Keytool and certificates.
Operating system used
Windows XP Home Edition Version 5.1 SP 2
Java 2 Standard Edition (J2SE) SDK, version 1.4 or higher.
Example 1: How to solve error message: "untrusted server cert chain"
A java client application "negotiates" an SSL connection with a server in order to request data from this server.
The server now has upgraded its SSL certificates from "unchained certificates" to "chained certificates".
Note: The client cacerts keystore contains the "VeriSign/RSA Secure Server CA" certificate.
Certificate 1 is called the root certificate.
Certificate 2 is called the intermediated certificate.
After the upgrade the java client application displays the following error message: "untrusted server cert chain".
The java client has none of the chained certificates (1) and (2) in the Trusted root certificate list in its cacerts keystore. During "negotiation" of a SSL connection the client receives a certificate from the server which now can not be verified as being trusted.
This problem can be solved by adding the root certificate (1) in the java client keystore.
A. First download the root certificate:
B. The final step is to import the verisign.cer into the java client cacerts keystore:
C. The error message "untrusted server cert chain"should now be disappeared.
- Open a dos window and go to: C:\Tools\java\jdk1.3.1_09\jre\lib\security\
- Type: keytool -import -alias myverisignalias -file verisign.cer -trustcacerts -keystore cacerts
The password is: changeit