This week's book giveaway is in the Agile forum.
We're giving away four copies of Fixing your Scrum and have Ryan Ripley & Todd Miller on-line!
See this thread for details.
Win a copy of Fixing your Scrum this week in the Agile forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Rob Spoor
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Junilu Lacar
  • Tim Cooke
Saloon Keepers:
  • Tim Holloway
  • Piet Souris
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Frits Walraven
  • Himai Minh

untrusted server cert chain

 
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Task : java client calling a servlet using https protocol

This is the sample java code we are using :

System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
sUrl = "https://111.111.111.111:1111/TestServlet";
URL u = new URL(sUrl);
InputStream in = (InputStream)u.openStream();

And it is compiled successfully. While executing we are getting the following error

Exception : javax.net.ssl.SSLException: untrusted server cert chain

We come to know that we need to use 'keytool' and we don't know how to proceed with this ? Can anyone help us in this regard.
And for your information. The above code is a simple java program.
Regards
Nathan
:roll:
[ April 17, 2002: Message edited by: Nathan KV ]
 
Ranch Hand
Posts: 214
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Exception : javax.net.ssl.SSLException: untrusted server cert chain
is pretty clear, it means that your client cannot trust the server, because it cannot find a certificate in it's keystore that has verified the server's certificate.
If the server in question has a certificate signed by Verisign or one of the big CA's then this shouldn't be a problem. Most of those CA certificates are in jdk\jre\lib\security\cacerts which should be used automatically by the sun JSSE implementation.
cacerts is a keystore.
If, in fact, the server is just using a self-signed certificate, or a certificate not (eventually) signed by something in cacerts, then you need to *explicitly* trust that certificate, or it's signing certificate.

I hope that gives you enough idea...
 
Nathan KV
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have given the following commands in dos prompt.

keytool -import -alias xyz -file democert.pem -keystore C:\jdk1.3.1\jre
\lib\security\cacerts

-----------
And we got the following response

Certificate was added to keystore

But even now we are getting the same 'Untrusted server cert chain problem'.
How we have to proceed now ?
We are haveing the following files in the Directory of C:\jdk1.3.1\jre\lib\security
cacerts
java.policy
java.security
democert.pem
demokey.pem
ca.pem
Here i have copied the following files from the server side (weblogic).
1.democert.pem
2.demokey.pem
3.ca.pem
How we have to proceed with this ? and what we have to give in keytool command ? Please explain
And for your infomation, we are using only defalut weblogic certificate in the server side.
Regards
Nathan
[ April 17, 2002: Message edited by: Nathan KV ]
 
You ridiculous clown, did you think you could get away with it? This is my favorite tiny ad!
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic