Java7 Refusing to trust certificate in trust store

by

I actually had a somewhat similar issue, where a Tomcat application would trust the ca cert in the truststore when using Java 1.6 and reject it with java 1.7. After adding keyUsage to my ca certificate it works (after reading a bug report, JDK-7018897 : CertPath validation cannot handle self-signed cert with bad KeyUsage).

What I have done (Ubuntu 12.04 x64):

  1. Edit /etc/ssl/openssl.cnf and uncomment keyUsage line in v3_ca section.

  2. Generate new ca cert from old one with keyUsage included using the command:

    openssl x509 -in oldca.pem -clrext -signkey oldca.key -extfile /etc/ssl/openssl.cnf -extensions v3_ca -out newca.pem

  3. Delete old CA key from truststore and insert the new one.

More Related Contents:

  1. Received fatal alert: handshake_failure through SSLHandshakeException
  2. Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  3. How to fix the “java.security.cert.CertificateException: No subject alternative names present” error?
  4. How to ignore PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException?
  5. Java SSL: how to disable hostname verification
  6. Caused by: java.security.UnrecoverableKeyException: Cannot recover key
  7. javax.net.ssl.SSLPeerUnverifiedException: Host name does not match the certificate subject provided by the peer
  8. SSL “Peer Not Authenticated” error with HttpClient 4.1
  9. Java: Loading SSL Keystore via a resource
  10. How Can I Access an SSL Connection Through Android?
  11. Java Keytool error after importing certificate , “keytool error: java.io.FileNotFoundException & Access Denied”
  12. Ignore self-signed ssl cert using Jersey Client [duplicate]
  13. Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
  14. “PKIX path building failed” and “unable to find valid certification path to requested target”
  15. Accept server’s self-signed ssl certificate in Java client
  16. SSL handshake alert: unrecognized_name error since upgrade to Java 1.7.0
  17. Java SSLHandshakeException “no cipher suites in common”
  18. Using a custom truststore in java as well as the default one
  19. How to extract CN from X509Certificate in Java?
  20. Importing the private-key/public-certificate pair in the Java KeyStore [duplicate]
  21. HTTPS GET (SSL) with Android and self-signed server certificate
  22. Java keytool easy way to add server cert from url/port
  23. HttpGet with HTTPS : SSLPeerUnverifiedException
  24. Why does Java’s SSLSocket send a version 2 client hello?
  25. SSLHandshakeException while connecting to a https site
  26. SSLHandShakeException No Appropriate Protocol
  27. SSL Connection Reset
  28. Java SSLException: hostname in certificate didn’t match
  29. How to make Java 6, which fails SSL connection with “SSL peer shut down incorrectly”, succeed like Java 7?
  30. Java HttpsURLConnection and TLS 1.2

Leave a Comment