Topic: untrusted server certificate chain

untrusted server certificate chain

1 posts in topic

Flat View

Thread View

Older Post First | Reply to Topic

TOPIC ACTIONS:

Print Topic

Posted By: dharmendra_dasari
Posted On: Thursday, May 10, 2001 03:08 AM

We have developed a java applicatoin using jsse1.0.1 ,it successfully connects to the external sites such as https://www.verisign.com and https:// www.sun.com ,we hope by using the cacerts file in the ../jre/lib/security. but when we started testing with a iPlanet webserver(ssl enabled) it throws an SSLException , with 'untrusted server certificate chain' as message. we followed the following steps. 1.we have got the trail server certificate from verisgn for iplanet and installed successfully. 2.added the same certificate to the default cacerts file. please tell us the right procedure thanks in advance dhrmendra More>>

Report | Quote This | Send private message | Reply | Print

Re: untrusted server certificate chain

Posted By: Sebastien_Spas
Posted On: Friday, June 1, 2001 11:12 AM

You should add the verisign public trial certificate (the one used to sign your trial certificate) to the certificate authority list used by your java program.

This can be done two ways, adding it to the keystore JRE_HOME/lib/security/cacerts file using keytool program,
or adding it dynamicly in your java code with something like that :

kmf = KeyManagerFactory.getInstance("SunX509");

CaKs = KeyStore.getInstance("JKS");
CaKs.load(CAKeystoreFile, passphrase);

tmf = TrustManagerFactory.getInstance("SUNX509");
tmf.init(Caks);

ctx.init(null, tmf.getTrustManagers(), null);
SSLSocketFactory ssf = ctx.getServerSocketFactory();

So now you can get SSLSockets from the SSLSocketFactory which will accept your certificate.

Report | Quote This | Send private message | Reply | Print