Trusting an expired certificate [duplicate]
Asked Answered
L

1

1

My client is failing with the below error while communicating with a https server with an expired cert. While we are in the process of waiting that to be fixed on the server side by renewing, I am wondering if we can by pass this error by adding the expired cert to our own trust store? This allows us to gain some testing time while waiting for the cert to be renewed.

US has an end date Thu Sep 08 19:59:59 EDT 2011 which is no longer valid.
[4/17/13 19:22:55:618 EDT] 00000021 SystemOut     O   WebContainer : 0, SEND TLSv1 ALERT:  fatal, description = certificate_unknown
[4/17/13 19:22:55:620 EDT] 00000021 SystemOut     O   WebContainer : 0, WRITE: TLSv1 Alert, length = 2
[4/17/13 19:22:55:620 EDT] 00000021 SystemOut     O   WebContainer : 0, called closeSocket()
[4/17/13 19:22:55:620 EDT] 00000021 SystemOut     O   WebContainer : 0, handling exception: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
    java.security.cert.CertPathValidatorException: The certificate issued by CN=Thawte SSL CA, O="Thawte, Inc.", C=US is not trusted; internal cause is: 
Lebrun answered 17/4, 2013 at 23:45 Comment(1)
You might be interested in this.Aikens
O
1

Use the following code to trust all certificates. Note: Do not use it in the production

    try {
        SSLContext ctx = SSLContext.getInstance("TLS");
        ctx.init(new KeyManager[0], new TrustManager[] { new X509TrustManager() {
            @Override
            public void checkClientTrusted(X509Certificate[] x509Certificates, String name) throws CertificateException {}

            @Override
            public void checkServerTrusted(X509Certificate[] x509Certificates, String name) throws CertificateException {}

            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        } }, new SecureRandom());

        SSLContext.setDefault(ctx);
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
Onions answered 18/4, 2013 at 7:56 Comment(1)
Thx. But we doesn't need to do it programatically. Just adding it to trust manager works.Lebrun

© 2022 - 2024 — McMap. All rights reserved.