aspose file tools*
The moose likes Other JSE/JEE APIs and the fly likes javax.net.ssl.SSLException: untrusted server cert chain Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Other JSE/JEE APIs
Bookmark "javax.net.ssl.SSLException: untrusted server cert chain" Watch "javax.net.ssl.SSLException: untrusted server cert chain" New topic
Author

javax.net.ssl.SSLException: untrusted server cert chain

D. Clarke
Greenhorn

Joined: May 09, 2006
Posts: 25
Hello all -

I have seen similar questions about this topic before, but I must confess I really don't understand it still. I have never had to work with certificates, so please pardon my ignorance.

I have a J2EE app connection from JBoss to a third party system using SSL. The third party certificate recently expired, and they updated it. However, I am still getting the same message:

javax.net.ssl.SSLException: untrusted server cert chain
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA6275)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(OutputStream.java:56)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)

Because I am not intimately familiar with this inherited application, I am slowly trying to find out what I can do. As this worked for years, I am confident it is not in the code. What I am not sure about, or even how to proceed is how to re-establish the trust between the two users.

I looked for a java version on the server and it is "/usr/bin/java" so there isn't a JRE/lib/security/ directory. Don't I need to have a copy of the new certificate and then some how use the keystore tool to sign it? If that is the case, I would really appreciate any pointers on how to do that. I am trying to find an old certifcate now, because I believe there must be one somewhere.

If someone has any advice or direction on this, I would love to hear it, or be pointed to a good *beginner* tutorial on how to make this work again.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39548
    
  27
"untrusted server cert chain" means that one of the certificates in the chain can not be verified as being trusted. Either the actual certificate is signed by an authority that is not trusted, or the signing authority's own certificate (one level higher up in the chain) is signed by an authority that's not trusted, and so on, all the way to the root authority. I think it's rare that a Java client app would check the complete hierarchy, though (although that can probably be anabled somehow), so the problem is likely with the actual certificate being presented. What does a/any browser think about the certificate if you enter the URL by hand?


Ping & DNS - updated with new look and Ping home screen widget
D. Clarke
Greenhorn

Joined: May 09, 2006
Posts: 25
When I enter the URL into a browser, nothing happens. It seems to connect and that's it - no errors or messages. The url ends in a .php, which apparently is their service that receives the XML that is being passed to them via the socket. If it makes a difference, here is the code that sends the request:


URL source = new URL(Constants.getProperty("https://www.blahblahblah/api.php));
URLConnection conn = source.openConnection();
conn.setDoInput(true);
conn.setDoOutput(true);
PrintWriter out = new PrintWriter(conn.getOutputStream());
out.println("xml_query=" + xmlString);
out.close();
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: javax.net.ssl.SSLException: untrusted server cert chain
 
Similar Threads
Creating Certificates
untrusted server cert chain..please help!!
Creating Certificates
Need Advice on creating a server that uses SSL!
This Weeks Giveaway