File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Sockets and Internet Protocols and the fly likes SSLException: untrusted server cert chain Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "SSLException: untrusted server cert chain" Watch "SSLException: untrusted server cert chain" New topic
Author

SSLException: untrusted server cert chain

Khalid Bou-Rabee
Ranch Hand

Joined: Jul 12, 2000
Posts: 54
I have a secured socket layer that is open across a network betwene a client and a server.
Unfortunately, the client cuts the connection just as they are opening the SSLScoket with the following exception:
Exception javax.net.ssl.SSLException untrusted server cert chain
I have a self-signed keytool created and I may be forgetting something since this is my first Secured Socket Layer.
Thanks


\\ //<BR>~\// irucidal~
KASI VISHWANATH
Ranch Hand

Joined: Aug 06, 2000
Posts: 60
Since ur client is not recognising your server certification, one thing u have missed is to import that server certification in ur browser. IE or Netscape have their own mechanisms for installing the client at the client side

------------------
I.K.VISHWANATH


I.K.VISHWANATH
Khalid Bou-Rabee
Ranch Hand

Joined: Jul 12, 2000
Posts: 54
I am using an application not an applet
Savithri Devaraj
Ranch Hand

Joined: Jun 26, 2000
Posts: 103
Originally posted by Khalid Bou-Rabee:
I have a secured socket layer that is open across a network betwene a client and a server.
Unfortunately, the client cuts the connection just as they are opening the SSLScoket with the following exception:
Exception javax.net.ssl.SSLException untrusted server cert chain
I have a self-signed keytool created and I may be forgetting something since this is my first Secured Socket Layer.
Thanks

Are you working at socket level? or, are you using https ?
I have the exact same problem - We are using RSA's B-Safe product that gives us SSL impleementation. Our problem now is to write a servlet on our SilverStream App Server and load the correct certificates. We want to be able to use Https protocol from our java client. This is my first SSL application, and I really don't know where to begin.
Thanks in advance for any help,
Savithri
Eric Lafargue
Greenhorn

Joined: Nov 22, 2000
Posts: 3
Hello.
I also had this problem a few months ago...and I finally got the answer.
In the certificate extensions you can see "pathlen = undefined".
In jdk1.2.2, -2 is returned by X%=)Certificate.getBasicConstraints when there is a undefined pathlen with a non CA cert. This leads to the untrusted server cert chain exception.
In kestrel, it is now returned Integer.MAX_VALUE, and it works perfectly.
Thus, try your code with the jdk 1.' as I did.
Eric
Eric Lafargue
Greenhorn

Joined: Nov 22, 2000
Posts: 3
In my previous answer, I made a typewritting mistake. Please read "use the jdk1.3" instead of "use the jdk1.'"
Eric
parag gadhia
Greenhorn

Joined: May 30, 2001
Posts: 3
My problem is I am trying to download a file from a site which is secured using https. I get the following exception while doing so.
javax.net.ssl.SSLException: untrusted server cert chain
Can anybody guide me on this matter...
Abhi Basu
Greenhorn

Joined: Apr 05, 2004
Posts: 13
I ran into this problem myself. I fixed this by updating the cacerts file
in the JVM ($JAVA_HOME/jre/lib/security) with the same file from a JDK1.4 installation. Apparently, the JDK 1.4 knows about a lot more licensing
agencies (like Verisign, Thawte etc) than JDK 1.3 ever did. This would
work for all certificates issued by known agencies/common agencies, even test/trial ones. If you use a custom certificate, then you would have to export the certificate out of your server and import it into the JVM of your app server/web server.
Hope this helps.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: SSLException: untrusted server cert chain
 
Similar Threads
Need Expert openion on 'untrusted server cert chain'
Getting exception need help
Invalidate trusting certificate control
SSL Connection in iPlanet
publishing to a registry