commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Becke <be...@u.washington.edu>
Subject Re: [HttpClient] Certificate problems
Date Wed, 10 Sep 2003 20:57:52 GMT
Hi Derek,

I don't think the CA is the problem here (at least not yet).  The 
message when the CA is not supported is something like "untrusted 
server cert chain".  The problem here is that the cert DNS name not 
match the server DNS name.  This is either because they are actually 
different, or because the cert is for a domain instead of a host (e.g. 
.apache.org instead of jakarta.apache.org).

In regard to untrusted certs, importing the cert into the keystore will 
solve the problem.

Mike

On Wednesday, September 10, 2003, at 03:03 PM, Derek Alexander wrote:

> Hi,
>
> Using the HttpClient, I've run into some problems with Certificates.
>
> The error I'm getting is this:
>
> javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: Certificate chaining error: 
> issuer
> DN != subject DN
>
> Running with ssl debug on, I think the problem is that the site uses a 
> CA
> who isn't in CACERTS.
>
> Following the SecureSockets info on the HttpClient pages, I've put a
> temporary workaround in place with a modified version of the
> EasySSLProtocolSocketFactory.java class from there. For the moment 
> I've put
> a TrustManager that trusts everything.
>
> IE has the certificates and I know I can export them. If I did that, 
> could I
> then import them into a KeyStore (other CACERTS) and use that somehow? 
> If so
> how?
>
> If anyone has done this before, I'd appreciate the help.
>
> Thanks,
> D.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-user-help@jakarta.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org


Mime
View raw message