Deepak Bala wrote:
Thanks! That helped a lot - I *think* it's actually an error in the cert file I was given. If I'm reading the logs right, the issuer on the cert file doesn't match the list of valid cert authorities they accept.
From what I understand, one of the issuers on the cert chain is unavailable for verification on your client side trust store. For example - The root CA for github is DigiCert. If DigiCert is unavailable in the trust store, any communication between you and github will fail with a SSL error saying the CA cannot be verified.
To fix the problem (if that is the problem) import the CA's cert into your trust store. Who is the CA ? Is the certificate self signed ?
My assumption here is that the error you are talking about came from not trusting the cert presented by the server. Please post the SSL debug logs and we can help you further.
Jaikiran Pai wrote:Is there anything in the SSL debug logs (http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html)?
Richard Tookey wrote: <edit> On re-reading I may have misunderstand where the PKCS12 file comes from. If it is one you generated for the client side authentication then the above does not apply but of course the certificate contained in the PKCS12 file must be signed by a CA that the server recognises.