Skip to content

SSL issues

January 14, 2009

Unfortunately we have been continuing to receive the error :

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
at sun.security.validator.Validator.validate(Validator.java:203)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)

The issue is:

The self signed certificate is existing in the cacerts file at both end of jvm. This problem is not consistently happening.

Restarting of app server – removes the issue.

No help except – a test program I found – [would upload it] and the jvm opts

-Djavax.net.debug=ssl

Here is the link to read the debug messages :  Read  jsse debug messages

and      –> How SSL Works

But even there –  I see sometimes Found trusted certificate in other cases certificate unknown issue.

Not sure as to how to resolve it. For now – checking the pattern when the error comes.

Very , very, strange problem……….   [jsse 1.5 source unavailable –  ]…

The issue was that the certificate was loaded by the application using the Java AD SSL connection – separately and so the problem used to come often. This was avoided by keeping ONE certificate and in the path of java/security/lib/cacerts.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: