Databases
StackOverflow2013
Postsdbo
POVerifying server Verisign certificates throws Not trusted server certificate exception
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POVerifying server Verisign certificates throws Not trusted server certificate exception
    primarykey
    data
    text
    <p>I have a problem verifying Verisign certificate when trying to connect with HttpsURLConnection to our backend.</p> <p>Current certification chain: <code>$openssl s_client -connect host:443</code></p> <pre><code>0 s:/C=AT/ST=xxx/L=xxx/O=xxx/CN=host i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 International Server CA - G3 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 International Server CA - G3 i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Auth ority - G5 2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Auth ority - G5 i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority 3 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority </code></pre> <p>I'm pretty sure i have downloaded and added all certificates into KeyStore, but i still get exception : "<strong>javax.net.ssl.SSLException: Not trusted server certificate</strong>" and the cause is <code>java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor found but certificate validation failed.</code></p> <p>My code for obtaining the connection:</p> <pre><code>String keyStoreType = KeyStore.getDefaultType(); KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, null); keyStore.setCertificateEntry("verisign_0", getVerisign0()); keyStore.setCertificateEntry("verisign_1", getVerisign1()); keyStore.setCertificateEntry("verisign_2", getVerisign2()); keyStore.setCertificateEntry("verisign_3", getVerisign3()); String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore); SSLContext context = SSLContext.getInstance("TLS"); context.init(null, tmf.getTrustManagers(), null); HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); urlConnection.setSSLSocketFactory(context.getSocketFactory()); return urlConnection; </code></pre> <p>issue is happening, when <code>connection.connect()</code> is called. All getVerisign() methods returns correct certificates. Is there a step I have forgotten? Maybe a special order in which the certificates should be added?</p> <p>Just to clarify, I have used exactly this technique with swisssign certificates and it worked. I'm facing this issue because some of Android 2.1, 2.2 devices does not have some root certificates. Thanks in advance.</p> <p>StackTrace:</p> <pre><code>[0] = {java.lang.StackTraceElement@830078967208}"org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)" [1] = {java.lang.StackTraceElement@830078967584}"org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366)" [2] = {java.lang.StackTraceElement@830078967960}"org.apache.harmony.luni.internal.net.www.protocol.http.HttpConnection.getSecureSocket(HttpConnection.java:168)" [3] = {java.lang.StackTraceElement@830078968368}"org.apache.harmony.luni.internal.net.www.protocol.https.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:399)" [4] = {java.lang.StackTraceElement@830078968816}"org.apache.harmony.luni.internal.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:147)" </code></pre>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USiBecar
    1. USiBecar
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POVerifying server Verisign certificates throws Not trusted server certificate exception
      1. USiBecar
      1. VTBountyStart
    2. VO
      singulars
      1. POVerifying server Verisign certificates throws Not trusted server certificate exception
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POVerifying server Verisign certificates throws Not trusted server certificate exception
      1. This table or related slice is empty.
      1. VTUpMod
    1. COIs the certificate expired or the CLR/OCSP URL not reachable (or even revoked)?
      singulars
      1. POVerifying server Verisign certificates throws Not trusted server certificate exception
      1. USPhilip Helger
    2. COThis is just a tip for you to try out. I recently did an app which needed to communicate with server through HTTPS, it was all working well with HttpsURLConnection class in versions under 4 but in all other it returned not trusted. Our certificate is Thawte issued. Only solution and after all searching through forums and topics was to go with SSLSocket. Why did this worked and other solution did not I didn't found any logical answer. Hope this helps and enjoy your work.
      singulars
      1. POVerifying server Verisign certificates throws Not trusted server certificate exception
      1. USMarko Lazić
    3. COSorry for delayed comment, but I was out of town. In case someone is struggling with simillar issues: As I cannot install certificates on every device that installs our App, I am will have to use both device's internal trustStore and my own trustStore with my certificates (these will be used if the first trustStore returns exception). [reference](http://nelenkov.blogspot.sk/2011/12/using-custom-certificate-trust-store-on.html)
      singulars
      1. POVerifying server Verisign certificates throws Not trusted server certificate exception
      1. USiBecar
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload