1 Reply Latest reply on Dec 9, 2006 11:37 AM by starksm64

untrusted server cert chain - Please Help!

sonoerin Dec 4, 2006 10:15 PM

Not sure if this is the correct forum, but I really need some help with this and it seemed logical.

I have an existing application running on JBoss (not sure what version, but I am guessing 3.x) that connects to a third party server via SSL. The third party certificate recently expired. They updated it but I still get this message:

javax.net.ssl.SSLException: untrusted server cert chain
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA6275)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(OutputStream.java:56)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)

I am just not sure what I am supposed to do so that my application can use the new application.

-> Do I need a copy of the vendors certificate stored locally?
-> Do I need to use the keytool to establish a link?
-> I saw directions on the wiki for creating a SSL certificate, but it didn't seem to apply here (granted, I have no idea what I am doing here!)

Again, I really need help with this - its a brand new area for me.

1. Re: untrusted server cert chain - Please Help!

starksm64 Dec 9, 2006 11:37 AM (in response to sonoerin)

Its expected that you cannot connect to a server with an expired cert. The grant of trust given by the CA who signed the cert is expired, and any client connecting to the server should be doubtful. Why can't they update the cert?
Actions