This week's book giveaway is in the Java 8 forum.
We're giving away four copies of Java 8 in Action and have Raoul-Gabriel Urma, Mario Fusco, and Alan Mycroft on-line!
See this thread for details.
The moose likes Security and the fly likes Certificate chaining error: issuer DN != subject DN Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Certificate chaining error: issuer DN != subject DN" Watch "Certificate chaining error: issuer DN != subject DN" New topic

Certificate chaining error: issuer DN != subject DN

Kareem Gad
Ranch Hand

Joined: Aug 06, 2001
Posts: 89
I know this is a verrry basic problem with SSL but please bear with me.

We have a client that connects to a secure webservice and was working fine till the certificate on the server machine was due to expire so it was renewed and setup on the webserver. The certificate on the webserver is :
+XXX global root
+XXXX Certificate Authority

Now on the client machine I just saved the certificate from the browser when accessing the secure page of the server into a .cer file. This saved the "" certificate alone. I imported that using the keytool into the keystore that the client application refers to for the SSL Handshake.

I keep getting the above mentioned error!! I've tried everything from adding the whole chain of certificates onto the client's keystore to make sure I chain all the way to the root one but still nothing.

Any ideas what I am missing or where can i start looking again. Really appreciate anything here

<b><i>KaReEm</i><br /><ul type="square"><li>SCJP-Free Range Web Developer <br /></ul></b>
Kareem Gad
Ranch Hand

Joined: Aug 06, 2001
Posts: 89
Got it figured out!

It was a configuration issue on apache for the SSL, where the CA certificate key file was configured with the property name SSLCertificateChainFile, while when we checked previous versions of the configuration we used to put it with the property SSLCACertificateFile when we did that we got it fixed.

Now another error :

In one way or another it says "Certificate missing Basic constraints extensions"

Anyone have any idea why this is happening ?
I agree. Here's the link:
subject: Certificate chaining error: issuer DN != subject DN
Similar Threads
JSSE/SSL with Applets
Keystore was tampered with, or password was incorrect
JSSE with Applets
Tomcat always shows self signed certificate insted of trusted certificate from cert signing auth
JaxWs https and certificates