Hello,

I know this is a FAQ, but after searching, reading, and trying several
things,
I am still running into this problem. Thanks in advance for your help.

I'm attempting to connect to a server via HTTPS from a Java client.
I have downloaded the server's certificate using IE and saved it in a
file.
I have (I believe) imported the certificate into my keystore:

 keytool -keystore ~/.keystore -import -file FOO.cer -alias BAR
-trustcacerts

keytool -list does show the certificate is in the ~/.keystore file.

I execute my Java client with options

 -Djavax.net.ssl.keyStore=/path/to/.keystore
-Djavax.net.ssl.keyStorePassword=***

When I try to connect via HTTPS, I get two errors: one for an expired
certificate (which I expected, because the certificate is indeed
expired,
and I am trying to solve that separately by installing a custom SSL
socket factory), and the second error is
"java.security.cert.CertificateException:
Untrusted Server Certificate Chain", which I didn't expect.

I have also tried putting
-Djavax.net.ssl.trustStore=/usr/java/jdk1.5.0_06/jre/lib/security/cacerts
-Djavax.net.ssl.trustStorePassword=***
on the command line -- no effect. What else can I try?

I have also implemented a custom SSL socket factory and custom trust
manager in an attempt to work around the expired certificate,
and in the Java client put

 java.security.Security.setProperty ("ssl.SocketFactory.provider",
"my.customFactory");

and also tried -Dssl.SocketFactory.provider=my.customFactory, both
to no effect. What else can I try here?
Do I also need a setting for the trust manager?

Thanks a lot for your help.

Robert Dodier