Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Certificate chaining error during SSL handshake

843811May 27 2010

Hi,
I am trying to send a POST reqest to website 'https://www.bluemountain.com' from my java application and the SSL handshake is failing with exception below. Any help in resolving this would be greatly appreciated. i have stripped down some parts of certs because legth restrictions on forum post.

sun.security.validator.ValidatorException: Certificate chaining error
        at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:129)
        at sun.security.validator.Validator.validate(Validator.java:203)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
        at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1116)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1100)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)

Below is some additional logging that I did. 

Error Certificate: [
[
  Version: V3
  Subject: CN=www.msn.americangreetings.com, O="AG Interactive, Inc.", L=Cleveland, ST=Ohio, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: 14031069733227111282348101808645719219975422423070980739013796768322625246164502165456997193394278887752935958579127111620914344926460207286142122
1756018205367197694449423062496966832190975058575274525712465583598149660481503275396178245842674710898044602642150111358873087475718002752379242030438765959
707811
  public exponent: 65537
  Validity: [From: Mon Jan 26 16:26:26 GMT 2009,
               To: Fri Feb 18 16:26:26 GMT 2011]
  Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
  SerialNumber: [    314786a3 34]

Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 26 7F EE 90 33 0D 2E 6E   EC 0E 8C AA E5 6D 2D 4C  &...3..n.....m-L
0010: 60 87 E8 11                                        `...
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 42 32 B6 16 FA 04 FD FE   5D 4B 7A C3 FD F7 4C 40  B2......]Kz...L@
0010: 1D 5A 43 AF                                        .ZC.
]

]

[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.securetrust.com/STCA.crl]
]]

[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.114404.1.1.2.3.1]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1B 68 74 74 70 3A 2F   2F 73 73 6C 2E 74 72 75  ..http://ssl.tru
0010: 73 74 77 61 76 65 2E 63   6F 6D 2F 43 41           stwave.com/CA

]]  ]
]
[5]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1]]

[6]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: A7 40 8C 2C 84 74 37 B5   4D B2 B9 0C E6 91 B4 84  .@.,.t7.M.......
0010: AF 9C 3E 73 22 C0 36 01   0F 1F 28 D0 D6 A4 E7 23  ..>s".6...(....#
0020: 83 3D 7B B8 3C 19 DD FF   7A D6 FC D4 68 36 F4 67  .=..<...z...h6.g
0030: 3A E3 A2 18 0C C6 96 16   C3 54 31 B0 0F 34 56 7A  :........T1..4Vz
0040: C1 CE 9A A2 D4 6A F6 AA   90 D7 F6 00 FC 21 94 8A  .....j.......!..
0050: FE 35 01 2B 09 6B 2F 04   33 A0 98 62 26 D5 50 B1  .5.+.k/.3..b&.P.
0060: 69 2D E1 5C 57 80 1B 60   B2 10 ED C4 62 C1 1D AB  i-.\W..`....b...
0070: EC 00 A6 17 51 86 06 C8   ED 54 D8 3C A1 8F BE 90  ....Q....T.<....
0080: B0 90 0F 44 AF 56 12 86   FC 0C 6C B9 9E F0 54 8A  ...D.V....l...T.
0090: DF 5B E3 A8 B3 74 0D 1B   CF 2E AF A0 E2 0D 5E B0  .[...t........^.
00A0: 8D B4 90 48 B3 DC 83 60   F6 4B 9C 69 E8 27 7D BB  ...H...`.K.i.'..
00B0: 5E 27 E9 2D 45 6C 12 8B   F8 31 5E 14 10 3A 4B 26  ^'.-El...1^..:K&
00C0: 69 92 35 22 7E D7 47 74   D2 84 0D 28 B2 8F AC 89  i.5"..Gt...(....
00D0: FB 69 78 6C 7E 9F 16 FF   3B 15 54 BB 24 06 AB DC  .ixl....;.T.$...
00E0: A8 C0 09 4E BC 47 46 E1   6E BE 2D C9 ED E6 1B 8F  ...N.GF.n.-.....
00F0: BC DC DC 52 1B 57 B2 28   9B 3E 51 68 30 19 2B E4  ...R.W.(.>Qh0.+.

]
Error Type: Certificate chaining error
Length:3
Client Certificate [0] = [
[
  Version: V3
  Subject: CN=www.msn.americangreetings.com, O="AG Interactive, Inc.", L=Cleveland, ST=Ohio, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5


  Key:  Sun RSA public key, 1024 bits
  modulus: 14031069733227111282348101808645719219975422423070980739013796768322625246164502165456997193394278887752935958579127111620914344926460207286142122
1756018205367197694449423062496966832190975058575274525712465583598149660481503275396178245842674710898044602642150111358873087475718002752379242030438765959
707811
  public exponent: 65537
  Validity: [From: Mon Jan 26 16:26:26 GMT 2009,
               To: Fri Feb 18 16:26:26 GMT 2011]
  Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
  SerialNumber: [    314786a3 34]
]

Client Certificate [1] = [
[
  Version: V3
  Subject: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.", O=VeriSig
n Trust Network
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: 15203833759504825542384739129428031682951316060888059064574845467861129641061472250824514402240572650280545205969414541725434155733595342782174097
5082044924575579268245924346494324451976855998250066581618028401376050836623416546828558818294849045727347102003201845243865318616842453964918804144784127904
873327
  public exponent: 65537
  Validity: [From: Thu Apr 17 00:00:00 GMT 1997,
               To: Mon Oct 24 23:59:59 GMT 2011]
  Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  SerialNumber: [    254b8a85 3842cce3 58f8c5dd ae226ea4]

Locked Post

New comments cannot be posted to this locked post.

Locked on Jun 24 2010

Added on May 27 2010

#java-secure-socket-extension-jsse

0 comments

1,494 views