hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Becke <be...@u.washington.edu>
Subject Re: HTTPS/JSSE problem
Date Tue, 04 Feb 2003 19:15:30 GMT
Since the JRE doesn't recognize Entrust by default it is as though the 
cert is self signed.

Take a look at Sun's docs for the keytool:

http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html

There is also a good discussion thread covering this topic at:

http://forum.java.sun.com/thread.jsp?thread=153188&forum=2&message=448971

Enjoy,

Mike


Tom Samplonius wrote:
>   Actually, the certificate is signed by Entrust (the site is
> https://www3.interaction.bell.ca).
> 
>   Can the Entrust root certificate be imported into the keystore easily?
> The JSSE INSTALL.TXT talks about which file they go into, but doesn't
> really provide any detail on where they come from.  Where did you get the
> various signing authorities root certificates?
> 
> 
> Tom
> 
> 
> On Tue, 4 Feb 2003, Michael Becke wrote:
> 
> 
>>By default JSSE only support SSL certs that are signed by Verisign or 
>>Thawte.  To use a self signed cert (this appears to be what you are 
>>doing) you have two options:
>>
>>1) import the servers cert into your keystore
>>2) mess around with the X509 stuff, someone posted a URL earlier talking 
>>about how to do this
>>
>>Mike
>>
>>Tom Samplonius wrote:
>>
>>>  Now I get the runtime error:
>>>
>>>javax.net.ssl.SSLException: untrusted server cert chain
>>>
>>>
>>>  Is there anything more that needs to be done to setup the connection?
>>>I've seend some examples that setup all sorts of X509 stuff.  Is that
>>>required too?  I'm using JSSE 1.0.3_01.
>>>
>>>
>>>Tom
>>>
>>>
>>>On Tue, 4 Feb 2003, Michael Becke wrote:
>>>
>>>
>>>
>>>>java.security.Security.addProvider().
>>>>
>>>>Mike
>>>>
>>>>Tom Samplonius wrote:
>>>>
>>>>
>>>>> I'm getting an unresolved symbol now.  Where do I import
>>>>>"Security.addProvider()" from? 
>>>>>
>>>>>
>>>>>Tom
>>>>>
>>>>>
>>>>>On Tue, 4 Feb 2003, Michael Becke wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>You need to add the following line to your code somewhere:
>>>>>>
>>>>>> Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
>>>>>>
>>>>>>The "java.protocol.handler.pkgs" property is only needed if you want
to 
>>>>>>use https with java.net.URL.
>>>>>>
>>>>>>I previously thought that addProvider() was not needed, but it seems

>>>>>>that it is.  We probably need to change this in documentation in a
few 
>>>>>>places.
>>>>>>
>>>>>>Mike
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>---------------------------------------------------------------------
>>>>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
>>>>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>>>>>
>>>>
>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
>>>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>>
>>
>>
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> 


Mime
View raw message