• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
  • Scott Selikoff
Bartenders:
  • Piet Souris
  • Jj Roberts
  • fred rosenberger

Untrusted server cert chain ?

 
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm trying to connect to an https site with this java code
when I try to read from BufferedReader, I have a SSLException: untrusted server cert chain.

Could anyone explain me if I can solve it?How ?
Thank you,
Horaci Macias
 
Ranch Hand
Posts: 214
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
javax.net.ssl.SSLException: untrusted server cert chainjava.lang.Throwable(java.lang.String)java.lang.Exception(java.lang.String)java.io.IOException(java.lang.String)javax.net.ssl.SSLException(java.lang.String)
basically means that your client doesn't trust the server (or any of the server's signers).
There could be any number of reasons for this,
a) the server's certificate is a self-signed one
b) The server does not provide a large enough "certificate chain" to go back to one of the certs in the jre/lib/security/cacerts.
 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I ran into this problem myself. I fixed this by updating the cacerts file
in the JVM ($JAVA_HOME/jre/lib/security) with the same file from a JDK1.4 installation. Apparently, the JDK 1.4 knows about a lot more licensing
agencies (like Verisign, Thawte etc) than JDK 1.3 ever did. This would
work for all certificates issued by known agencies/common agencies, even test/trial ones. If you use a custom certificate, then you would have to export the certificate out of your server and import it into the JVM of your app server/web server.
Hope this helps.
 
reply
    Bookmark Topic Watch Topic
  • New Topic