GeeCON Prague 2014*
The moose likes Sockets and Internet Protocols and the fly likes Untrusted server cert chain ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "Untrusted server cert chain ? " Watch "Untrusted server cert chain ? " New topic
Author

Untrusted server cert chain ?

Horaci Macias
Ranch Hand

Joined: Nov 08, 2001
Posts: 74
I'm trying to connect to an https site with this java code
when I try to read from BufferedReader, I have a SSLException: untrusted server cert chain.

Could anyone explain me if I can solve it?How ?
Thank you,
Horaci Macias
Lewin Chan
Ranch Hand

Joined: Oct 10, 2001
Posts: 214
javax.net.ssl.SSLException: untrusted server cert chainjava.lang.Throwable(java.lang.String)java.lang.Exception(java.lang.String)java.io.IOException(java.lang.String)javax.net.ssl.SSLException(java.lang.String)
basically means that your client doesn't trust the server (or any of the server's signers).
There could be any number of reasons for this,
a) the server's certificate is a self-signed one
b) The server does not provide a large enough "certificate chain" to go back to one of the certs in the jre/lib/security/cacerts.


I have no java certifications. This makes me a bad programmer. Ignore my post.
Abhi Basu
Greenhorn

Joined: Apr 05, 2004
Posts: 13
I ran into this problem myself. I fixed this by updating the cacerts file
in the JVM ($JAVA_HOME/jre/lib/security) with the same file from a JDK1.4 installation. Apparently, the JDK 1.4 knows about a lot more licensing
agencies (like Verisign, Thawte etc) than JDK 1.3 ever did. This would
work for all certificates issued by known agencies/common agencies, even test/trial ones. If you use a custom certificate, then you would have to export the certificate out of your server and import it into the JVM of your app server/web server.
Hope this helps.
 
GeeCON Prague 2014
 
subject: Untrusted server cert chain ?