SSLHandshakeException unknown_ca apns java

nilesh picture nilesh · Aug 5, 2009 · Viewed 10k times · Source

I am trying to implement a standalone application for iphone; for which I wish to use Apple Push notification for iphone clients. I am getting javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca Following is my Java code to connect to apns gateway:

int port = 2195;
String hostname = "gateway.sandbox.push.apple.com";
char[] passwKey = "password".toCharArray();

KeyStore ts = KeyStore.getInstance("PKCS12");
ts.load(new FileInputStream("/path/to/file/Cert.p12"), passwKey);
KeyManagerFactory tmf = KeyManagerFactory.getInstance("SunX509");
tmf.init(ts, passwKey);

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(tmf.getKeyManagers(), null, null);
SSLSocketFactory factory = sslContext.getSocketFactory();

SSLSocket socket = (SSLSocket) factory.createSocket(hostname,port); 
String[] suites = socket.getSupportedCipherSuites();
socket.setEnabledCipherSuites(suites);
//start handshake
socket.startHandshake(); 

Please help me understand what and how the ssl certificate can be installed on my Linux machine.

EDIT :

It worked for me now, I recreated Cert.p12, and the program started working. I don't know what was the exact cause for not working, but I guess it would be corrupt Cert.p12 file.

Thank you all for your help.

Answer

Tim Parker picture Tim Parker · Aug 6, 2009

unknown_ca:

Received a valid certificate chain or partial chain, but the certificate was not accepted because the CA certificate could not be located or could not be matched with a known, trusted CA. This message is always fatal.

You may need to add the certificate to your jre's cacerts file (generally located under lib/security). Look into the documentation for keytool and its -import option for more information.

You can probably find an example of how to do this by researching the cacerts file and keytool further.