- Untrusted server certificates
- Handshake problems
- Self-signed server certificate
- Unknown signing authority
The following command shows the complete server certificate chain:
echo | openssl s_client -host <host> -port <port> -showcerts
You can extract the relevant certificate information using:
sed -ne "/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p"
Store the result in a file such as
To trust the server certificate, import the file into the Java Truststore using the following command:
keytool -import -file mychain.pem
Application requires a restart after the import
Handshake problems occur if the application does not find a common ground with the server it is connecting to in terms of the security infrastructure, such as the protocol or cipher suites.
To diagnose the problem, run the following command:
openssl s_client -connect <server>:<port>
If the above command successfully establishes a ssl connection, the handshake problem is Java specific, enable Java SSL Debugging for further diagnosis.