This week's book giveaway is in the Mac OS forum.
We're giving away four copies of a choice of "Take Control of Upgrading to Yosemite" or "Take Control of Automating Your Mac" and have Joe Kissell on-line!
See this thread for details.
The moose likes Sockets and Internet Protocols and the fly likes HTTPS/ certificate problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "HTTPS/ certificate problem" Watch "HTTPS/ certificate problem" New topic
Author

HTTPS/ certificate problem

carl jensen
Greenhorn

Joined: Nov 08, 2000
Posts: 11
My application was working fine until last week when we moved servers and changed from a Verisign to a self-signed certificate.
Now, I get the following exception:
Exception: javax.net.ssl.SSLException: untrusted server cert chain
This happens when a servlet tries to communicate to another servlet with the following code:
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");

URL url = null;
HttpURLConnection urlConnection = null;

try {
String postURL = config.get("gateway.posturl.path");
url = new URL(postURL);
urlConnection = (HttpURLConnection) url.openConnection();
urlConnection.setRequestMethod("POST");
urlConnection.setDoInput(true);
urlConnection.setDoOutput(true);
urlConnection.setUseCaches(false);
urlConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
printout = new DataOutputStream (urlConnection.getOutputStream());
printout.writeBytes("zapp" + "=" + xml);
printout.flush();
printout.close();
//get the response
urlConnection.connect();
If I try to access the servlet with a web page (bypassing the first servlet), everything is fine.
I am pretty sure that the problem is related to the certificate switch.
Any help would be much appreciated!
Thank-you,
-carl jensen
Lewin Chan
Ranch Hand

Joined: Oct 10, 2001
Posts: 214
The untrusted server cert chain means exactly that.
The https client doesn't trust the certificate presented by the server, either because it isn't explicitly trusted, or because it doesn't have a certificate chain that contains a certificate that is explicitly trusted...
There are a number of "cacerts" that are already present in a java installation "jre\lib\security\cacerts". I'm guessing that that is what you're using, you could export the self-signed certificate and import it into the keystore.

Hope that helps


I have no java certifications. This makes me a bad programmer. Ignore my post.
carl jensen
Greenhorn

Joined: Nov 08, 2000
Posts: 11
Thanks for the reply. Do you have any idea how I go about exporting and importing this thing?
Thanks-you,
-Carl Jensen
Napa Sreedhar
Ranch Hand

Joined: Jan 29, 2002
Posts: 62
keytool is used to do that.
Try..
$keytool --help
Napa
Sonny Gill
Ranch Hand

Joined: Feb 02, 2002
Posts: 1211

You need to set the system property javax.net.ssl.trustStore
You can set it from the command line like this:-
java -Djavax.net.ssl.trustStore=MyTrustedStore YourApp
or dynamically as follows
System.setProperty("javax.net.ssl.trustStore", "MyTrustedStore");
where MyTrustedStore is the keystore you have imported the certificate( you are using ) into. You use keytool to do that. Check the online documentation if you are not sure. Look for a link to tools at java.sun.com.


The future is here. It's just not evenly distributed yet. - William Gibson
Consultant @ Xebia. Sonny Gill Tweets
 
GeeCON Prague 2014
 
subject: HTTPS/ certificate problem