users@glassfish.java.net

Re: Glassfish & certificates: Certificate chain from the server is not trus

From: <glassfish_at_javadesktop.org>
Date: Wed, 26 Dec 2007 23:57:52 PST

Hi,

  A server certificate is considered trusted if it is a trusted site certificate or if any of its chain of signers are trusted root certificates.

 In your case if you are using Default GlassFish Truststore then the signer certificate of the Goolge Cert

 Issuer: CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA

is not present in the default glassfish truststore cacerts.jks file. And since you are running a JSF app there is probably no way to answer the "Do you trust the above certificate [y|n] " query.

So IMO if you can obtain the above Thawte CA cert and import into GlassFish cacerts.jks then it will probably work.

There is probably some way to programmatically accept an untrusted server cert, i will let you know if i find out.


Thanks.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]

http://forums.java.net/jive/thread.jspa?messageID=251495