Tuesday, October 1, 2013

weblog; missing CA Root

X.509 Certificates

The Most Common Java Keytool Keystore Commands

http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

Display the contents of a stand-alone certificate. Doesn't show as much details as the openssl command.

Keytool

keytool -printcert -v -file mydomain.crt

OpenSSL

openssl x509 -noout -text -in mydomain.crt

Download Primary PCA Root Certificates | Symantec

http://www.symantec.com/page.jsp?id=roots

Needed to complete CA Root chain for Oracle/PeopleSoft. This seems to do the trick.

wget http://www.verisign.com/repository/roots/root-certificates/PCA-3G3.pem

No trusted certificate found : when opeing a ssl connection from behind the proxy. (Open Source Projects forum at JavaRanch)

http://www.coderanch.com/t/62494/open-source/trusted-certificate-opeing-ssl-connection
  • http://www.coderanch.com/t/62494/open-source/trusted-certificate-opeing-ssl-connection
  • http://stackoverflow.com/questions/10749803/validatorexception-no-trusted-certificate-found-in-java

Two-way ssl handshake

  1. handshake initiated by client; client sends it's identification
  2. server receives, authenticates client and accepts
  3. server sends it's identification
  4. client receives, but fails to authenticate

In our case, it seems the problem is an incomplete CA Root chain.

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)