My current project need create a https connection in java code. The code worked fine in the past 5 years. But recently the certificate expired. After we got the new certificate (signed by veriSign) and installed it on the target server, the https connection still cannot be established.
Hmm… before, I thought all certificate signed by VeriSign is trusted automatically.
After look into the certificate, it was issued by “CN=VeriSign Class 3 Public Primary Certification Authority - G3”.
That is a new CA root. VeriSign has a lot of CA root. This one is published much later than the JDK and it is not a trusted CA in cacert of JDK.
We download the root certificate for “CN=VeriSign Class 3 Public Primary Certification Authority - G3” and import it in cacert, then it works.
Some resource from internet
No comments:
Post a Comment