cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Server certificate rejected by ChainVerifier

Former Member

on ‎05-02-2006 7:26 AM

0 Kudos

Hi,

I have written a java program for connecting to an HTTPS URL and get the response from the site.

The HTTPS URL works well when I typed the URL in browser. But the same URL is failing while connecting using my program. I am getting the following exception while connecting to my HTTPS page "iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier"

I am attaching the code below for your reference.


        String s = new String();
        s = "MyRequest=" + s;
        IAIK.addAsJDK14Provider(true);
        IAIK.addAsJDK14Provider();

        KeyStore keystore = Utils.getJavaDefaultKeystore();

        /* Giving "SUN version 1.5" as a provider */
        System.out.println("keystore provider:"+keystore.getProvider());

		 FileInputStream fis = new FileInputStream("mycertificatefile");
		 BufferedInputStream bis = new BufferedInputStream(fis);

		 CertificateFactory cf = CertificateFactory.getInstance("X.509");
		 Certificate cert = null;
		 while (bis.available() > 0) {
			cert = cf.generateCertificate(bis);
		 }

		 keystore.setCertificateEntry("service_ssl",cert);

        SecureConnectionFactory secureconnectionfactory = new SecureConnectionFactory(keystore);
        secureconnectionfactory.setIgnoreServerCertificate(false);
        HttpURLConnection httpurlconnection = secureconnectionfactory.createURLConnection(url);
        httpurlconnection.setRequestMethod("POST");
        BufferedWriter bufferedwriter = new BufferedWriter(new OutputStreamWriter(httpurlconnection.getOutputStream()));
        bufferedwriter.write(s, 0, s.length());
        bufferedwriter.close();
        Utils.setBasicAuthenticationHeader(httpurlconnection, user, password);
        try
        {
            httpurlconnection.connect();
        }
        catch(ConnectException connectexception)
        {
            error("Connection timeout");
            System.exit(1);
        }
        catch(Exception exception)
        {
            exception.printStackTrace();
            error("Connection exception");
            System.exit(1);
        }
        int i = httpurlconnection.getResponseCode();
        System.out.println("http Response Code = " + i);

If I pass the setIgnoreServerCertificate(true), then I am getting the following exception

java.io.IOException: Fatal SSL handshake error: java.lang.RuntimeException: Unable to create cipher AES/CBC/NoPadding: java.security.InvalidKeyException: Illegal key size

Thanks & Regards,

Santhosh.C

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎01-14-2008 7:33 AM
0 Kudos

HI,

Have you solved your problem in accessing own ketstore-view, please let me know the solution if you have solved.

KeyStore keyStore = manager.getKeystore("MYSTORE");

Caused by: java.rmi.RemoteException: com.sap.engine.services.keystore.exceptions.BaseRemoteException: Remote call errored

Caused by: com.sap.engine.services.keystore.exceptions.BaseKeystoreException: Application is not authorized to execute keystore operation [

Caused by: java.security.AccessControlException: access denied

Please advice.

Thanks

MMK

Show replies
Show replies
Former Member
‎05-03-2006 10:54 AM
0 Kudos

Santhosh,

Seems that you have an issue with strong cryptography support in Java. Actually, strong cryptography is subject of US export regulations, so if you downloaded "international" version of Java, then you have only weak cryptography -- small key size.

Try to obtain JVM that is shiped for US users.

VS

Show replies
Show replies
Former Member
‎05-03-2006 12:59 PM
0 Kudos

VS,

I am not sure, how far this will solve my problem. Let me try this. BTW, I have solved the issue on my own.

I generated keystore and truststore from the generated certificates and supplied the certificate as input to my program.

Here is the program for your reference.


		 HttpClient client = new HttpClient();
		 client.getParams().setAuthenticationPreemptive(true);
		 Credentials defaultcreds = new UsernamePasswordCredentials(USER, PASSWORD);
		 client.getState().setCredentials(new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, AuthScope.ANY_REALM), defaultcreds);
         Protocol authhttps = new Protocol("HTTPS", 
                (ProtocolSocketFactory) new AuthSSLProtocolSocketFactory(
                        urlkeystore, PASSWORD, 
                        urltruststore, PASSWORD), TARGET_HTTPS_PORT);

         Protocol.registerProtocol("https", authhttps);
	     PostMethod filePost = new PostMethod(FINAL_URL);
         STATUS = client.executeMethod(filePost);
	     String responseString = filePost.getResponseBodyAsString();
	     if (responseString != null && responseString.length() > 0) 
	     {
	    	 System.out.println("Response String : " + responseString);
	     }

Thanks & Regards,

Santhosh.C

Ask a Question