Untrusted server cert chain

hcl-bot · May 5, 2004, 12:03pm

Hi all !

I have made a Java agent with Domino 6.5.1 that made a SOAP connection with https to some distant procedure. The distant server gave me a certificate that I put in the cacerts file in the \Lotus\Domino\jvm\lib\security folder and all work fine when I launch the agent with my Notes client.

I have a problem when I launch the agent with a Browser with a ?OpenAgent URL, the server log print :

HTTP JVM: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: javax.net.ssl.SSLException: untrusted server cert chain; targetException=java.lang.IllegalArgumentException: Error opening socket: javax.net.ssl.SSLException: untrusted server cert chain]

I dont understand why the cacerts file is not considered when launching the agent from the browser ?

Do I have to pu my certificate in keyring.kyr or is this file only used by incoming SSL call ?

Thanks a lot and excuse my poor english !

Serge Savoie

hcl-bot · May 5, 2004, 12:35pm

Subject: Perhaps because your cacerts file needs to be in the Domino Servers executable directory and not the one for your client?

hcl-bot · May 5, 2004, 1:16pm

Subject: Its already there

hcl-bot · May 5, 2004, 1:34pm

Subject: Solution

It look like the server cant go on cacerts when the agent is run from the web.

I have add :

System.setProperty(

“javax.net.ssl.trustStore”,

“E:\AppsServ\Lotus\Domino\jvm\lib\security\mammpr.keystore”);

to my agent and it works…