My application was working fine until last week when we moved servers and changed from a Verisign to a self-signed certificate. Now, I get the following exception: Exception: javax.net.ssl.SSLException: untrusted server cert chain This happens when a servlet tries to communicate to another servlet with the following code: System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
try { String postURL = config.get("gateway.posturl.path"); url = new URL(postURL); urlConnection = (HttpURLConnection) url.openConnection(); urlConnection.setRequestMethod("POST"); urlConnection.setDoInput(true); urlConnection.setDoOutput(true); urlConnection.setUseCaches(false); urlConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); printout = new DataOutputStream (urlConnection.getOutputStream()); printout.writeBytes("zapp" + "=" + xml); printout.flush(); printout.close(); //get the response urlConnection.connect(); If I try to access the servlet with a web page (bypassing the first servlet), everything is fine. I am pretty sure that the problem is related to the certificate switch. Any help would be much appreciated! Thank-you, -carl jensen
Lewin Chan
Ranch Hand
Joined: Oct 10, 2001
Posts: 214
posted
0
The untrusted server cert chain means exactly that. The https client doesn't trust the certificate presented by the server, either because it isn't explicitly trusted, or because it doesn't have a certificate chain that contains a certificate that is explicitly trusted... There are a number of "cacerts" that are already present in a java installation "jre\lib\security\cacerts". I'm guessing that that is what you're using, you could export the self-signed certificate and import it into the keystore.
Hope that helps
I have no java certifications. <br />This makes me a bad programmer.<br />Ignore my post.
carl jensen
Greenhorn
Joined: Nov 08, 2000
Posts: 11
posted
0
Thanks for the reply. Do you have any idea how I go about exporting and importing this thing? Thanks-you, -Carl Jensen
Napa Sreedhar
Ranch Hand
Joined: Jan 29, 2002
Posts: 58
posted
0
keytool is used to do that. Try.. $keytool --help Napa
You need to set the system property javax.net.ssl.trustStore You can set it from the command line like this:- java -Djavax.net.ssl.trustStore=MyTrustedStore YourApp or dynamically as follows System.setProperty("javax.net.ssl.trustStore", "MyTrustedStore"); where MyTrustedStore is the keystore you have imported the certificate( you are using ) into. You use keytool to do that. Check the online documentation if you are not sure. Look for a link to tools at java.sun.com.
The future is here. It's just not evenly distributed yet. - William Gibson
Consultant @ Xebia. Sonny GillTweets
0
