[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] AW: No trusted certificate found



Hello,

the certificate sent by your server during the SSL handshake is issued
by the same CA (or is the same) as the one you added as trusted certificate
on your client side?

> When I addTrustedCertificate(null)
This means that you accept if the peer does not send a certificate and only
may have a meaning on the server side if a client cannot fulfill a certificate
request sent by the server. In this case, if null has been added as "trusted
certificate" the missing of client certificate is tolerated by the server.
On the client side, however, you will get a server cert in any case (except
for anonymous cipher suites).

Regards,
Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: Jack Kustanowitz [mailto:jackk@smtp2.atomica.com]
Gesendet: Mittwoch, 07. November 2001 09:52
An: Dieter Bratko; iaik-ssl@iaik.at
Betreff: No trusted certificate found


I am using HTTPClient with iaik ssl, and getting this error.  I am
reading a certificate that was generated by the server and is valid -- I
copied it to a file on my local hard disk called server.crt, which when
I double-click on it gives valid certificate information.

The Issuer is local (i.e. not verisign or something).  Could this be the
problem?

Here's the relevant code:

HTTPConnection con = new HTTPConnection("https", "myserver", 8492);
// apache ssl running on port 8492
FileInputStream cafis = new FileInputStream("d:\\server.crt");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
caCert = (X509Certificate)cf.generateCertificate(cafis);
SSLClientContext sslcc = new SSLClientContext();
sslcc.setDebugStream(System.out);
sslcc.addTrustedCertificate(caCert);
con.setSSLContext(sslcc);

When I addTrustedCertificate(null), it goes through, but I assume this
means it goes through insecurely, defeating the purpose of SSL!

Any help would be appreciated -- 

Thanks,

Jack Kustanowitz

Following are the error lines:

ssl_debug(1): ChainVerifier: No trusted certificate found, rejected.
ssl_debug(1): Sending alert: Alert Fatal: bad certificate

And the whole session transcript: (the certificate info at the top is
traces from my code, to show the certificate is being properly read and
is valid):

Certificate starts Sun May 20 18:26:46 IDT 2001
Certificate expires Sat Mar 16 17:26:46 IST 2002
Today is Wed Nov 07 10:36:05 IST 2001
ssl_debug(1): Starting handshake (iSaSiLk 3.03 Evaluation Version)...
ssl_debug(1): Sending v3 client_hello message, requesting version 3.1...
ssl_debug(1): Received v3 server_hello handshake message.
ssl_debug(1): Server selected SSL version 3.1.
ssl_debug(1): Server created new session F4:2E:62:04:CF:1D:93:9A...
ssl_debug(1): CipherSuite selected by server:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(1): CompressionMethod selected by server: NULL
ssl_debug(1): Received certificate handshake message with server
certificate.
ssl_debug(1): Server sent a 1024 bit RSA certificate, chain has 1
elements.
ssl_debug(1): ChainVerifier: No trusted certificate found, rejected.
ssl_debug(1): Sending alert: Alert Fatal: bad certificate
ssl_debug(1): Shutting down SSL layer...
ssl_debug(1): SSLException while handshaking: Server certificate
rejected by ChainVerifier
ssl_debug(2): Starting handshake (iSaSiLk 3.03 Evaluation Version)...
ssl_debug(2): Sending v3 client_hello message, requesting version 3.1...
ssl_debug(2): Received v3 server_hello handshake message.
ssl_debug(2): Server selected SSL version 3.1.
ssl_debug(2): Server created new session 46:54:EC:D4:65:E3:66:98...
ssl_debug(2): CipherSuite selected by server:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(2): CompressionMethod selected by server: NULL
ssl_debug(2): Received certificate handshake message with server
certificate.
ssl_debug(2): Server sent a 1024 bit RSA certificate, chain has 1
elements.
ssl_debug(2): ChainVerifier: No trusted certificate found, rejected.
ssl_debug(2): Sending alert: Alert Fatal: bad certificate
ssl_debug(2): Shutting down SSL layer...
ssl_debug(2): SSLException while handshaking: Server certificate
rejected by ChainVerifier
ssl_debug(3): Starting handshake (iSaSiLk 3.03 Evaluation Version)...
ssl_debug(3): Sending v3 client_hello message, requesting version 3.1...
ssl_debug(3): Received v3 server_hello handshake message.
ssl_debug(3): Server selected SSL version 3.1.
ssl_debug(3): Server created new session 05:86:8D:78:AB:D7:25:5F...
ssl_debug(3): CipherSuite selected by server:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(3): CompressionMethod selected by server: NULL
ssl_debug(3): Received certificate handshake message with server
certificate.
ssl_debug(3): Server sent a 1024 bit RSA certificate, chain has 1
elements.
ssl_debug(3): ChainVerifier: No trusted certificate found, rejected.
ssl_debug(3): Sending alert: Alert Fatal: bad certificate
ssl_debug(3): Shutting down SSL layer...
ssl_debug(3): SSLException while handshaking: Server certificate
rejected by ChainVerifier
iaik.security.ssl.SSLException: Server certificate rejected by
ChainVerifier
	at iaik.security.ssl.x.b(Unknown Source)
	at iaik.security.ssl.x.a(Unknown Source)
	at iaik.security.ssl.r.d(Unknown Source)
	at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
	at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
	at
HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:2922)
	at
HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java:2741)
	at
HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:2533)
	at HTTPClient.HTTPConnection.Post(HTTPConnection.java:1055)
	at HTTPClient.HTTPConnection.Post(HTTPConnection.java:1020)
	at HTTPClient.HTTPConnection.Post(HTTPConnection.java:947)
	at com.atomica.testers.sslLogin.main(sslLogin.java:70)


--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl