Monday, May 11, 2015

java.security.cert.CertificateException: no trust anchor defined

If you see a "java.security.cert.CertificateException: no trust anchor defined", most likely it means that someone has messed up the Certificate, for instance replacing a trusted CA certificate with a Self-Signed certificate.

you can use "openssl s_client -debug -connect yourhost:yourport" and check for the dreaded "verify error:num=18:self signed certificate"

In case you use an Oracle Wallet to hold certificates, you can do a

orapki wallet display -wallet /path/to/wallet -summary

http://docs.oracle.com/cd/B28359_01/network.111/b28530/asoappf.htm#i636653

No comments: