
Napa
 
Sonny Gill
Ranch Hand
Posts: 1211
IntelliJ IDE Mac
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You need to set the system property javax.net.ssl.trustStore
You can set it from the command line like this:-
java -Djavax.net.ssl.trustStore=MyTrustedStore YourApp
or dynamically as follows
System.setProperty("javax.net.ssl.trustStore", "MyTrustedStore");
where MyTrustedStore is the keystore you have imported the certificate( you are using ) into. You use keytool to do that. Check the online documentation if you are not sure. Look for a link to tools at java.sun.com.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic