I have a secured socket layer that is open across a network betwene a client and a server. Unfortunately, the client cuts the connection just as they are opening the SSLScoket with the following exception: Exception javax.net.ssl.SSLException untrusted server cert chain I have a self-signed keytool created and I may be forgetting something since this is my first Secured Socket Layer. Thanks
Since ur client is not recognising your server certification, one thing u have missed is to import that server certification in ur browser. IE or Netscape have their own mechanisms for installing the client at the client side
Originally posted by Khalid Bou-Rabee: I have a secured socket layer that is open across a network betwene a client and a server. Unfortunately, the client cuts the connection just as they are opening the SSLScoket with the following exception: Exception javax.net.ssl.SSLException untrusted server cert chain I have a self-signed keytool created and I may be forgetting something since this is my first Secured Socket Layer. Thanks
Are you working at socket level? or, are you using https ? I have the exact same problem - We are using RSA's B-Safe product that gives us SSL impleementation. Our problem now is to write a servlet on our SilverStream App Server and load the correct certificates. We want to be able to use Https protocol from our java client. This is my first SSL application, and I really don't know where to begin. Thanks in advance for any help, Savithri
Hello. I also had this problem a few months ago...and I finally got the answer. In the certificate extensions you can see "pathlen = undefined". In jdk1.2.2, -2 is returned by X%=)Certificate.getBasicConstraints when there is a undefined pathlen with a non CA cert. This leads to the untrusted server cert chain exception. In kestrel, it is now returned Integer.MAX_VALUE, and it works perfectly. Thus, try your code with the jdk 1.' as I did. Eric
Joined: Nov 22, 2000
In my previous answer, I made a typewritting mistake. Please read "use the jdk1.3" instead of "use the jdk1.'" Eric
My problem is I am trying to download a file from a site which is secured using https. I get the following exception while doing so. javax.net.ssl.SSLException: untrusted server cert chain Can anybody guide me on this matter...
I ran into this problem myself. I fixed this by updating the cacerts file in the JVM ($JAVA_HOME/jre/lib/security) with the same file from a JDK1.4 installation. Apparently, the JDK 1.4 knows about a lot more licensing agencies (like Verisign, Thawte etc) than JDK 1.3 ever did. This would work for all certificates issued by known agencies/common agencies, even test/trial ones. If you use a custom certificate, then you would have to export the certificate out of your server and import it into the JVM of your app server/web server. Hope this helps.
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com
subject: SSLException: untrusted server cert chain