File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Sockets and Internet Protocols and the fly likes HTTPS/ certificate problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "HTTPS/ certificate problem" Watch "HTTPS/ certificate problem" New topic

HTTPS/ certificate problem

carl jensen

Joined: Nov 08, 2000
Posts: 11
My application was working fine until last week when we moved servers and changed from a Verisign to a self-signed certificate.
Now, I get the following exception:
Exception: untrusted server cert chain
This happens when a servlet tries to communicate to another servlet with the following code:

URL url = null;
HttpURLConnection urlConnection = null;

try {
String postURL = config.get("gateway.posturl.path");
url = new URL(postURL);
urlConnection = (HttpURLConnection) url.openConnection();
urlConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
printout = new DataOutputStream (urlConnection.getOutputStream());
printout.writeBytes("zapp" + "=" + xml);
//get the response
If I try to access the servlet with a web page (bypassing the first servlet), everything is fine.
I am pretty sure that the problem is related to the certificate switch.
Any help would be much appreciated!
-carl jensen
Lewin Chan
Ranch Hand

Joined: Oct 10, 2001
Posts: 214
The untrusted server cert chain means exactly that.
The https client doesn't trust the certificate presented by the server, either because it isn't explicitly trusted, or because it doesn't have a certificate chain that contains a certificate that is explicitly trusted...
There are a number of "cacerts" that are already present in a java installation "jre\lib\security\cacerts". I'm guessing that that is what you're using, you could export the self-signed certificate and import it into the keystore.

Hope that helps

I have no java certifications. This makes me a bad programmer. Ignore my post.
carl jensen

Joined: Nov 08, 2000
Posts: 11
Thanks for the reply. Do you have any idea how I go about exporting and importing this thing?
-Carl Jensen
Napa Sreedhar
Ranch Hand

Joined: Jan 29, 2002
Posts: 62
keytool is used to do that.
$keytool --help
Sonny Gill
Ranch Hand

Joined: Feb 02, 2002
Posts: 1211

You need to set the system property
You can set it from the command line like this:-
java YourApp
or dynamically as follows
System.setProperty("", "MyTrustedStore");
where MyTrustedStore is the keystore you have imported the certificate( you are using ) into. You use keytool to do that. Check the online documentation if you are not sure. Look for a link to tools at

The future is here. It's just not evenly distributed yet. - William Gibson
Sonny Gill LinkedIn
I agree. Here's the link:
subject: HTTPS/ certificate problem
It's not a secret anymore!