Friday, August 5, 2011

Certificate signed by VeriSign is not trusted in java

My current project need create a https connection in java code. The code worked fine in the past 5 years. But recently the certificate expired. After we got the new certificate (signed by veriSign) and installed it on the target server, the https connection still cannot be established.

Hmm… before, I thought all certificate signed by VeriSign is trusted automatically.

After look into the certificate, it was issued by “CN=VeriSign Class 3 Public Primary Certification Authority - G3”.

That is a new CA root. VeriSign has a lot of CA root. This one is published much later than the JDK and it is not a trusted CA in cacert of JDK.

We download the root certificate for “CN=VeriSign Class 3 Public Primary Certification Authority - G3” and import it in cacert, then it works.


Some resource from internet

No comments:

Post a Comment