hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Samplonius <...@sdf.com>
Subject Re: HTTPS/JSSE problem
Date Tue, 04 Feb 2003 19:29:49 GMT

  After trying to find the Entrust root certficate, I just exported a .cer
file from IE, and imported it like this:

keytool -import -alias entrust -file entrust.cer \
	-keystore /usr/local/jdk/jre/lib/security/cacerts


  That seems to do the trick.  


Tom


On Tue, 4 Feb 2003, Michael Becke wrote:

> Since the JRE doesn't recognize Entrust by default it is as though the 
> cert is self signed.
> 
> Take a look at Sun's docs for the keytool:
> 
> http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html
> 
> There is also a good discussion thread covering this topic at:
> 
> http://forum.java.sun.com/thread.jsp?thread=153188&forum=2&message=448971
> 
> Enjoy,
> 
> Mike
> 
> 
> Tom Samplonius wrote:
> >   Actually, the certificate is signed by Entrust (the site is
> > https://www3.interaction.bell.ca).
> > 
> >   Can the Entrust root certificate be imported into the keystore easily?
> > The JSSE INSTALL.TXT talks about which file they go into, but doesn't
> > really provide any detail on where they come from.  Where did you get the
> > various signing authorities root certificates?
> > 
> > 
> > Tom
> > 
> > 
> > On Tue, 4 Feb 2003, Michael Becke wrote:
> > 
> > 
> >>By default JSSE only support SSL certs that are signed by Verisign or 
> >>Thawte.  To use a self signed cert (this appears to be what you are 
> >>doing) you have two options:
> >>
> >>1) import the servers cert into your keystore
> >>2) mess around with the X509 stuff, someone posted a URL earlier talking 
> >>about how to do this
> >>
> >>Mike
> >>
> >>Tom Samplonius wrote:
> >>
> >>>  Now I get the runtime error:
> >>>
> >>>javax.net.ssl.SSLException: untrusted server cert chain
> >>>
> >>>
> >>>  Is there anything more that needs to be done to setup the connection?
> >>>I've seend some examples that setup all sorts of X509 stuff.  Is that
> >>>required too?  I'm using JSSE 1.0.3_01.
> >>>
> >>>
> >>>Tom
> >>>
> >>>
> >>>On Tue, 4 Feb 2003, Michael Becke wrote:
> >>>
> >>>
> >>>
> >>>>java.security.Security.addProvider().
> >>>>
> >>>>Mike
> >>>>
> >>>>Tom Samplonius wrote:
> >>>>
> >>>>
> >>>>> I'm getting an unresolved symbol now.  Where do I import
> >>>>>"Security.addProvider()" from? 
> >>>>>
> >>>>>
> >>>>>Tom
> >>>>>
> >>>>>
> >>>>>On Tue, 4 Feb 2003, Michael Becke wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>You need to add the following line to your code somewhere:
> >>>>>>
> >>>>>> Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
> >>>>>>
> >>>>>>The "java.protocol.handler.pkgs" property is only needed if you
want to 
> >>>>>>use https with java.net.URL.
> >>>>>>
> >>>>>>I previously thought that addProvider() was not needed, but it
seems 
> >>>>>>that it is.  We probably need to change this in documentation
in a few 
> >>>>>>places.
> >>>>>>
> >>>>>>Mike
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>---------------------------------------------------------------------
> >>>>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> >>>>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >>>>>
> >>>>
> >>>>
> >>>>---------------------------------------------------------------------
> >>>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> >>>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>>---------------------------------------------------------------------
> >>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> >>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >>>
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >>
> >>
> >>
> > 
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> 
> 
> 


Mime
View raw message