Trusted certificates becomes invalid

Question

In a Sun Glassfish server I have deployed an application that communicates with an external webservice over SSL.

I have manually imported certificates in cacerts.jks with java keytool cli (keytool -import -trustcacerts -keystore cacerts.jks -alias somealias -file somecert.cer).

I verify that everything works, but then after a longer while things stop to work and I get the following output in log:

[#|2010-06-18T09:13:23.930+0200|WARNING|sun-appserver9.1|...|_ThreadID=850;_ThreadName=p: thread-pool-1; w: 901;javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: The certificate chain from the server is not trusted|...|#]

And from here the service stops working. According to the log, shortly before the exception occurs, the certificate is questioned and the server by default replies no and I suspect this is what generates the error.

But what trigger the server to suddenly question the certificate? Certificate is already imported and marked as trusted in the keystore. All dates are ok. Have I missed something?

Answer 1

Perhaps there is some other application which is changing the System property (javax.net.ssl.trustStore). javax.net.ssl.trustStore is what is pointing to the trusted keystore. Try printing out this System property to see if it changes. Another option is to start the JVM with the following option -Djavax.net.debug=SSL,handshake,data,trustmanager This should give you some verbose output in your stdout log file.