NetBeans Forums

 FAQFAQ   SearchSearch   MemberlistMemberlist   RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
  

Problem with SSL Certificate

 
Post new topic   Reply to topic    NetBeans Forums -> NetBeans Users
View previous topic :: View next topic  
Author Message
gusnaige



Joined: 29 Dec 2008
Posts: 4

PostPosted: Mon Feb 09, 2009 4:15 pm    Post subject: Problem with SSL Certificate Reply with quote

I created a WEB SERVICE using NetBeans 6.5. The service works great under HTTP.

However, when I try to run it using HTTPS, I get the following (Unable to verify the identity of "...." as a trusted site):



If I accept the certificate, I get:

java.rmi.RemoteException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is:
HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at chirp.GetInstructions_Stub.getInstructions(GetInstructions_Stub.java:94)
at chirp.Main.main(Main.java:1122)
Caused by: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

However, If I try to access to the web page using HTTPS it works. In other words, the certificate is valid for Internet Explorer and Firefox.

Any ideas what I might be doing wrong?

Thanks!

Gustavo



image001.png
 Description:
 Filesize:  24.52 KB
 Viewed:  23040 Time(s)

image001.png


Back to top
Manuel Mall
Posted via mailing list.





PostPosted: Mon Feb 09, 2009 10:49 pm    Post subject: Problem with SSL Certificate Reply with quote

Generally, the error means that the CA certificate (in your case the 'Go Daddy' certificate) is not in your trusted CA store and therefore the JVM "doesn't trust it".

Your trusted CA store, unless overwritten by configuration settings, is usally the <JRE>/lib/security/cacerts file. You can check its content with the Java keytool application and add/remove certificates using the same tool.

From: SUB [mailto:address-removed]
Sent: Tuesday, 10 February 2009 1:18 AM
To: address-removed
Subject: [nbusers] Problem with SSL Certificate




I created a WEB SERVICE using NetBeans 6.5. The service works great under HTTP.

However, when I try to run it using HTTPS, I get the following (Unable to verify the identity of "...." as a trusted site):



If I accept the certificate, I get:

java.rmi.RemoteException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is:
HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at chirp.GetInstructions_Stub.getInstructions(GetInstructions_Stub.java:94)
at chirp.Main.main(Main.java:1122)
Caused by: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

However, If I try to access to the web page using HTTPS it works. In other words, the certificate is valid for Internet Explorer and Firefox.

Any ideas what I might be doing wrong?

Thanks!

Gustavo



image001.png
 Description:
 Filesize:  24.52 KB
 Viewed:  23038 Time(s)

image001.png


Back to top
gusnaige



Joined: 29 Dec 2008
Posts: 4

PostPosted: Mon Feb 09, 2009 11:07 pm    Post subject: Problem with SSL Certificate Reply with quote

I have two certificates that I loaded into the system using:

C:\Program Files (x86)\Java\jre6\lib\security>keytool -import -alias GD22 -file GD2.cer -keystore cacerts -trustcacerts
Enter keystore password:
Certificate already exists in keystore under alias <gd2>
Do you still want to add it? [no]: yes
Certificate was added to keystore

C:\Program Files (x86)\Java\jre6\lib\security>keytool -import -alias GD11 -file GD1.cer -keystore cacerts -trustcacerts
Enter keystore password:
Certificate already exists in keystore under alias <gd1>
Do you still want to add it? [no]: yes
Certificate was added to keystore

When I want to check what certificates are installed using keytool -list -v -keystore codesignstore, I can see what is below.

However, I am still getting the error with the binarycanary.com The good thing is that I was having also the error with GoDaddy but it is gone.

What else is missing? Another certificate? They sent me 2 intermediate certificates.

Thanks!

Gustavo


Alias name: gd11
Creation date: 9-Feb-2009
Entry type: trustedCertEntry

Owner: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Issuer: EMAILADDRESS=[i]address-removed, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network[/i]
Serial number: 10d
Valid from: Tue Jun 29 12:06:20 CDT 2004 until: Sat Jun 29 12:06:20 CDT 2024
Certificate fingerprints:
MD5: 82:BD:9A:0B:82:6A:0E:3E:91:AD:3E:27:04:2B:3F:45
SHA1: DE:70:F4:E2:11:6F:7F:DC:E7:5F:9D:13:01:2B:7E:68:7A:3B:2C:62
Signature algorithm name: SHA1withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D2 C4 B0 D2 91 D4 4C 11 71 B3 61 CB 3D A1 FE DD ......L.q.a.=...
0010: A8 6A D4 E3 .j..
]
]

#4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.godaddy.com]
]

#5: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://certificates.godaddy.com/repository/root.crl]
]]

#6: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 66 69 .*http://certifi
0010: 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E 63 6F cates.godaddy.co
0020: 6D 2F 72 65 70 6F 73 69 74 6F 72 79 m/repository

]] ]
]

#7: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[EMAILADDRESS=[i]address-removed, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network][/i]
SerialNumber: [ 01]
]


**************************************

Alias name: gd22
Creation date: 9-Feb-2009
Entry type: trustedCertEntry

Owner: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Serial number: 301
Valid from: Wed Nov 15 19:54:37 CST 2006 until: Sun Nov 15 19:54:37 CST 2026
Certificate fingerprints:
MD5: D5:DF:85:B7:9A:52:87:D1:8C:D5:0F:90:23:2D:B5:34
SHA1: 7C:46:56:C3:06:1F:7F:4C:0D:67:B3:19:A8:55:F6:0E:BC:11:FC:44
Signature algorithm name: SHA1withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FD AC 61 32 93 6C 45 D6 E2 EE 85 5F 9A BA E7 76 ..a2.lE...._...v
0010: 99 68 CC E7 .h..
]
]

#4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.godaddy.com]
]

#5: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://certificates.godaddy.com/repository/gdroot.crl]
]]

#6: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 66 69 .*http://certifi
0010: 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E 63 6F cates.godaddy.co
0020: 6D 2F 72 65 70 6F 73 69 74 6F 72 79 m/repository

]] ]
]

#7: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D2 C4 B0 D2 91 D4 4C 11 71 B3 61 CB 3D A1 FE DD ......L.q.a.=...
0010: A8 6A D4 E3 .j..
]

]







From: Manuel Mall [mailto:address-removed]
Sent: February-09-09 4:50 PM
To: 'address-removed'
Subject: RE: [nbusers] Problem with SSL Certificate



Generally, the error means that the CA certificate (in your case the 'Go Daddy' certificate) is not in your trusted CA store and therefore the JVM "doesn't trust it".

Your trusted CA store, unless overwritten by configuration settings, is usally the <JRE>/lib/security/cacerts file. You can check its content with the Java keytool application and add/remove certificates using the same tool.


From: SUB [mailto:address-removed]
Sent: Tuesday, 10 February 2009 1:18 AM
To: address-removed
Subject: [nbusers] Problem with SSL Certificate
I created a WEB SERVICE using NetBeans 6.5. The service works great under HTTP.

However, when I try to run it using HTTPS, I get the following (Unable to verify the identity of "...." as a trusted site):



If I accept the certificate, I get:

java.rmi.RemoteException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is:
HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at chirp.GetInstructions_Stub.getInstructions(GetInstructions_Stub.java:94)
at chirp.Main.main(Main.java:1122)
Caused by: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

However, If I try to access to the web page using HTTPS it works. In other words, the certificate is valid for Internet Explorer and Firefox.

Any ideas what I might be doing wrong?

Thanks!

Gustavo



image001.png
 Description:
 Filesize:  24.52 KB
 Viewed:  23037 Time(s)

image001.png


Back to top
Manuel Mall
Posted via mailing list.





PostPosted: Tue Feb 10, 2009 9:56 am    Post subject: Problem with SSL Certificate Reply with quote

What you done looks right. Try running your application with the -Djavax.net.debug=ssl option (http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Debug) and check if the log output tells you more on where it goes wrong.

From: SUB [mailto:address-removed]
Sent: Tuesday, 10 February 2009 8:11 AM
To: address-removed
Subject: RE: [nbusers] Problem with SSL Certificate




I have two certificates that I loaded into the system using:

C:\Program Files (x86)\Java\jre6\lib\security>keytool -import -alias GD22 -file GD2.cer -keystore cacerts -trustcacerts
Enter keystore password:
Certificate already exists in keystore under alias <gd2>
Do you still want to add it? [no]: yes
Certificate was added to keystore

C:\Program Files (x86)\Java\jre6\lib\security>keytool -import -alias GD11 -file GD1.cer -keystore cacerts -trustcacerts
Enter keystore password:
Certificate already exists in keystore under alias <gd1>
Do you still want to add it? [no]: yes
Certificate was added to keystore

When I want to check what certificates are installed using keytool -list -v -keystore codesignstore, I can see what is below.

However, I am still getting the error with the binarycanary.com The good thing is that I was having also the error with GoDaddy but it is gone.

What else is missing? Another certificate? They sent me 2 intermediate certificates.

Thanks!

Gustavo


Alias name: gd11
Creation date: 9-Feb-2009
Entry type: trustedCertEntry

Owner: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Issuer: EMAILADDRESS=[i]address-removed, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network[/i]
Serial number: 10d
Valid from: Tue Jun 29 12:06:20 CDT 2004 until: Sat Jun 29 12:06:20 CDT 2024
Certificate fingerprints:
MD5: 82:BD:9A:0B:82:6A:0E:3E:91:AD:3E:27:04:2B:3F:45
SHA1: DE:70:F4:E2:11:6F:7F:DC:E7:5F:9D:13:01:2B:7E:68:7A:3B:2C:62
Signature algorithm name: SHA1withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D2 C4 B0 D2 91 D4 4C 11 71 B3 61 CB 3D A1 FE DD ......L.q.a.=...
0010: A8 6A D4 E3 .j..
]
]

#4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.godaddy.com]
]

#5: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://certificates.godaddy.com/repository/root.crl]
]]

#6: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 66 69 .*http://certifi
0010: 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E 63 6F cates.godaddy.co
0020: 6D 2F 72 65 70 6F 73 69 74 6F 72 79 m/repository

]] ]
]

#7: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[EMAILADDRESS=[i]address-removed, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network][/i]
SerialNumber: [ 01]
]


**************************************

Alias name: gd22
Creation date: 9-Feb-2009
Entry type: trustedCertEntry

Owner: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Serial number: 301
Valid from: Wed Nov 15 19:54:37 CST 2006 until: Sun Nov 15 19:54:37 CST 2026
Certificate fingerprints:
MD5: D5:DF:85:B7:9A:52:87:D1:8C:D5:0F:90:23:2D:B5:34
SHA1: 7C:46:56:C3:06:1F:7F:4C:0D:67:B3:19:A8:55:F6:0E:BC:11:FC:44
Signature algorithm name: SHA1withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FD AC 61 32 93 6C 45 D6 E2 EE 85 5F 9A BA E7 76 ..a2.lE...._...v
0010: 99 68 CC E7 .h..
]
]

#4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.godaddy.com]
]

#5: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://certificates.godaddy.com/repository/gdroot.crl]
]]

#6: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 66 69 .*http://certifi
0010: 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E 63 6F cates.godaddy.co
0020: 6D 2F 72 65 70 6F 73 69 74 6F 72 79 m/repository

]] ]
]

#7: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D2 C4 B0 D2 91 D4 4C 11 71 B3 61 CB 3D A1 FE DD ......L.q.a.=...
0010: A8 6A D4 E3 .j..
]

]







From: Manuel Mall [mailto:address-removed]
Sent: February-09-09 4:50 PM
To: 'address-removed'
Subject: RE: [nbusers] Problem with SSL Certificate



Generally, the error means that the CA certificate (in your case the 'Go Daddy' certificate) is not in your trusted CA store and therefore the JVM "doesn't trust it".

Your trusted CA store, unless overwritten by configuration settings, is usally the <JRE>/lib/security/cacerts file. You can check its content with the Java keytool application and add/remove certificates using the same tool.


From: SUB [mailto:address-removed]
Sent: Tuesday, 10 February 2009 1:18 AM
To: address-removed
Subject: [nbusers] Problem with SSL Certificate
I created a WEB SERVICE using NetBeans 6.5. The service works great under HTTP.

However, when I try to run it using HTTPS, I get the following (Unable to verify the identity of "...." as a trusted site):



If I accept the certificate, I get:

java.rmi.RemoteException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is:
HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at chirp.GetInstructions_Stub.getInstructions(GetInstructions_Stub.java:94)
at chirp.Main.main(Main.java:1122)
Caused by: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

However, If I try to access to the web page using HTTPS it works. In other words, the certificate is valid for Internet Explorer and Firefox.

Any ideas what I might be doing wrong?

Thanks!

Gustavo



image001.png
 Description:
 Filesize:  24.52 KB
 Viewed:  23030 Time(s)

image001.png


Back to top
gusnaige



Joined: 29 Dec 2008
Posts: 4

PostPosted: Wed Feb 11, 2009 5:59 pm    Post subject: Problem with SSL Certificate Reply with quote

I solved the problem!

I certificate on the server was wrongly installed. I hope I can save some else time in the future!

Gustavo

From: SUB [mailto:address-removed]
Sent: February-09-09 5:11 PM
To: address-removed
Subject: RE: [nbusers] Problem with SSL Certificate



I have two certificates that I loaded into the system using:

C:\Program Files (x86)\Java\jre6\lib\security>keytool -import -alias GD22 -file GD2.cer -keystore cacerts -trustcacerts
Enter keystore password:
Certificate already exists in keystore under alias <gd2>
Do you still want to add it? [no]: yes
Certificate was added to keystore

C:\Program Files (x86)\Java\jre6\lib\security>keytool -import -alias GD11 -file GD1.cer -keystore cacerts -trustcacerts
Enter keystore password:
Certificate already exists in keystore under alias <gd1>
Do you still want to add it? [no]: yes
Certificate was added to keystore

When I want to check what certificates are installed using keytool -list -v -keystore codesignstore, I can see what is below.

However, I am still getting the error with the binarycanary.com The good thing is that I was having also the error with GoDaddy but it is gone.

What else is missing? Another certificate? They sent me 2 intermediate certificates.

Thanks!

Gustavo


Alias name: gd11
Creation date: 9-Feb-2009
Entry type: trustedCertEntry

Owner: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Issuer: EMAILADDRESS=[i]address-removed, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network[/i]
Serial number: 10d
Valid from: Tue Jun 29 12:06:20 CDT 2004 until: Sat Jun 29 12:06:20 CDT 2024
Certificate fingerprints:
MD5: 82:BD:9A:0B:82:6A:0E:3E:91:AD:3E:27:04:2B:3F:45
SHA1: DE:70:F4:E2:11:6F:7F:DC:E7:5F:9D:13:01:2B:7E:68:7A:3B:2C:62
Signature algorithm name: SHA1withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D2 C4 B0 D2 91 D4 4C 11 71 B3 61 CB 3D A1 FE DD ......L.q.a.=...
0010: A8 6A D4 E3 .j..
]
]

#4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.godaddy.com]
]

#5: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://certificates.godaddy.com/repository/root.crl]
]]

#6: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 66 69 .*http://certifi
0010: 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E 63 6F cates.godaddy.co
0020: 6D 2F 72 65 70 6F 73 69 74 6F 72 79 m/repository

]] ]
]

#7: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[EMAILADDRESS=[i]address-removed, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network][/i]
SerialNumber: [ 01]
]


**************************************

Alias name: gd22
Creation date: 9-Feb-2009
Entry type: trustedCertEntry

Owner: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Serial number: 301
Valid from: Wed Nov 15 19:54:37 CST 2006 until: Sun Nov 15 19:54:37 CST 2026
Certificate fingerprints:
MD5: D5:DF:85:B7:9A:52:87:D1:8C:D5:0F:90:23:2D:B5:34
SHA1: 7C:46:56:C3:06:1F:7F:4C:0D:67:B3:19:A8:55:F6:0E:BC:11:FC:44
Signature algorithm name: SHA1withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FD AC 61 32 93 6C 45 D6 E2 EE 85 5F 9A BA E7 76 ..a2.lE...._...v
0010: 99 68 CC E7 .h..
]
]

#4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.godaddy.com]
]

#5: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://certificates.godaddy.com/repository/gdroot.crl]
]]

#6: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 66 69 .*http://certifi
0010: 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E 63 6F cates.godaddy.co
0020: 6D 2F 72 65 70 6F 73 69 74 6F 72 79 m/repository

]] ]
]

#7: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D2 C4 B0 D2 91 D4 4C 11 71 B3 61 CB 3D A1 FE DD ......L.q.a.=...
0010: A8 6A D4 E3 .j..
]

]







From: Manuel Mall [mailto:address-removed]
Sent: February-09-09 4:50 PM
To: 'address-removed'
Subject: RE: [nbusers] Problem with SSL Certificate



Generally, the error means that the CA certificate (in your case the 'Go Daddy' certificate) is not in your trusted CA store and therefore the JVM "doesn't trust it".

Your trusted CA store, unless overwritten by configuration settings, is usally the <JRE>/lib/security/cacerts file. You can check its content with the Java keytool application and add/remove certificates using the same tool.


From: SUB [mailto:address-removed]
Sent: Tuesday, 10 February 2009 1:18 AM
To: address-removed
Subject: [nbusers] Problem with SSL Certificate
I created a WEB SERVICE using NetBeans 6.5. The service works great under HTTP.

However, when I try to run it using HTTPS, I get the following (Unable to verify the identity of "...." as a trusted site):



If I accept the certificate, I get:

java.rmi.RemoteException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is:
HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at chirp.GetInstructions_Stub.getInstructions(GetInstructions_Stub.java:94)
at chirp.Main.main(Main.java:1122)
Caused by: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

However, If I try to access to the web page using HTTPS it works. In other words, the certificate is valid for Internet Explorer and Firefox.

Any ideas what I might be doing wrong?

Thanks!

Gustavo



image001.png
 Description:
 Filesize:  24.52 KB
 Viewed:  23017 Time(s)

image001.png


Back to top
jmpereira



Joined: 13 Mar 2010
Posts: 1

PostPosted: Mon Mar 15, 2010 1:59 pm    Post subject: Reply with quote

Hey guys! I also got the same problem with an application i was trying to make. The objective is to make a post in an https url.

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: basic constraints check failed: pathLenConstraint violated - this cert must be the last cert in the certification path
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)


I got the ssl certificate from ffox and what i got was this file:

-----BEGIN CERTIFICATE-----
MIIGHjCCBQagAwIBAgIQLEjdkw31WY75PJlUemDtQzANBgkqhkiG9w0BAQUFADCB
(...)
wHGkQeta4/wULkuI/a5uW2XpJ+S/5LAjwbJ9W2Il1z4Q1A==
-----END CERTIFICATE-----

but i stilll don't have a clue of what to do... i followed your instructions and i have made this:

keytool -import -alias GD22 -file GD2.cer -keystore cacerts -trustcacerts

so, what i got was a new file with information about my certificate...
But i still don't have a clue of what do i have to do so i can put my application to run properly!

Do i have to take one of these files into my netbeans configurations? How?

Thanks a lot guys!
Back to top
Display posts from previous:   
Post new topic   Reply to topic    NetBeans Forums -> NetBeans Users All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB
By use of this website, you agree to the NetBeans Policies and Terms of Use. © 2012, Oracle Corporation and/or its affiliates. Sponsored by Oracle logo