Hi,
When I implemented a standalone client communicating
over SSL, I needed to import the server certificat in
client jdk's cacerts. I did no specific SSL code, but
I got same "untrusted ..." error.
One simple thing to do is to copy the keystore used on
your server to "<some_directory>/lib/security" on
client, then start your client app with this command:
java -Djava.home=<some_directory> -jar myapp.jar
If it's not a client application, try to replace your
client <java_home>/jre/lib/security/cacerts by server
keystore (renamed as cacerts). If it work, you can
later import server cert to original sun's cacert.
On Mec, 13 sep 2000, Carlos Piqueres Ayela <[EMAIL PROTECTED]> wrote:
>When trying to connect to our own secure server using this code we get a
>SSLException saying that the cert chain is untrusted.
>The certificate in the server has been generated by verisign as a trial
>cert.
>We can't see the cipherSuite nor the certificate chain. The exception
>must be thrown in connection time.
>
>Is there any configuration stuff we haven't consider ??
>Is there a problem in the client code ??
>
> try{
> System.setProperty("java.protocol.handler.pkgs",
>"com.sun.net.ssl.internal.www.protocol");
> Security.addProvider(new
>com.sun.net.ssl.internal.ssl.Provider());
> URL urls = new URL("https://our.own.server");
> URLConnection con = urls.openConnection();
> con.setAllowUserInteraction(true);
> HttpsURLConnection cons = (HttpsURLConnection) con;
> if (cons == null)
> System.out.println("La conexión el nula!!!");
> System.out.println("Cypher Suite:" + cons.getCipherSuite());
>
> cons.connect();
> X509Certificate[] serverCerts =
>cons.getServerCertificateChain();
> System.out.println("Certificados:" + serverCerts.length);
> for (int i = 0; i < serverCerts.length; i++) {
> System.out.println(serverCerts[i].toString());
> }
>
> System.out.println("Headers:" + con.getHeaderFieldKey(0));
> BufferedReader reader = new BufferedReader(new
>InputStreamReader(con.getInputStream()));
> String line = reader.readLine();
> while (line != null) {
> System.out.println(line);
> line = reader.readLine();
> }
> } catch (SSLException e) {
> System.out.println("Excepción SSL: " + e.toString());
> } catch (Exception e){
> e.printStackTrace();
> }
>
>
>
+------------------+----------------------------+
| Bernard Sauterel | sauterel.net |
+------------------+----------------------------+
email | [EMAIL PROTECTED]