Best unofficial Apache Server developers community

Answers

SSL Certificate Upgrade causing Issues

⇧

⇩

41 views

We are talking to a remote server for authenticating a user. The web server uses a SSL certificate signed by Verisign. The data is exchanged over HTTPs and we have configured our ThreadSafeClientConnManager to use the JVM default SSL factory:

SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme("http", PlainSocketFactory
                .getSocketFactory(), 80));
schemeRegistry.register(new Scheme("https", SSLSocketFactory
                .getSocketFactory(), 443));
ClientConnectionManager manager = new ThreadSafeClientConnManager(
                sDefaultHttpParams, schemeRegistry);

Recently, the web server updated their SSL certificates and this has caused our application to break. What can we do to avoid this problem?

Please help.

java ssl httpclient ssl-certificate

asked March 28, 2011 7:19 pm CDT

Samuh

posted via StackOverflow

1 Answers

⇧

⇩

There is nothing you can really do to "avoid" the problem because it isn't really a problem, it is a core "feature" of SSL certificates and authority trust.

This is a pretty broad question, more detail could help pinpoint the exact problem, but here are the first 2 things to check.

What CA did they upgrade their SSL cert to use? Is it self-signed?
If the site has been upgraded to use an SSL cert that either uses a non-standard root certificate authority then you need to either import the specific SSL cert using keytool to tell your local JVM that the cert is trusted. If they are using a new authority (and your organization trusts that root authority) then you may need to import a new root certificate authority, most majors are supported by default but I have been forced to import new ones on occasion.

http://download.oracle.com/javase/1.4.2/docs/tooldocs/windows/keytool.html

Make sure their cert is chained correctly. The 2nd most common problem I have seen is cert chaining (install) by the site admins. Unfortunately IE/Mozilla/Java... all use different validation mechanisms to make sure SSL certs are "valid" and I have found that many site admins don't know how to properly chain a cert to the appropriate root authority on their site. You should open the cert in a browser (I would open it in multiple) and inspect the chain of trust to make sure the cert chains from the site all the way back up to the expected root CA. (This is also how you can check the root CA for #1). If it does not have a chain of trust then the JVM SSL validation will fail (whereas I have seen Internet Explorer call a non-chained cert "valid" in older versions of IE).

answered March 30, 2011 4:59 pm CDT

Brandon

Your answer

Similar discussion threads

Created: (DERBY-4835) Trigger plan does not recompile with upgrade from 10.5.3.0 to 10.6.1.0 causing
October 6, 2010 11:06:59 AM
Trigger plan does not recompile with upgrade from 10.5.3.0 to 10.6.1.0 causing java.lang.NoSuchMethodError

SSL certificate issues
November 2, 2010 05:03:39 PM
Can the SSL certificates issued be resolved by recording via badboy software instead of using jmeter for recording and then exporting the scripts to jmeter

certificate verified failed -- After upgrade/rollback from 2.6
July 26, 2010 09:00:52 AM
Hello All, So it turns out that after the upgrade and subsequent rollback from 2.6, I can't get clients to connect to puppetserver anymore. Something got broken with the ssl and I'm having a tough time identifying the problem. So far, I've…

Embedded integration testing causing strage issues
August 12, 2010 09:00:15 PM
Hi all, We've downloaded and used Ran's embedded Cassandra helper from the Hector client. It works really well for performing basic integration testing. We have a more advanced test that uses TCP sockets and threading. We send about 400 pieces…

Created] (CXF-3420) WEB-INF/cxf-servlet.xml causing cross application issues
March 25, 2011 12:38:09 AM
WEB-INF/cxf-servlet.xml causing cross application issues

Nio Connector and self signed SSL certificate giving "No client certificate chain in this reque
February 4, 2011 04:05:52 AM
Hello, I have tomcat 6.0.30 configured with NIOConnector (org.apache.coyote.http11.Http11NioProtocol) using latest JRE (1.6.0_23). The connector has 1 way SSL enabled, except for a URL that requires 2 way SSL. I do so using following security…

Upgrade to 0.11.0 -- major issues
September 30, 2010 06:47:45 AM
Hey guys, I just upgraded to 0.11.0 and modified my configs to use the new "zero conf" local config (which meant I just removed all the gateway stuff from my configuration files). I have two nodes and my Java app is joining the cluster. Here's…

mongod.lock issues after snapshot upgrade
August 29, 2010 05:43:06 PM
Hi All, I have been using the snapshot APT repository on Ubuntu 10.04 and seem to have a recurring problem every time after upgrading the mongodb package. After the upgrade, Mongo refuses to start back up and checking the error log, it is reported…

Re: Upgrade 1.3.12 -> 2.2.16: Reverse Proxy issues [WAS: Jserv issue ???
September 11, 2010 07:53:36 AM
On 9/11/2010 6:53 AM, Eric Covener wrote: >> HOWEVER, we cannot get reverse proxy to work with SSL ?!?! >> >> Port 80 works great, including redirecting. >> >> Port 443 does NOT redirect. NO SSL errors during…

Tomcat 5.0.18 to Tomcat 5.5.23 upgrade issues
July 13, 2010 04:29:44 PM
Hi, I am upgrading the web server Tomcat 5.0.18 to Tomcat 5.5.23 for my Struts 1.1 based web application. I am facing JNDI configuration & Logging files creation issues in Tomcat 5.5.23. Till now I am using tomcat 5.0.18. …

log4j Causing Exceptions
July 19, 2010 11:23:55 AM
Good Morning, I'm attempting to implement log4j logging for MyBatis to troubleshoot my single-result collection being null issue. I am getting exceptions (see bottom of this email) when I merely add log4j-1.2.16.jar to the classpath. Even if I…

Trunk causing breakage
August 30, 2010 08:31:56 AM
FYI, trunk seems to be breaking builds: http://markmail.org/message/sahqepu3ane6ati5 -Rahul

How to troubleshoot what's causing so many connections?
October 27, 2010 11:56:49 AM
Hi, We're using Tomcat 6.0.24. We're noticing a high number of active Tomcat connections on one of our servers. We suspect that a lot of these connections are idle and waiting for a database call to return, but how can we nail down more…

Which domain causing slowness.
March 15, 2011 11:39:29 AM
Dear all I have a number of domain using different named virtual host. I want to know which virtual host is causing delay on my apache web server. I am suing apache 2 on centos 5.5? Any suggestion i don't want to use awstat or nagios . Thanks…

ExceptionMapper causing subsequent ClassCastExceptions
February 10, 2011 08:41:12 PM
I have a service method like this: @Override @POST @Path("/model/create") public Long createModel(Model model) { ... } I registered an exception mapper like this: public class CustomWebApplicationExceptionMapper extends…

Exception causing close of session
August 26, 2010 06:04:04 PM
Hi, zookeeper-3.2.2 is used out of HBase 0.20.5 Linux sjc1-.com 2.6.18-92.el5 #1 SMP Tue Jun 10 18:51:06 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux In hbase-hadoop-zookeeper-sjc1-cml-grid00.log, I see a lot of the following: 2010-08-26 22:58:01,930…

Broker URI configuration causing SAX errors
November 11, 2010 10:28:38 AM
I have a JNDI configuration for an embedded broker in my Tomcat context.xml, I'm trying to use the broker uri syntax to configure the broker and having varied luck. My configuration works until I try to add the useJmx option to the URI. When I…

Trigger conditionally causing delete
October 1, 2010 04:38:43 PM
Hi: I want to use to trigger on deletion of a detail record to automatically delete a summary record, if not more detail records exist, something like: CREATE TRIGGER detail_delete AFTER DELETE ON detail BEGIN -- here I don't know…

GC took 299 secs causing region server to die
July 29, 2010 03:17:07 PM
I kept running into the stop-the-world GC during batch import of data into hbase. The configuration of a node in the 8-node cluster is as follows. * 4-core * 64-bit JVM * 8 GB of memory * CDH2 for hadoop and 0.20.5 for hbase * TT: 128 MB * DN:…

MapReduce causing mongod to crash
February 28, 2011 11:44:26 AM
I have a mapreduce operation that i am trying to perform that is causing mongod to crash. Basically my map operation takes a collection of text strings and emits all overlapping 10 character substrings as the key and their position and ObjectID as…

Questions and Answers are licensed under cc-wiki license.

SSL Certificate Upgrade causing Issues

1 Answers

Your answer

Join with account you already have