File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Certificate chaining error: issuer DN != subject DN Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Certificate chaining error: issuer DN != subject DN" Watch "Certificate chaining error: issuer DN != subject DN" New topic
Author

Certificate chaining error: issuer DN != subject DN

Kareem Gad
Ranch Hand

Joined: Aug 06, 2001
Posts: 89
I know this is a verrry basic problem with SSL but please bear with me.

We have a client that connects to a secure webservice and was working fine till the certificate on the server machine was due to expire so it was renewed and setup on the webserver. The certificate on the webserver is :
+XXX global root
+XXXX Certificate Authority
+XXXXX CA
+www.xx.com


Now on the client machine I just saved the certificate from the browser when accessing the secure page of the server into a .cer file. This saved the "www.xx.com" certificate alone. I imported that using the keytool into the keystore that the client application refers to for the SSL Handshake.

I keep getting the above mentioned error!! I've tried everything from adding the whole chain of certificates onto the client's keystore to make sure I chain all the way to the root one but still nothing.

Any ideas what I am missing or where can i start looking again. Really appreciate anything here


<b><i>KaReEm</i><br /><ul type="square"><li>SCJP-Free Range Web Developer <br /></ul></b>
Kareem Gad
Ranch Hand

Joined: Aug 06, 2001
Posts: 89
Got it figured out!

It was a configuration issue on apache for the SSL, where the CA certificate key file was configured with the property name SSLCertificateChainFile, while when we checked previous versions of the configuration we used to put it with the property SSLCACertificateFile when we did that we got it fixed.

Now another error :

In one way or another it says "Certificate missing Basic constraints extensions"

Anyone have any idea why this is happening ?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Certificate chaining error: issuer DN != subject DN
 
Similar Threads
JSSE with Applets
JaxWs https and certificates
Keystore was tampered with, or password was incorrect
JSSE/SSL with Applets
Tomcat always shows self signed certificate insted of trusted certificate from cert signing auth