Open matthesrieke opened 10 years ago
It's not a issue of our certificate, but StartCom/Oracle's fault (I don't know the actual process of including CA's in the JRE).
IMHO there are only three alternatives:
There is a fourth alternative: provide a Java client library using a preconfigured keystore. That option of course would take a lot more work… But in the beginning it could just include a HTTPS client…
@staschc Maybe you can link your findings here or find something useful in the discussion.
Hey enviroCar folks,
I am using this as a not-so-public discussion on an annyoing issue I faced when creating a WPS process that interacts with the enviroCar-server API.
While developing the process (on my local machine) everything worked like a charm - certificates got validated without any issue. When deploying the process on our geoprocessing.demo.52north.org VM (Oracle JDK 6 installed) the process failed due to SSLExceptions. I then upgraded to the latest JDK 7u45, but still the issues persisted.
Investigations on the JVM keystore with
keytool -list -v -keystore %JAVA_HOME%/jre/lib/security/cacerts
showed that our StartCom Class 2 Root Certificate is NOT shipped with the current most up-to-date JVM from Oracle. Though, OpenJDK has it! Shame on you, Oracle!So, this is kind of bad as a quite big amount of Java devs will use the Oracle JVM.
Maybe, this could still be an issue with our certifciate? Its common name is set to
dev.envirocar.org
?: https://www.ssllabs.com/ssltest/analyze.html?d=envirocar.orgAny comments or thoughts on how to deal with this?