Skip to Content
avatar image
Former Member

Server certificate rejected by ChainVerifier

Hi,

I have written a java program for connecting to an HTTPS URL and get the response from the site.

The HTTPS URL works well when I typed the URL in browser. But the same URL is failing while connecting using my program. I am getting the following exception while connecting to my HTTPS page "iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier"

I am attaching the code below for your reference.

        String s = new String();
        s = "MyRequest=" + s;
        IAIK.addAsJDK14Provider(true);
        IAIK.addAsJDK14Provider();

        KeyStore keystore = Utils.getJavaDefaultKeystore();

        /* Giving "SUN version 1.5" as a provider */
        System.out.println("keystore provider:"+keystore.getProvider());

		 FileInputStream fis = new FileInputStream("mycertificatefile");
		 BufferedInputStream bis = new BufferedInputStream(fis);

		 CertificateFactory cf = CertificateFactory.getInstance("X.509");
		 Certificate cert = null;
		 while (bis.available() > 0) {
			cert = cf.generateCertificate(bis);
		 }

		 keystore.setCertificateEntry("service_ssl",cert);

        SecureConnectionFactory secureconnectionfactory = new SecureConnectionFactory(keystore);
        secureconnectionfactory.setIgnoreServerCertificate(false);
        HttpURLConnection httpurlconnection = secureconnectionfactory.createURLConnection(url);
        httpurlconnection.setRequestMethod("POST");
        BufferedWriter bufferedwriter = new BufferedWriter(new OutputStreamWriter(httpurlconnection.getOutputStream()));
        bufferedwriter.write(s, 0, s.length());
        bufferedwriter.close();
        Utils.setBasicAuthenticationHeader(httpurlconnection, user, password);
        try
        {
            httpurlconnection.connect();
        }
        catch(ConnectException connectexception)
        {
            error("Connection timeout");
            System.exit(1);
        }
        catch(Exception exception)
        {
            exception.printStackTrace();
            error("Connection exception");
            System.exit(1);
        }
        int i = httpurlconnection.getResponseCode();
        System.out.println("http Response Code = " + i);

If I pass the setIgnoreServerCertificate(true), then I am getting the following exception

java.io.IOException: Fatal SSL handshake error: java.lang.RuntimeException: Unable to create cipher AES/CBC/NoPadding: java.security.InvalidKeyException: Illegal key size

Thanks & Regards,

Santhosh.C

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    May 03, 2006 at 09:54 AM

    Santhosh,

    Seems that you have an issue with strong cryptography support in Java. Actually, strong cryptography is subject of US export regulations, so if you downloaded "international" version of Java, then you have only weak cryptography -- small key size.

    Try to obtain JVM that is shiped for US users.

    VS

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      VS,

      I am not sure, how far this will solve my problem. Let me try this. BTW, I have solved the issue on my own.

      I generated keystore and truststore from the generated certificates and supplied the certificate as input to my program.

      Here is the program for your reference.

      		 HttpClient client = new HttpClient();
      		 client.getParams().setAuthenticationPreemptive(true);
      		 Credentials defaultcreds = new UsernamePasswordCredentials(USER, PASSWORD);
      		 client.getState().setCredentials(new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, AuthScope.ANY_REALM), defaultcreds);
               Protocol authhttps = new Protocol("HTTPS", 
                      (ProtocolSocketFactory) new AuthSSLProtocolSocketFactory(
                              urlkeystore, PASSWORD, 
                              urltruststore, PASSWORD), TARGET_HTTPS_PORT);
      
               Protocol.registerProtocol("https", authhttps);
      	     PostMethod filePost = new PostMethod(FINAL_URL);
               STATUS = client.executeMethod(filePost);
      	     String responseString = filePost.getResponseBodyAsString();
      	     if (responseString != null && responseString.length() > 0) 
      	     {
      	    	 System.out.println("Response String : " + responseString);
      	     }
      

      Thanks & Regards,

      Santhosh.C

  • avatar image
    Former Member
    Jan 14, 2008 at 07:33 AM

    HI,

    Have you solved your problem in accessing own ketstore-view, please let me know the solution if you have solved.

    KeyStore keyStore = manager.getKeystore("MYSTORE");

    Caused by: java.rmi.RemoteException: com.sap.engine.services.keystore.exceptions.BaseRemoteException: Remote call errored

    Caused by: com.sap.engine.services.keystore.exceptions.BaseKeystoreException: Application is not authorized to execute keystore operation [

    Caused by: java.security.AccessControlException: access denied

    Please advice.

    Thanks

    MMK

    Add comment
    10|10000 characters needed characters exceeded