Getting Server certificate rejected by ChainVerifier exception

Hi All,

I have created self signed certificate using OpenSSL and trying to post some data over HTTPS.

I would like to tell you the details of my application so that you guys can understand my problem.

  1. Created self sign certificate using OpenSSL.
  2. Converted all .CER,.CRT and.key file to .DER using Certificate tool kit.
  3. Copied all these .DER file in \IS\Config folder and configured the certificate as follow

Server’s Signed Certificate\IntegrationServer\config\myca.der Signing CA’s Certificate\IntegrationServer\config/mycert.der Server’s Private Key\IntegrationServer\config/mykey.der
CA Certificate Directory unspecified

  1. Then i configured the HTTPS port

Port5556 Client AuthenticationRequest Client Certificates Package NameXYZ Bind Address (optional)

  1. I am able to enable this port but when i tried http://localhost:5556, it didn’t ask me for any certificate or login.

  2. I have developed one flow service which is on the same server IS 6.1 and submitting the request usinf client:HTTP service.

  3. When i am executing this service i am getting

com.wm.app.b2b.server.ServiceException: java.io.IOException: iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier

I guess i am doing something wrong while configuring the certificate, appreciate if you can help to resolve this.

Please note, I have configured these certificate on my local server and the service which is posting the data is also on the same server.

Thanks
Atul

Did you configure your SSL port (5556 in your example) to require a client cert? If so, when you hit a page using that port from a browser, the browser should prompt you to select a cert. The cert you select will need to be signed by the same CA that you created or be trusted explicitly by being copied to the trusted certs folder.

Also check the direction of the slashes in your Signing CAs and Private Key folders as the right most path separator’s are different than the rest. Should not matter on Windows, but will be incorrect on *Nix.

Mark

Hi Mark,

Thanks for the reply. Yes i have configured SSL prot 5556 to require client certificate but when i try to access http://tech.forums.softwareag.com:5556 it doesn’t ask me for any certificate or any login.

Secondly, the certificates which i have created are self signed certificates created using OpenSSL.

Let me know what else could be an issue.

Thanks