This week's book giveaway is in the Cloud/Virtualizaton forum.
We're giving away four copies of Mesos in Action and have Roger Ignazio on-line!
See this thread for details.
Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Certificate chaining error: issuer DN != subject DN

 
Kareem Gad
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I know this is a verrry basic problem with SSL but please bear with me.

We have a client that connects to a secure webservice and was working fine till the certificate on the server machine was due to expire so it was renewed and setup on the webserver. The certificate on the webserver is :
+XXX global root
+XXXX Certificate Authority
+XXXXX CA
+www.xx.com


Now on the client machine I just saved the certificate from the browser when accessing the secure page of the server into a .cer file. This saved the "www.xx.com" certificate alone. I imported that using the keytool into the keystore that the client application refers to for the SSL Handshake.

I keep getting the above mentioned error!! I've tried everything from adding the whole chain of certificates onto the client's keystore to make sure I chain all the way to the root one but still nothing.

Any ideas what I am missing or where can i start looking again. Really appreciate anything here
 
Kareem Gad
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Got it figured out!

It was a configuration issue on apache for the SSL, where the CA certificate key file was configured with the property name SSLCertificateChainFile, while when we checked previous versions of the configuration we used to put it with the property SSLCACertificateFile when we did that we got it fixed.

Now another error :

In one way or another it says "Certificate missing Basic constraints extensions"

Anyone have any idea why this is happening ?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic