aspose file tools*
The moose likes Sockets and Internet Protocols and the fly likes untrusted server cert chain Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "untrusted server cert chain" Watch "untrusted server cert chain" New topic
Author

untrusted server cert chain

Nathan KV
Greenhorn

Joined: Aug 09, 2001
Posts: 25

Task : java client calling a servlet using https protocol

This is the sample java code we are using :

System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
sUrl = "https://111.111.111.111:1111/TestServlet";
URL u = new URL(sUrl);
InputStream in = (InputStream)u.openStream();

And it is compiled successfully. While executing we are getting the following error

Exception : javax.net.ssl.SSLException: untrusted server cert chain

We come to know that we need to use 'keytool' and we don't know how to proceed with this ? Can anyone help us in this regard.
And for your information. The above code is a simple java program.
Regards
Nathan
:roll:
[ April 17, 2002: Message edited by: Nathan KV ]
Lewin Chan
Ranch Hand

Joined: Oct 10, 2001
Posts: 214
Exception : javax.net.ssl.SSLException: untrusted server cert chain
is pretty clear, it means that your client cannot trust the server, because it cannot find a certificate in it's keystore that has verified the server's certificate.
If the server in question has a certificate signed by Verisign or one of the big CA's then this shouldn't be a problem. Most of those CA certificates are in jdk\jre\lib\security\cacerts which should be used automatically by the sun JSSE implementation.
cacerts is a keystore.
If, in fact, the server is just using a self-signed certificate, or a certificate not (eventually) signed by something in cacerts, then you need to *explicitly* trust that certificate, or it's signing certificate.

I hope that gives you enough idea...


I have no java certifications. This makes me a bad programmer. Ignore my post.
Nathan KV
Greenhorn

Joined: Aug 09, 2001
Posts: 25
I have given the following commands in dos prompt.

keytool -import -alias xyz -file democert.pem -keystore C:\jdk1.3.1\jre
\lib\security\cacerts

-----------
And we got the following response

Certificate was added to keystore

But even now we are getting the same 'Untrusted server cert chain problem'.
How we have to proceed now ?
We are haveing the following files in the Directory of C:\jdk1.3.1\jre\lib\security
cacerts
java.policy
java.security
democert.pem
demokey.pem
ca.pem
Here i have copied the following files from the server side (weblogic).
1.democert.pem
2.demokey.pem
3.ca.pem
How we have to proceed with this ? and what we have to give in keytool command ? Please explain
And for your infomation, we are using only defalut weblogic certificate in the server side.
Regards
Nathan
[ April 17, 2002: Message edited by: Nathan KV ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: untrusted server cert chain