822 2008-01-16 20:01:35 +0000 jacorb.properties cannot turn off verifying server's certficate in a client 2014-04-25 17:50:16 +0000 1 1 1 Unclassified JacORB SSL/IIOP 2.3.0 Other other REOPENED P2 major --- 1 txie gerald.brose jacorb oldest_to_newest 2283 0 txie 2008-01-16 20:01:35 +0000 No matter which option you try, there is no way to turn off verifying service's certficate in a client. In other words, you have to go to the cacerts and add the service's certificate to the jre's trust store. Available options: # IIOP/SSL parameters (numbers are hex values, without the leading "0x"): # NoProtection = 1 # EstablishTrustInClient = 40 # EstablishTrustInTarget = 20 # mutual authentication = 60 # please see the programming guide for more explanation A workaround is to use this setting with a no trust check : jacorb.security.ssl.client.trust_manager=com.incognito.NoTrustManager BTW, the NoProtection = 1 ( I think it means no authentication for both client/ server) cannot work at all because checkSSL method will check if the minimum option masked with it is 0 then SSL is not selected at all. 2284 1 txie 2008-01-16 20:02:26 +0000 This bug needs bug 820 to fix first since the configuration properties are read incorrectly as non-hex. 2756 2 rnc 2011-09-29 16:21:03 +0000 I think this is fixed in CVS - please retest and reopen if required. 3127 3 txie 2014-04-24 17:30:13 +0000 Using NoProtection = 1 still doesn't work on the client. There is an handshake exception: org.omg.CORBA.COMM_FAILURE: IOException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found vmcid: 0x0 minor code: 0 completed: No This workaround is still needed: jacorb.security.ssl.client.trust_manager=com.incognito.NoTrustManager Jacorb 3.3 stable release 3130 4 jacorb 2014-04-25 17:50:16 +0000 Can you please supply the configuration you are using (ideally a test case) ?