Root Certs in Java

boywaja · May 10, 2012, 4:06pm

We’re getting a certificate error on our training site from within java. (screenshots attached)

The site ssl cert is issued by
CN=COMODO High Assurance Secure Server CA,
[From: Thu Nov 30 19:00:00 EST 2006,
To: Tue Dec 31 18:59:59 EST 2019]
[10687521818019188689634919319454876482]

which is issued by
CN=COMODO Certification Authority,
[From: Thu Nov 30 19:00:00 EST 2006,
To: Mon Dec 31 18:59:59 EST 2029]
[104350513648249232941998508985834464573]

It looks like these aren’t in the Java. Is there a reason these aren’t in the trusted keystore? Any plans for java to include this in the near future. (I"m using java 1.6 update 31). Am I going to have to deploy this manually to all systems?

[attachment deleted by admin]

salvatoreg · May 10, 2012, 4:45pm

You need to be sure your certificate’s full hierarchy (up to AddTrust) is installed on the server/site that Java is trying to access.

Easiest thing to do is submit a support ticket via https://support.comodo.com and ask for a cert re-issue off our ‘new’ hierarchy. It seems you’re using one of our slightly older ones that Microsoft-based systems have trouble with hosting because there are 3 Root CAs (cross-signed for ubiquity) in the older hierarchy.

boywaja · May 10, 2012, 9:46pm

that makes sense. I’ll talk to the appropriate people about getting that fixed.
thanks