R
robert.dodier
Hello,
I know this is a FAQ, but after searching, reading, and trying several
things,
I am still running into this problem. Thanks in advance for your help.
I'm attempting to connect to a server via HTTPS from a Java client.
I have downloaded the server's certificate using IE and saved it in a
file.
I have (I believe) imported the certificate into my keystore:
keytool -keystore ~/.keystore -import -file FOO.cer -alias BAR
-trustcacerts
keytool -list does show the certificate is in the ~/.keystore file.
I execute my Java client with options
-Djavax.net.ssl.keyStore=/path/to/.keystore
-Djavax.net.ssl.keyStorePassword=***
When I try to connect via HTTPS, I get two errors: one for an expired
certificate (which I expected, because the certificate is indeed
expired,
and I am trying to solve that separately by installing a custom SSL
socket factory), and the second error is
"java.security.cert.CertificateException:
Untrusted Server Certificate Chain", which I didn't expect.
I have also tried putting
-Djavax.net.ssl.trustStore=/usr/java/jdk1.5.0_06/jre/lib/security/cacerts
-Djavax.net.ssl.trustStorePassword=***
on the command line -- no effect. What else can I try?
I have also implemented a custom SSL socket factory and custom trust
manager in an attempt to work around the expired certificate,
and in the Java client put
java.security.Security.setProperty ("ssl.SocketFactory.provider",
"my.customFactory");
and also tried -Dssl.SocketFactory.provider=my.customFactory, both
to no effect. What else can I try here?
Do I also need a setting for the trust manager?
Thanks a lot for your help.
Robert Dodier
I know this is a FAQ, but after searching, reading, and trying several
things,
I am still running into this problem. Thanks in advance for your help.
I'm attempting to connect to a server via HTTPS from a Java client.
I have downloaded the server's certificate using IE and saved it in a
file.
I have (I believe) imported the certificate into my keystore:
keytool -keystore ~/.keystore -import -file FOO.cer -alias BAR
-trustcacerts
keytool -list does show the certificate is in the ~/.keystore file.
I execute my Java client with options
-Djavax.net.ssl.keyStore=/path/to/.keystore
-Djavax.net.ssl.keyStorePassword=***
When I try to connect via HTTPS, I get two errors: one for an expired
certificate (which I expected, because the certificate is indeed
expired,
and I am trying to solve that separately by installing a custom SSL
socket factory), and the second error is
"java.security.cert.CertificateException:
Untrusted Server Certificate Chain", which I didn't expect.
I have also tried putting
-Djavax.net.ssl.trustStore=/usr/java/jdk1.5.0_06/jre/lib/security/cacerts
-Djavax.net.ssl.trustStorePassword=***
on the command line -- no effect. What else can I try?
I have also implemented a custom SSL socket factory and custom trust
manager in an attempt to work around the expired certificate,
and in the Java client put
java.security.Security.setProperty ("ssl.SocketFactory.provider",
"my.customFactory");
and also tried -Dssl.SocketFactory.provider=my.customFactory, both
to no effect. What else can I try here?
Do I also need a setting for the trust manager?
Thanks a lot for your help.
Robert Dodier