SSLPeerUnverifiedException in OpenJDK-6

Brad Wetmore bradford.wetmore at oracle.com
Mon Sep 10 12:27:34 PDT 2012 

Hi Hitesh,

> I have a JAVA Springs web application, which talks to external services
> over HTTPS, using 'javax.net.ssl.HttpsURLConnection'. It used to work
> fine since ages, but starting with 14th August 2012, its throwing
> 'SSLPeerUnverifiedException' for 'https://www.elabs11.com'. The issue
> seems particularly with OpenJDK-6. It's working fine with Sun-6-JDK and
> OpenJDK-7.
>
> Here is my Java configuration:
> /java version "1.6.0_24"
> OpenJDK Runtime Environment (IcedTea6 1.11.4)
> (6b24-1.11.4-1ubuntu0.12.04.1)
> OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode) /
>
> There was one build (34th) rolled out on 14th Aug
> (http://en.wikipedia.org/wiki/Java_version_history#Java_6_updates), but
> my OpenJDK is running 24th build. (/May be just a coincidence/)
>
> PFA my application logs with OpenJDK-6, OpenJDK-7 and SunJDK-6. I have
> also attached the sample Java code I am testing with.
>
> Any pointer in this regard will be appreciated.

You're saying that your build 1.6.0_24 was working, and now it's not? 
I.E. you have not updated your OpenJDK build?

The attachment you provided did not show the problem (i.e. no 
SSLPeerUnverifiedException), but my guess is that something in the 
certificate chain sent by elabs11.com has changed, and you'll need to 
get to the bottom of that.  I took a quick look at the certs received 
and didn't see anything obvious.  The end-entity cert appears to expire 
in Nov 2012.  Check your System's date to make sure it's not wildly off.

Once, I also got an "invalid certificate" page, but my browser crashed 
and wasn't able to investigate further or duplicate, but I did see that 
the certificate name didn't match up.  It's possible you're seeing a 
misconfigured SSL Load Balancer, but wasn't able to to confirm that.

You have a good start by getting the debug log.  Check the certificates 
received and match them to the trusted cert at the beginning of the 
debug output.  Also check that your system time is not wacky.

Sorry, but I won't be able to help you further, this isn't really a 
support list.

Good luck,

Brad

More information about the jdk6-dev mailing list