Error #3 CertificateExpiredException -- Client provides a certificate which is EXPIRED

Subject: Error #3 CertificateExpiredException -- Client provides a certificate which is EXPIRED
Author: authen
In response to: Error #2: No trusted CA certs found for the incoming connection
Posted on: 03/20/2009 02:15:01 PM


javax.net.ssl.SSLHandshakeException:  General SSLEngine problem 
	at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source)
	at javax.net.ssl.SSLEngine.wrap(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
	at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(Unknown Source)
	at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown Source)
	... 6 more
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: 
java.security.cert.CertPathValidatorException: timestamp check failed
	at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
	at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
	at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
	at sun.security.validator.Validator.validate(Unknown Source)
	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(Unknown Source)
	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(Unknown Source)
	... 14 more
Caused by: java.security.cert.CertPathValidatorException:  timestamp check failed
	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	... 21 more
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Mar 20 09:32:16 PST 2009 
	at sun.security.x509.CertificateValidity.valid(Unknown Source)
	at sun.security.x509.X509CertImpl.checkValidity(Unknown Source)
	at sun.security.provider.certpath.BasicChecker.verifyTimestamp(Unknown Source)
	at sun.security.provider.certpath.BasicChecker.check(Unknown Source)
	... 25 more

>
> On 02/28/2008 06:37:36 PM authen wrote:

If incoming connection provides an certificate but there is no certificate in your truststore to directly or indirectly identify the issuer, you would most likely see something like this:
javax.net.ssl.SSLHandshakeException: null cert chain at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source) at java.io.BufferedInputStream.fill(Unknown Source) at java.io.BufferedInputStream.read(Unknown Source)

References:

Next Post: Error #4 SignatureException: Signature does not match authen 12/02/2009 05:50:41 PM
Previous Post: Error #2: No trusted CA certs found for the incoming connection authen 02/28/2008 06:37:36 PM
Next Topic: SSL/TLS Certificate Authority via OpenSSL authen 03/07/2008 03:31:08 PM
Previous Topic: SSL/TLS Error Database -- Loading KeyStore authen 02/22/2008 07:43:49 PM
Index: by Date
Index: by Topic