java.security.cert.CertificateException: Couldn't find trusted certificate

Felissa · #1 (**permalink**) 07-01-2007, 07:47 PM

I had the following code to connect to a site on a server. It worked fine, now the server is using https, which causes the error:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Couldn't find trusted certificate.

Code:

 java.util.Properties propSy = System.getProperties();
         propSy.put("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
       
         System.setProperties(propSy);
         java.security.Security.insertProviderAt(new sun.security.provider.Sun(),2);
         java.security.Security.addProvider(new sun.security.provider.Sun());
         java.security.Security.insertProviderAt(new com.sun.net.ssl.internal.ssl.Provider(),1);
         
 
         System.setProperty("javax.net.ssl.trustStore", "keystore_filename");
 
         java.security.Provider myprov = java.security.Security.getProvider("SunJSSE");
 
 
 	HttpsURLConnection c;
 
 		try {
 			URL url = new URL ( rptUrl );
 			c = (HttpsURLConnection)url.openConnection();
 			
 			//set cache and request method settings
 		    c.setUseCaches(false);
 
 		    //set other headers
 		    c.setRequestProperty ("Content-Type", "application/pdf");
 		    
 		    //connect to the server..
 		    c.connect();
 		}

Any ideas? Thanks a lot.
Felissa

Eric · #2 (**permalink**) 07-06-2007, 08:23 AM

Perphas its something to do with this line

Code:

url = new URL("https", rptUrl, 443, "/");

even when changed to

Code:

url = new URL("https", rptUrl, "/");

I got the same error. Doing all the steps in the example but still setting the URL like

Code:

URL url = new URL ( rptUrl );

Eric

sathish_2111 · #3 (**permalink**) 07-18-2007, 04:50 PM

HTTPS connection uses certificates. Certificates validation are done during HTTPS connection establish......so you need to install/use the trusted certificate......trusted certificate can be the certificate which send be server or the CA(certificate authority) which signs the certificates of the server....

sathish_2111 · #4 (**permalink**) 07-18-2007, 04:52 PM

we don't want to specify 443 port number because for https connection the default port is 443.....like http is 80 which we are not mentioning ...

abhishekjoshi · #5 (**permalink**) 08-11-2007, 12:09 AM

This exception is thrown because you have not configured to accept the certificate of the website. The one-way SSL connections works in this way:
The web server hosting the URL in question will create a certificate and get it signed by a Certification Authority like Verisign.
when you try to connect to this URL, the server will provide this certificate.
If you trust this certificate then only the connection will be established.
Usually the CA assigned certificates wont throw this error as the identity of the server will be verified by the certificate authority, only self signed certificates will create problem. If they do then you have to add this certificate to your trusted certificate Keystore. Once you have added this certificate to the keystore this exception will not be thrown. To get the certificate use a web browser or ask the web server hosting the url to provide the certificate.

In your case you are using a custom keystore file,
"System.setProperty("javax.net.ssl.trustStore" , "keystore_filename");"

Please make sure you have imported the certificate to this keystore file.