Task : java client calling a servlet using https protocol
This is the sample java code we are using : System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol"); Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); sUrl = "https://220.127.116.11:1111/TestServlet"; URL u = new URL(sUrl); InputStream in = (InputStream)u.openStream();
And it is compiled successfully. While executing we are getting the following error Exception : javax.net.ssl.SSLException: untrusted server cert chain
We come to know that we need to use 'keytool' and we don't know how to proceed with this ? Can anyone help us in this regard. And for your information. The above code is a simple java program. Regards Nathan :roll: [ April 17, 2002: Message edited by: Nathan KV ]
Exception : javax.net.ssl.SSLException: untrusted server cert chain is pretty clear, it means that your client cannot trust the server, because it cannot find a certificate in it's keystore that has verified the server's certificate. If the server in question has a certificate signed by Verisign or one of the big CA's then this shouldn't be a problem. Most of those CA certificates are in jdk\jre\lib\security\cacerts which should be used automatically by the sun JSSE implementation. cacerts is a keystore. If, in fact, the server is just using a self-signed certificate, or a certificate not (eventually) signed by something in cacerts, then you need to *explicitly* trust that certificate, or it's signing certificate.
I hope that gives you enough idea...
I have no java certifications. This makes me a bad programmer. Ignore my post.
Joined: Aug 09, 2001
I have given the following commands in dos prompt. keytool -import -alias xyz -file democert.pem -keystore C:\jdk1.3.1\jre \lib\security\cacerts
----------- And we got the following response Certificate was added to keystore
But even now we are getting the same 'Untrusted server cert chain problem'. How we have to proceed now ? We are haveing the following files in the Directory of C:\jdk1.3.1\jre\lib\security cacerts java.policy java.security democert.pem demokey.pem ca.pem Here i have copied the following files from the server side (weblogic). 1.democert.pem 2.demokey.pem 3.ca.pem How we have to proceed with this ? and what we have to give in keytool command ? Please explain And for your infomation, we are using only defalut weblogic certificate in the server side. Regards Nathan [ April 17, 2002: Message edited by: Nathan KV ]