Skip to Main Content

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

javax.net.ssl.SSLHandshakeException: Couldn't find trusted certificate

843811Jun 10 2002 — edited Feb 24 2009
Hi
I am trying to connect to a secure site using the javax.net.ssl packages that are bundled with jdk 1.4. The server certificate that is installed on the remote server is signed by our own CA (we have implemented our own CA using the iPlanet CMS).

I have written code that implements the HostNameVerifier and X509TrustManager interfaces.

But when i connect to the remote server i get the following exception

main, SEND SSL v3.0 ALERT: fatal, description = certificate_unknown
main, WRITE: SSL v3.0 Alert, length = 2
javax.net.ssl.SSLHandshakeException: Couldn't find trusted certificate
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA62
75)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(OutputStream.java:58)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)

at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
(DashoA6275)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLCo
nnection.java:510)
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl
.getOutputStream(DashoA6275)
at TestCommercialApps.main(TestCommercialApps.java:49)

On going through the various java resources on the internet, I came to know that this exception occurs because the server cert's CA cert is not present in the jssecacerts/cacerts file present in in the jre/lib/security folder.

However i did not have any problem implementing this in jdk 1.2 and 1.3 using the standard extension JSSE (com.sun.net.ssl package) where i had the same code implementing the X509TrustManager and HostNameVerifier interfaces (the methods that i used were isServerTrusted and isClientTrusted, whereas i now have checkServerTrusted and checkClientTrusted).

I cannot add the CA cert to the jssecacerts/cacerts file and all authentication has to be at runtime.

Can somebody help me in getting around this problem and enable my code to trust any server cert that is thrown at it by the remote server.

Thanks in advance
Karthik
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 24 2009
Added on Jun 10 2002
17 comments
5,428 views