Skip to content
Advertisement

How to fix “javax.net.ssl.SSLHandshakeException: TLS Server certificate issued after 2019-04-16 and anchored by a distrusted legacy Symantec root CA”

I got the exception below while connecting to a MQTT Server with Java and self signed certificates. I used VeriSign-Class 3-Public-Primary-Certification-Authority-G5.pem as cacert.pem.

The code is for an Linux server but currently I’m programming it on IntelliJ IDEA.

JavaScript

The output is:

JavaScript

I tried to connect to the server with MQTT.fx (Windows program) and it worked.

Hope you can help me. Greetings Joschua

Advertisement

Answer

For Linux

I am able to resolve this issue by comment out the line jdk.security.caDistrustPolicies=SYMANTEC_TLS in java.security file. In my case, this file is located in /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-0.el7_7.x86_64/jre/lib/security/java.security

You should be able to find it in your environment by using the following command alternatives --config java

Note 1 : The Symantec cert was distrusted for a reason and trust it at your own risk.

Note 2 : If you are using Gradle to build, you need to kill the gradle daemon first, otherwise gradle still use old jvm security configuration.

User contributions licensed under: CC BY-SA
2 People found this is helpful
Advertisement