Java SSL Connection: Certificate not Trusted, when connecting to server.

Hi there,

I'm trying to create a secure connection to a server. However, when I connect I get the following error:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
.....
at com.ibm.jsse.bf.a(Unknown Source)
      at com.ibm.jsse.bf.checkServerTrusted(Unknown Source)
      
Now, the URL I connect to (say https://210.210.210.210:9660/some/pathto/theapp) provides a certificate for url (220.220.220.220) - a different URL, but it's been signed by a certificate authority whose certificate exists in my truststore, so I'd like to trust it anyway.

Here's my code:

System.setProperty("javax.net.ssl.keyStore","mykeystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword","password");
System.setProperty("javax.net.ssl.trustStore","mykeystore.jks");
System.setProperty("javax.net.ssl.trustStorePassword","password");
URL url = new URL(getUrl());
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setDoInput(true);
conn.setDoOutput(true);
conn.setUseCaches(false);
conn.setRequestProperty ("Content-Type", "text/xml");
PrintWriter out = new PrintWriter (conn.getOutputStream());

Can someone point out where I'm going wrong?

Cheers,
Steve
               
stevebeechAsked:
Who is Participating?
 
cmalakarCommented:
Import the certificate ... using keytool command..
0
 
cmalakarCommented:
command is..

keytool -import -alias "SomeIdentifier" -keystore $JAVA_HOME/lib/security/cacerts -file certificate_file
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
stevebeechAuthor Commented:
I don't want to import the certificate, as I'll be providing this app to someone else, who may then connect to a different server. As long as the cert has been signed by the CA I trust, then I want it to be trusted by my app.

Does that make sense?
0
 
cmalakarCommented:
You can try running your java with ssl debug enabled.. like..

java -Djavax.net.debug=all ......

Also check whether the filenames you are specifying for the properties can be found or not..
0
 
stevebeechAuthor Commented:
Ok, running in debug mode gives me the following error:

java.io.IOException: HTTPS hostname wrong:  should be <210.210.210.210>

As I suspected, it's the address causing the problem. I'd like to bypass this, as the cert has been signed by a trusted CA.

Thoughts?
0
 
stevebeechAuthor Commented:
Thanks cmalakar. That provided the answer. I was missing a hostname verifier!

Cheers (and keep up the good work)

Steve
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.