Unable to authenticate SSL site in Java: “pathlenconstraint violated – this certificate must be the last certificate in the certificate path”

I tried to read from a secure (i.e. SSL) web page in Java code

Please note that I have successfully established a non SSL connection, but different hosts I can also use my browser to view this page – where the certificate is verified correctly

Do I need to change the order of certificates in some way because they are retrieved from the server? Are there any configurations I lack?

Thank you in advance,

lior

Solution

I dig further. The answer is that I need to import the necessary certificates into the keystore used by the JVM to verify SSL

I manually exported the web site's certificates – all of them Then I use the 'keytool' utility provided by sun to import it into my default keystore Please note that you must import them in the correct order Then I put the new keystore instead of the JRE keystore - it worked

I think it would be better to import the certificate directly into JRE's keystore, but the tool requires me to enter a password I don't know

I believe there is another way to program this more easily, but I haven't found it yet I'd love to get some pointers (trustmanager class in JSSE?)

Finally, some credit This post: http://javaishdiscoveries.blogspot.com/2009/02/battle-with-cacerts-and-https.html Helped me point out the right direction