Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SSLException: untrusted server cert chain

 
Khalid Bou-Rabee
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a secured socket layer that is open across a network betwene a client and a server.
Unfortunately, the client cuts the connection just as they are opening the SSLScoket with the following exception:
Exception javax.net.ssl.SSLException untrusted server cert chain
I have a self-signed keytool created and I may be forgetting something since this is my first Secured Socket Layer.
Thanks
 
KASI VISHWANATH
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Since ur client is not recognising your server certification, one thing u have missed is to import that server certification in ur browser. IE or Netscape have their own mechanisms for installing the client at the client side

------------------
I.K.VISHWANATH
 
Khalid Bou-Rabee
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using an application not an applet
 
Savithri Devaraj
Ranch Hand
Posts: 103
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Khalid Bou-Rabee:
I have a secured socket layer that is open across a network betwene a client and a server.
Unfortunately, the client cuts the connection just as they are opening the SSLScoket with the following exception:
Exception javax.net.ssl.SSLException untrusted server cert chain
I have a self-signed keytool created and I may be forgetting something since this is my first Secured Socket Layer.
Thanks

Are you working at socket level? or, are you using https ?
I have the exact same problem - We are using RSA's B-Safe product that gives us SSL impleementation. Our problem now is to write a servlet on our SilverStream App Server and load the correct certificates. We want to be able to use Https protocol from our java client. This is my first SSL application, and I really don't know where to begin.
Thanks in advance for any help,
Savithri
 
Eric Lafargue
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello.
I also had this problem a few months ago...and I finally got the answer.
In the certificate extensions you can see "pathlen = undefined".
In jdk1.2.2, -2 is returned by X%=)Certificate.getBasicConstraints when there is a undefined pathlen with a non CA cert. This leads to the untrusted server cert chain exception.
In kestrel, it is now returned Integer.MAX_VALUE, and it works perfectly.
Thus, try your code with the jdk 1.' as I did.
Eric
 
Eric Lafargue
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In my previous answer, I made a typewritting mistake. Please read "use the jdk1.3" instead of "use the jdk1.'"
Eric
 
parag gadhia
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My problem is I am trying to download a file from a site which is secured using https. I get the following exception while doing so.
javax.net.ssl.SSLException: untrusted server cert chain
Can anybody guide me on this matter...
 
Abhi Basu
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I ran into this problem myself. I fixed this by updating the cacerts file
in the JVM ($JAVA_HOME/jre/lib/security) with the same file from a JDK1.4 installation. Apparently, the JDK 1.4 knows about a lot more licensing
agencies (like Verisign, Thawte etc) than JDK 1.3 ever did. This would
work for all certificates issued by known agencies/common agencies, even test/trial ones. If you use a custom certificate, then you would have to export the certificate out of your server and import it into the JVM of your app server/web server.
Hope this helps.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic