File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Sockets and Internet Protocols and the fly likes untrusted server cert chain Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "untrusted server cert chain" Watch "untrusted server cert chain" New topic

untrusted server cert chain

Nathan KV

Joined: Aug 09, 2001
Posts: 25

Task : java client calling a servlet using https protocol

This is the sample java code we are using :

sUrl = "";
URL u = new URL(sUrl);
InputStream in = (InputStream)u.openStream();

And it is compiled successfully. While executing we are getting the following error

Exception : untrusted server cert chain

We come to know that we need to use 'keytool' and we don't know how to proceed with this ? Can anyone help us in this regard.
And for your information. The above code is a simple java program.
[ April 17, 2002: Message edited by: Nathan KV ]
Lewin Chan
Ranch Hand

Joined: Oct 10, 2001
Posts: 214
Exception : untrusted server cert chain
is pretty clear, it means that your client cannot trust the server, because it cannot find a certificate in it's keystore that has verified the server's certificate.
If the server in question has a certificate signed by Verisign or one of the big CA's then this shouldn't be a problem. Most of those CA certificates are in jdk\jre\lib\security\cacerts which should be used automatically by the sun JSSE implementation.
cacerts is a keystore.
If, in fact, the server is just using a self-signed certificate, or a certificate not (eventually) signed by something in cacerts, then you need to *explicitly* trust that certificate, or it's signing certificate.

I hope that gives you enough idea...

I have no java certifications. This makes me a bad programmer. Ignore my post.
Nathan KV

Joined: Aug 09, 2001
Posts: 25
I have given the following commands in dos prompt.

keytool -import -alias xyz -file democert.pem -keystore C:\jdk1.3.1\jre

And we got the following response

Certificate was added to keystore

But even now we are getting the same 'Untrusted server cert chain problem'.
How we have to proceed now ?
We are haveing the following files in the Directory of C:\jdk1.3.1\jre\lib\security
Here i have copied the following files from the server side (weblogic).
How we have to proceed with this ? and what we have to give in keytool command ? Please explain
And for your infomation, we are using only defalut weblogic certificate in the server side.
[ April 17, 2002: Message edited by: Nathan KV ]
I agree. Here's the link:
subject: untrusted server cert chain
It's not a secret anymore!