I have a trouble with ssl , and need your help ,thanks a lot!

Discussions

General J2EE: I have a trouble with ssl , and need your help ,thanks a lot!

  1. Hello everyone!
    I have a trouble with ssl , and need your help ,thanks a lot!
    I use Tomcat4.0 + ssl + saop to translate data , get a Exception as below:

    Error opening socket: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

    Here is my simple code,I send data two time ,one is to 172.16.4.201,and other is to 172.16.4.62 . and when send to 201 ,use certification is "c:\\test
    myKeystore". When send to 62 ,use certification is c:\\test
    abc :

                     /** Here is the First send data */
    Send send1 = Send.getInstance();
    Info info1 = new Info();
    info.setTransContent(“aaaaaaaaaaaaaa”);
    info1.setCertificateKeyStore("c:\\test
    myKeystore");
    info1.setUseHttps(true);
    info1.setTargetSystem(
    "https://172.16.4.201:8443/soap/servlet/rpcrouter");
    try {
    send1.sendString(info1);
    } catch (Exception e) {
    e.printStackTrace();
    }
    /** Here is the Second send data*/

    Send send = Send.getInstance();
    Info info = new Info();
    info.setTransContent(“bbbbbbbbbbbbbbb”);
    info.setCertificateKeyStore("c:\\test
    abc");
    info.setUseHttps(true);
    info.setTargetSystem(
    "https://172.16.4.62:8443/soap/servlet/rpcrouter");
    try {
    send.sendString(info);
    } catch (Exception e) {
    e.printStackTrace();
    }

    these code was write in my java appalication,when I run this ,will get error above ,say that No trusted certificate found.but ,if I only run the first send ,or I only run the second send ,that will be ok ,will no error .why ??

    I think may be first use certification ,then system catched the content ,so when I send the second time ,that need use other certification,but system still use first certification.
    I use below code to remove catched :
    System.setProperty("networkaddress.cache.ttl ","0");
    But has no effect!


    By the way , I use
    System.setProperty("javax.net.debug","all");
    And in the debug info ,I saw that system read Certificate chain for two times ,and ervery time it is not the same ,it is said that system has read two deferent certification ,but why he still say No trusted certificate found??

    Threaded Messages (5)

  2. can anyone help me?[ Go to top ]

    can anyone help me?
  3. can anyone help me?[ Go to top ]

    For SSL to work, you must satisfy four conditions:

    1) The server must have a digital certificate.
    2) That certificate's host name must match host name of the server.
    3) That certificate's dates must be valid.
    4) The certificate itself must be digitally signed by a trust CA authority.

    Very likely your server's certificate qualifies for items 1-3 but fails on item 4. If you are using a self-signed certificate, it is not signed by a trusted authority.

    Your options are:

    a) Get your certificate signed by a CA authority like Verisign. This costs money, but is what you want to do for production.

    b) For testing, you can add your self-signed certificate to your client JVM's jre/lib/security/cacerts file, thereby making it into a trusted certificate. For a discussion this file, see the keytool documentation.
  4. Thank you very much ~
    But I don’t thins that I fails on item4. I use keytool to generate certificate, with the certificate,I can send data to one computer without any error. Only when I send data to more than one computer ,such as two computer ,in the same time ,it will be error.

    may be when I send data to two computer the same time, then system initialized ,and catched the first certification content ,and when I send the data to other computer ,system still use the first certificate, so get a error say that “No trusted certificate found”. I don’t know is it for this reason.

    After I use System.setProperty("javax.net.debug","all"); I can see this Information:
    For first send will show :
    keyStore is :
    keyStore type is : jks
    init keystore
    init keymanager of type SunX509
    trustStore is: c:\t\myKeystore
    trustStore type is : jks
    init truststore
    adding as trusted cert:
      Subject: CN=a, OU=b, O=c, L=d, ST=e, C=f
      Issuer: CN=a, OU=b, O=c, L=d, ST=e, C=f
      Algorithm: RSA; Serial number: 0x40c67e6c
      Valid from Wed Jun 09 11:05:16 CST 2004 until Tue Sep 07 11:05:16 CST 2004

    init context
    trigger seeding of SecureRandom
    done seeding SecureRandom

    but when the second send it will not be shown.
    Why ??
  5. I suspect your problem is related to this:
    trustStore is: c:\t\myKeystore
    It looks like for one of your machines, the trust keystore is identical to the keystore holding your certificate, so SSL is functioning. Very likely the other machine's JVM is using the default jre/lib/security/cacerts trusted keystore, which is why it is failing for that machine.

    Try to do the following:

    1) Figure out which keystore each machine is using for trusted keys.
    2) Add your server's digital certificate to that keystore.
  6. I resolve the problem! :)[ Go to top ]

    The reason of error ,is that when connect two computer ,I use two deffrent certifications .
    I change it and use only one certification ,just copy one certification to two computer.it's ok!
    ---thanks very much!