[xep-support] SSL Certificate issue

Story, Stacy stacy.story at directconnectsolutions.com
Fri Jan 9 13:17:14 PST 2009


The problem is we are not dealing with a self signed certificate.
The Cert is signed by Godaddy's new intermediate chain.
 
The java keystore was previously updated by the keytool to include Godaddy's new cert chain.
 
When a diffrent app, (please see orgional message) uses the default java keystore, it returns as a trusted cert.
 
When XEP makes the calls for java to retrieve the resources, an exception is raised. 
Does XEP refrence and/or maintain a diffrent cert store?

Stacy Story
Software Simian
Direct Connect Solutions

________________________________

From: owner-xep-support at renderx.com on behalf of Michael Sulyaev
Sent: Fri 1/9/2009 2:08 AM
To: xep-support at renderx.com
Subject: Re: [xep-support] SSL Certificate issue



Story, Stacy wrote:
> Once this was active on their web server, XEP and XEPwin have started
> throwing errors.
> 
> Could not retrieve image from 'https://www....com/logo-for-report.jpg':
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: No trusted certificate found

Hello Stacy,

XEP relies on Java and System routines for retrieving URI-referenced
resources, so there is nothing to change in XEP on this issue.

Your program may help others to spot and fix similar issues, thanks!

I believe there may be other problems of this kind, e.g. self-signed
certificates. I thought there is a way to manually import certificates
(to make them trusted) in the Security tab of jcontrol (Java Control
Panel), but I've never tried. Did not it help?

In general, I'd say that issues of this kind may and probably should be
resolved on a dedicated proxy server. This way one may protect against
temporary networking problems, along with resolving the security concerns.

Regards,
Michael Sulyaev
RenderX

-------------------
(*) To unsubscribe, send a message with words 'unsubscribe xep-support'
in the body of the message to majordomo at renderx.com from the address
you are subscribed from.
(*) By using the Service, you expressly agree to these Terms of Service http://www.renderx.com/terms-of-service.html


-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 5464 bytes
Desc: not available
URL: <http://lists.renderx.com/pipermail/xep-support/attachments/20090109/5611240b/attachment.bin>


More information about the Xep-support mailing list