{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 干净又极端 的问题《SSL HandShake exception》','https://www.manongdao.com/q-1233854.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I use SSL connection to connect web client to server. It works without any problem for a long time. But from yesterday it gives following error can anyone tell me the reason.
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1172)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:65)
at net.schubart.fixme.internal.MessageInput.readExactly(MessageInput.java:166)
at net.schubart.fixme.internal.MessageInput.readMessage(MessageInput.java:78)
at cc.aot.itsWeb.ClientWriterThread.run(ClientWriterThread.java:241)
at java.lang.Thread.run(Thread.java:619)
clientWriter.ready
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1586)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:865)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1029)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:621)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.OutputStream.write(OutputStream.java:58)
at net.schubart.fixme.internal.Message.write(Message.java:267)
at net.schubart.fixme.internal.MessageOutput.writeMessage(MessageOutput.java:53)
If you really really need to, you can accept all certificates. But keep in mind that this is really ugly.
Hava a look at this.
This 'certificate_unknown' is a very misleading error message. This is the same error message thrown when a certificate has expired even if it is in the truststore. I suggest checking the expiration date of the certificate before you waste your time on anything else.
I have spent more than 12 hours on this issue. After creating a self-signed certificate it is required to export that certificate to the
cacertfile. In my case it was located in/usr/lib/java/jre/lib/security/cacert. You can export the certificate by using thekeytool(you probably have to have root access):The certificate presented by the server is not trusted. This may be due to the certificate being expired, or the trust manager not being able to establish a chain of trust to any of the certificates in your trust store.
Check the the cert is valid, you can do this with your browser.
The problem you're having is with the certificates. Here is a list of things you might need to be familiar with before working with a secure SSL program. There must be a truststore, keystore, and the certs have to be added. To add the key to your cacerts file, as in step 6, the computer might ask you for a password that you don't know. It is "changeit" mostt likely
1) To create a new keystore and self-signed certificate with corresponding public/private keys:
2) To Examine the keystore:
3) Export and examine the self-signed certificate:
4) Import the certificate into a new truststore:
5) Examine the truststore:
6) Add to keystore (this is what your looking for):
On some systems this is found in
and on other systems it is something like
Check out this project on Git-Hub if you need more clarification: https://github.com/rabbitfighter81/JSSLInfoCollectionServer And here is a shell script that helps with keys. https://github.com/rabbitfighter81/SSLKeytool