Glassfish & certificates: Certificate chain from the server is not trusted

From: <glassfish_at_javadesktop.org>
Date: Wed, 26 Dec 2007 13:03:47 PST

Hello,
I try to integrate google calendar with a JSF application under
Glassfish.
1. I generate the URL with

        String requestURL =
            AuthSubUtil.getRequestUrl("http://localhost:8080/
guipcontrol/faces/supervisor.jspx",
                                      "http://www.google.com/calendar/
feeds/",
                                      false, true);

2. When i click on the link, the google authentication is displayed.
3. When returned i analyse the token for a session token
                googleToken =

AuthSubUtil.getTokenFromReply(httpServletRequest.getQueryString());
                _logger.debug("Token: " + googleToken);
                _googleSessionToken =
AuthSubUtil.exchangeForSessionToken(googleToken,

null);

An error is generated with the following stack trace:

The followind message is displayed in the trace

Do you trust the above certificate [y|n]

[#|2007-12-25T22:48:52.406+0100|INFO|sun-appserver9.1|
javax.enterprise.system.stream.out|
_ThreadID=19;_ThreadName=httpSSLWorkerThread-8080-0;|
[
[
  Version: V3
  Subject: CN=www.google.com, O=Google Inc, L=Mountain View,
ST=California, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key: Sun RSA public key, 1024 bits
  modulus:
162054003328297878359739858513425660792404748358894350673749102017924970706096554774199463538324738820978800728044926821059520881284934619479749542613969421597794092589003363044869284631577316997737919635749964385169992270469468766019798512928940736085970209636047874793111653149847743503546442226395346603979
  public exponent: 65537
  Validity: [From: Thu May 03 17:34:58 CEST 2007,
               To: Thu May 15 01:18:11 CEST 2008]
  Issuer: CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA
  SerialNumber: [ 68766438 3d496e2e f5e31998 42e07cee]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.thawte.com/ThawteSGCCA.crl]
]]

[2]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2, 2.16.840.1.113730.4.1]]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]

[4]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp.thawte.com, accessMethod:
1.3.6.1.5.5.7.48.2
   accessLocation: URIName: http://www.thawte.com/repository/Thawte_SGC_CA.crt]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 93 A4 8E 05 9D 7D 8A F3 F8 32 D0 3B 9C 21 CE D2 .........
2.;.!..
0010: E8 55 FD 80 B5 BB D5 2B 54 7A 25 AC AF 73 18 0A .U.....+Tz
%..s..
0020: F9 B7 7A 99 5C 16 23 46 57 FC 31 19 5B 8B F2 04 ..z.\.#FW.1.
[...
0030: 79 73 EE B4 B2 56 6B DF D7 F7 D8 56 D5 B7 AA CD
ys...Vk....V....
0040: E8 9C C8 99 F3 76 4B 64 07 AD EA 9A 2B 20 92 E6 .....vKd....
+ ..
0050: 92 9B 32 84 7C 82 62 77 9A 15 A0 D7 21 AD C8 D9 ..
2...bw....!...
0060: 8C BB 31 82 9B 10 86 A9 41 7A 12 E0 01 56 09 06 ..
1.....Az...V..
0070: D8 63 9A 50 EE 44 AD DE 75 41 01 7A 69 53 49
8A .c.P.D..uA.ziSI.

]|#]

[#|2007-12-25T22:48:52.421+0100|INFO|sun-appserver9.1|
javax.enterprise.system.stream.out|
_ThreadID=19;_ThreadName=httpSSLWorkerThread-8080-0;|
Do you trust the above certificate [y|n] -->|#]

[#|2007-12-25T22:48:57.218+0100|WARNING|sun-appserver9.1|
javax.enterprise.system.stream.err|
_ThreadID=19;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=b8151938-5fa8-4604-8df3-1488180e911c;|
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: The certificate chain from
the server is not trusted
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:
150)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:
1476)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:
174)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:
168)
        at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:
847)
        at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:
106)
        at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:
495)
        at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:
433)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:
815)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:
1025)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:
1038)
        at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:
402)
        at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Abstrac...
170)
        at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection....
913)
        at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:
367)
        at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLCon...
318)
        at
com.google.gdata.client.http.AuthSubUtil.exchangeForSessionToken(Unknown
Source)
        at
com.google.gdata.client.http.AuthSubUtil.exchangeForSessionToken(Unknown
Source)
[Message sent by forum member 'fvisticot' (fvisticot)]

http://forums.java.net/jive/thread.jspa?messageID=251468