Caused by: sun.security.validator.ValidatorException: Certificate chaining error
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:207)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
The default trustmanager algorithm used by java and the default algorithm used by the restlet framework are different which results in certificate chains seen as valid in java being "unknown" when called by the restlet framework.
"It should also be noted that this error only comes from the SunX509 TrustManagerFactory, but by default Java will use the PKIX TrustManagerFactory which doesn't have this error. To cause this error, the SunX509 factory must be configured either programmatically or overriding ssl.TrustManagerFactory.algorithm in java.security. Usage of SunX509 TrustManagerFactory is not recommended since SunX509 is considered obsolete and isn't updated since PKIX TrustManagerFactory was introduced." Source: https://access.redhat.com/solutions/1265543
This problem could be fixed by replacing the following field in the default DefaultSslContextFactory:
private volatile String trustManagerAlgorithm = System.getProperty( "ssl.TrustManagerFactory.algorithm", "SunX509");
with
private volatile String trustManagerAlgorithm = System.getProperty( "ssl.TrustManagerFactory.algorithm", TrustManagerFactory.getDefaultAlgorithm());
Caused by: sun.security.validator.ValidatorException: Certificate chaining error at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:207) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
The default trustmanager algorithm used by java and the default algorithm used by the restlet framework are different which results in certificate chains seen as valid in java being "unknown" when called by the restlet framework.
"It should also be noted that this error only comes from the SunX509 TrustManagerFactory, but by default Java will use the PKIX TrustManagerFactory which doesn't have this error. To cause this error, the SunX509 factory must be configured either programmatically or overriding ssl.TrustManagerFactory.algorithm in java.security. Usage of SunX509 TrustManagerFactory is not recommended since SunX509 is considered obsolete and isn't updated since PKIX TrustManagerFactory was introduced." Source: https://access.redhat.com/solutions/1265543
This problem could be fixed by replacing the following field in the default DefaultSslContextFactory:
private volatile String trustManagerAlgorithm = System.getProperty( "ssl.TrustManagerFactory.algorithm", "SunX509");
with
private volatile String trustManagerAlgorithm = System.getProperty( "ssl.TrustManagerFactory.algorithm", TrustManagerFactory.getDefaultAlgorithm());