Closed jhiemer closed 8 years ago
Hi,
we had exact the same issue months ago. We added some extra jvm arguments to resolve this. If it's really urgent add the following to your jvm opts:
-Djdk.tls.allowUnsafeServerCertChange=true
-Dsun.security.ssl.allowUnsafeRenegotiation=true
This is considered as a quick fix and should be removed when the guys from is24 fixed this.
Hey guys,
we are in the process of serving a certificate issued by a CA bundled with java. Our current setup serves a StartSSL certificate wich unfortunately is not bundled. We will switch to a verisign certificate coming week.
Cheers Boris
@transacid Are you sure about the StartSSL certificate not being available in the ca bundle? You usually need to combine the server certificate with the intermediate ca certificate in case of StartSSL since the intermediate ca is usually not available in ca bundles but the root ca is. If you serve the intermediate, the client should be able to validate the certificate
we are serving the intermediate cert. It is widely known that java doesn't include startssl.
$ openssl s_client -connect rest.sandbox-immobilienscout24.de:443
<snip>
---
Certificate chain
0 s:/description=1E3VqALu8ntIdTtA/C=DE/ST=Berlin/L=Berlin/O=Immobilien Scout GmbH/CN=*.sandbox-immobilienscout24.de/emailAddress=webmaster@sandbox-immobilienscout24.de
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA
1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
---
</snip>
Hi, is there any estimate, when this will be fixed?
Finally after some hassle with Symantec and our Loadbalancer the new Certificate is installed :)
$ openssl s_client -connect rest.sandbox-immobilienscout24.de:443 2>&1 |grep -A4 "Certificate chain"
Certificate chain
0 s:/C=DE/ST=Berlin/L=Berlin/O=Immobilien Scout GmbH/CN=*.sandbox-immobilienscout24.de
i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
$ openssl s_client -connect www.sandbox-immobilienscout24.de:443 2>&1 |grep -A4 "Certificate chain"
Certificate chain
0 s:/C=DE/ST=Berlin/L=Berlin/O=Immobilien Scout GmbH/CN=*.sandbox-immobilienscout24.de
i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
Hi, I recently tried to run an export against the API. The OAuth authentication works smoothly. Afterwards, I put the consumer key, secret and the access token, secret into the API as follows:
But when executing:
I get the following exception. I am sure this has been working before:
Am I missing something?