Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 11 Dec 2020 10:57:11 -0500
From:      "James B. Byrne" <byrnejb@harte-lyne.ca>
To:        freebsd-questions@freebsd.org
Subject:   FreeBSD-12.1p10 OpenJDK11 Java SSL certificate issue
Message-ID:  <fd636e819f797c2ddb9d50791b87b10a.squirrel@webmail.harte-lyne.ca>
next in thread | raw e-mail | index | archive | help 
We have a requirement to use Java SSL authentication to a host that has its
certificate created by a private CA. We have added the target's private
intermediate and root certificates to the local cacerts keystore in
/usr/local/openjdk11/lib/security/cacerts but we still get this error: __Path
does not chain with any of the trust anchors__

--->

openssl s_client -connect mx32.harte-lyne.ca:465
CONNECTED(00000003)
depth=2 CN = CA_HLL_ROOT_2016, ST = Ontario, O = Harte & Lyne Limited, OU =
Networked Data Services, C = CA, DC = harte-lyne, DC = ca, L = Hamilton
verify return:1
depth=1 CN = CA_HLL_ISSUER_2016, OU = Networked Data Services, O = Harte & Lyne
Limited, L = Hamilton, ST = Ontario, C = CA, DC = harte-lyne, DC = ca
verify return:1
depth=0 CN = mx32.harte-lyne.ca, OU = Networked Data Systems, O = Harte & Lyne
Limited, L = Hamilton, ST = Ontario, C = CA, DC = hamilton, DC = harte-lyne, DC
= ca
verify return:1
. . .

JAVA_VERSION="11" keytool -list -rfc -cacerts > cacerts.txt

grep 'Alias name' cacerts.txt | grep hll
Alias name: hartelyneissuer2016 [hll]
Alias name: hartelyneroot2016 [hll]

JAVA_VERSION="11" java SSLPoke mx32.harte-lyne.ca 465
sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: Path does not chain with any of
the trust anchors

<---

Why?



-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
   Unencrypted messages have no legal claim to privacy
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fd636e819f797c2ddb9d50791b87b10a.squirrel>