This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Security and the fly likes Receiving: java.CertificateException: Certificate not Trusted Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Receiving: java.CertificateException: Certificate not Trusted" Watch "Receiving: java.CertificateException: Certificate not Trusted" New topic
Author

Receiving: java.CertificateException: Certificate not Trusted

Jay Damon
Ranch Hand

Joined: Jul 31, 2001
Posts: 281
The application I am working contains a class that is used to include text content from another site. It does this by 1) creating a URL object, 2) opening a URLConnection and 3) reading the content via an InputStream. This code has worked fine up to now for URLs such as:

http://content.mysite.com/public/document/0123456.txt

However, the guardians of that content have now decided to secure the content and we need to access the content via an ASP page thru a URL similar to the following:

https://content.mysite.com/service/content.asp?doc=0123456

and this breaks the web page content retrieval class with the exception:

javax.SSLHandshakeException:
java.CertificateException: Certificate not Trusted

The problem appears to be one of authentication but I am unsure how authentication should be performed via the URL / URLConnection objects currently being accessed. I do not see anything in the Javadoc that appears to address this problem.

Note: The code does have access to a valid user id / password at the time of retrieval.

Any suggestions as to how to proceed would be appreciated.
Set Cruz
Greenhorn

Joined: Jan 31, 2008
Posts: 26
Hi -
A text search on "keystore" yielded the following thread, which may be relevant keystore discussion


SCJP, Oracle PL/SQL Developer
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
Also note that the JSSE uses the terminology "truststore" to refer to the store that contains certificates that you want to trust. A keystore can contain trusted certificates and also your own secret and private keys. The JSSE docs (http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html) contain much information on various ways to customize your truststore, including something as simple as putting the trusted certificates in a file and setting a system property to point to this file.


Nice to meet you.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Receiving: java.CertificateException: Certificate not Trusted
 
Similar Threads
Java service and c# client https
No trusted certificate found : when opeing a ssl connection from behind the proxy.
How long a certificate from web server is used in browser
HTTPS Client Authentication
About ssl certificate info on tomcat