Java APIs

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Need help with SSL custom trustKeystore, invalid certification path

864043May 24 2011 — edited May 25 2011

Hi,

We have a webservice installed on a server over https protocol, and the following certification chain:

Internal Root CA Certificate
         |
         +-----> Certificate X
                         |
                         +----> Cerificate Y

Certificate Y has Common Name (CN) equals to the hostname where this webservice is deployed.

On the client side, since the root CA certificate is internal, we had to install a custom trust keystore, and use the -Djavax.net.ssl.trustStore=/path/to/trust.keystore system property. Inside that trust keystore we imported the Internal Root CA certificate.

When the client invoke the webservice, it still gives SSL handhsake exception, saying couldn't find certification path. However when we imported Certificate Y into the trust keystore, it works. Is there any way to make the handshake work just by trusting the root CA?

The client runs in a JBoss container, and we tried -Dorg.jboss.security.ignoreHttpsHost=true but didn't help

Locked Post

New comments cannot be posted to this locked post.

Locked on Jun 22 2011

Added on May 24 2011

#networking

9 comments

1,655 views