commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Derek Alexander" <dalexan...@ukgateway.net>
Subject RE: [HttpClient] Certificate problems
Date Wed, 10 Sep 2003 22:02:41 GMT
Hi Mike,

Thanks for you reply.

The error message would indicate something like that but it doesn't seem to
bother IE.

As far as I can see everything is in order in the certificate too.

Anyway, as you suggested I've imported the site's cert into the keystore my
TrustManager
is using and that seems to do the trick.

Thanks again,
D.




> -----Original Message-----
> From: Michael Becke [mailto:becke@u.washington.edu]
> Sent: 10 September 2003 21:58
> To: Jakarta Commons Users List
> Subject: Re: [HttpClient] Certificate problems
>
>
> Hi Derek,
>
> I don't think the CA is the problem here (at least not yet).  The
> message when the CA is not supported is something like "untrusted
> server cert chain".  The problem here is that the cert DNS name not
> match the server DNS name.  This is either because they are actually
> different, or because the cert is for a domain instead of a host (e.g.
> .apache.org instead of jakarta.apache.org).
>
> In regard to untrusted certs, importing the cert into the keystore will
> solve the problem.
>
> Mike
>
> On Wednesday, September 10, 2003, at 03:03 PM, Derek Alexander wrote:
>
> > Hi,
> >
> > Using the HttpClient, I've run into some problems with Certificates.
> >
> > The error I'm getting is this:
> >
> > javax.net.ssl.SSLHandshakeException:
> > java.security.cert.CertificateException: Certificate chaining error:
> > issuer
> > DN != subject DN
> >
> > Running with ssl debug on, I think the problem is that the site uses a
> > CA
> > who isn't in CACERTS.
> >
> > Following the SecureSockets info on the HttpClient pages, I've put a
> > temporary workaround in place with a modified version of the
> > EasySSLProtocolSocketFactory.java class from there. For the moment
> > I've put
> > a TrustManager that trusts everything.
> >
> > IE has the certificates and I know I can export them. If I did that,
> > could I
> > then import them into a KeyStore (other CACERTS) and use that somehow?
> > If so
> > how?
> >
> > If anyone has done this before, I'd appreciate the help.
> >
> > Thanks,
> > D.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: commons-user-help@jakarta.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-user-help@jakarta.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org


Mime
View raw message