untrusted certificate for testing: Untrusted Server Certificate Chain

Thread view:

Dieter Salath? - 08 Nov 2004 17:16 GMT

Hi
I want to test my application which connects to a https site. The
certificate is NOT trusted with a root certification authority.
I get the following error:

Caused by: javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Untrusted Server Certificate
Chain: unable to load file https://bas02742/dt/objectManager?wsdl
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)

How can I get rid of this error without a trusted certificate? Any
hints are greatly appreciated

Cheers
Dieter

Reply to this Message

Ferenc Hechler - 08 Nov 2004 19:10 GMT

Hi Dieter,
just a hint to search for further resources:
You need to create and set your own local keystore.
There is a program called keytool shipped with the java binaries which you
will need.
bye,
feri

Reply to this Message

Rogan Dawes - 09 Nov 2004 09:00 GMT

> Hi
> I want to test my application which connects to a https site. The
[quoted text clipped - 13 lines]
> Cheers
> Dieter

Two possibilities.

Import the CA certificate that signed your test cert into your java
keystore.

Modify your code to include an X509TrustManager, and pass it to
SSLContext.init

<http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/SSLContext.html#init(javax
.net.ssl.KeyManager[],%20javax.net.ssl.TrustManager[],%20java.security.SecureRan
dom)>

Also see
<http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/TrustManagerFactory.html#g
etTrustManagers()>

Hope this helps.

Rogan

Signature

Rogan Dawes

*ALL* messages to discard@dawes.za.net will be dropped, and added
to my blacklist. Please respond to "nntp AT dawes DOT za DOT net"

Reply to this Message

untrusted certificate for testing: Untrusted Server Certificate Chain

Free Magazines