dcsimg
untrusted server certificate chain
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   dharmendra_dasari
Posted On:   Thursday, May 10, 2001 03:08 AM

We have developed a java applicatoin using jsse1.0.1 ,it successfully connects to the external sites such as https://www.verisign.com and https:// www.sun.com ,we hope by using the cacerts file in the ../jre/lib/security. but when we started testing with a iPlanet webserver(ssl enabled) it throws an SSLException , with 'untrusted server certificate chain' as message. we followed the following steps. 1.we have got the trail server certificate from verisgn for iplanet and installed successfully. 2.added the same certificate to the default cacerts file. please tell us the right procedure thanks in advance dhrmendra    More>>

We have developed a java applicatoin using jsse1.0.1 ,it successfully connects to the external sites such as
https://www.verisign.com and https://
www.sun.com ,we hope by using the cacerts file in the ../jre/lib/security.

but when we started testing with a iPlanet webserver(ssl enabled) it throws an SSLException , with 'untrusted server certificate chain' as message.
we followed the following steps.

1.we have got the trail server
certificate from verisgn for iplanet and installed successfully.
2.added the same certificate to the default cacerts file.


please tell us the right procedure

thanks in advance

dhrmendra

   <<Less

Re: untrusted server certificate chain

Posted By:   Sebastien_Spas  
Posted On:   Friday, June 1, 2001 11:12 AM

You should add the verisign public trial certificate (the one used to sign your trial certificate) to the certificate authority list used by your java program.

This can be done two ways, adding it to the keystore JRE_HOME/lib/security/cacerts file using keytool program,
or adding it dynamicly in your java code with something like that :

kmf = KeyManagerFactory.getInstance("SunX509");

CaKs = KeyStore.getInstance("JKS");
CaKs.load(CAKeystoreFile, passphrase);

tmf = TrustManagerFactory.getInstance("SUNX509");
tmf.init(Caks);

ctx.init(null, tmf.getTrustManagers(), null);
SSLSocketFactory ssf = ctx.getServerSocketFactory();

So now you can get SSLSockets from the SSLSocketFactory which will accept your certificate.
About | Sitemap | Contact