wood burning stoves 2.0*
The moose likes Web Services and the fly likes  Server certificate is not trusted Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark " Server certificate is not trusted" Watch " Server certificate is not trusted" New topic
Author

Server certificate is not trusted

kevin lee sg
Greenhorn

Joined: Dec 21, 2009
Posts: 11
Hi guys,

I'm having problem getting my application running on Weblogic to trust a site.

Till now, using keytool, I've already added the .crt file to all cacerts and .jks files that I can see loading from the WL admin log. But it's still getting the problem.

But, it's only for cacerts then I used the option -trustcacerts. Otherwise, I skip it.

the error keeps saying - Server certificate 'CN=app2, OU=server' is not trusted!

When I did a printcert, it gave a proper:
Owner: CN=app2, OU=server
Issuer: CN=app2, OU=server

When I tried accessing the https site, and viewed the cert details on my browser, it's also showing CN=app2 ... OU=server.

I selected "Demo Identity and Demo Trust" in the WL console. And also ensured that the keystore it points to has got the cert entry.

When I ran on my local, I installed the cert as well.

Below is the error. Any advice is much appreciated! Feel free to ask for more details..

Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
I think this is caused by the CN in the certificate not being the host name.
The best option is to create the certificate so that the CN is the same as the host name, but there is a workaround.
Insert the following in the web service client:

Best wishes!
kevin lee sg
Greenhorn

Joined: Dec 21, 2009
Posts: 11
Ivan Krizsan wrote:Hi!
I think this is caused by the CN in the certificate not being the host name.
The best option is to create the certificate so that the CN is the same as the host name, but there is a workaround.
Insert the following in the web service client:

Best wishes!


Hi thanks for the suggestion.

Do you mean, that if the hostname is "app2", CN should have "app2" as well?

I just tried it, but it does not work. Tiring.
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
Yes.
If you add the static code snippet to your client and add a print statement, you can print out the name of the host for verification.
I am not sure that this is your problem, though - this is just a suggestion regarding what to try.
Best wishes!
kevin lee sg
Greenhorn

Joined: Dec 21, 2009
Posts: 11
Hi,

I had problem with direct copying and pasting your code, and modified it.

The main method does not seem to enter the verify method? I added in a print statement just before the below code. It was printed.

Do help to see what could be wrong...

Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
Notice that the code in my message is in a static code block that will be evaluated when the class in which it is pasted is loaded.
I haven't tried this approach in a program that runs in a container, only in standalone JavaSE clients.
Best wishes!
kevin lee sg
Greenhorn

Joined: Dec 21, 2009
Posts: 11
Hi

Actually, I had the code inside a static statement..



And as I mentioned just now, "inside" was printed, but the inner printing statement was not used..
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Ah!
I guess this is because the web service client does not use the HttpsURLConnection class to establish HTTPS connections to the web service.
Thus, this method seems not to work with your client.
Best wishes!
kevin lee sg
Greenhorn

Joined: Dec 21, 2009
Posts: 11
Hi

My code uses the API/method here to establish the connection.

https://uddi.epacdxnode.net/uddi/doc/api/org/systinet/uddi/client/v3/UDDIInquiryStub.html#getInstance%28java.lang.String%29

Does it help in fixing the problem?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Server certificate is not trusted
 
Similar Threads
amount currency datatype
CXF web service client migration from tomcat to weblogic
Classpath\ClassLoader Issue NoClassDefFoundError org.apache.commons.logging.LogFactory
DynaActionForm -null pointer exception
$Proxy57.get_authToken(Unknown Source)