hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "bagas" <ba...@indoartha.co.id>
Subject RE: [newbie] SSL
Date Wed, 28 Apr 2004 04:51:33 GMT
Thank you for your reply .. but I have another question

When I run sample code in the bottom of
http://jakarta.apache.org/commons/httpclient/sslguide.html page
(accessing https://www.verisign.com), I get Exception msg like this :

------------------------------------------------------------------------
----
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
	at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
	at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
	at
sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)
	at
sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:40
4)
	at
sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:408)
	at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
	at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
	at Test.main(Test.java:26)
Caused by: sun.security.validator.ValidatorException: No trusted
certificate found
	at
sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator
.java:304)
	at
sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.ja
va:107)
	at sun.security.validator.Validator.validate(Validator.java:202)
	at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Das
hoA6275)
	at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Das
hoA6275)
	... 13 more
------------------------------------------------------------------------
----        

but when I altered the destination (field TARGET_HTTPS_SERVER) became
www.verizon.com and www.mail.yahoo.com the program doing fine.

But then when change again the destination into sourceforge.net, the
Exception as above happen again.

www.verisign.com and sourceforge.net have the same characteristic that
is when I browse them with Microsoft Internet Explorer 6, they yield a
dialog frame that say "this page contain both secure and nonsecure items
.... "

Is the characteristic above that caused me unable to open
www.verisign.com and sourceforge.net? Or can you think another causes?
And please tell how do I deal with it?

Thank you ...

For your Information this is my JVM :

C:\j2sdk1.4.2_01\jre\lib\security>java -version
java version "1.4.1_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1_02-b06)
Java HotSpot(TM) Client VM (build 1.4.1_02-b06, mixed mode)

And this are my cacerts fill with : 

C:\j2sdk1.4.2_01\jre\lib\security>keytool -list -keystore cacerts
Enter keystore password:

*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  *****************

Keystore type: jks
Keystore provider: SUN

Your keystore contains 20 entries

verisignclass4ca, Jun 30, 1998, trustedCertEntry,
Certificate fingerprint (MD5):
1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10
entrustglobalclientca, Jan 9, 2003, trustedCertEntry,
Certificate fingerprint (MD5):
9A:77:19:18:ED:96:CF:DF:1B:B7:0E:F5:8D:B9:88:2E
gtecybertrustglobalca, May 10, 2002, trustedCertEntry,
Certificate fingerprint (MD5):
CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
entrustgsslca, Jan 9, 2003, trustedCertEntry,
Certificate fingerprint (MD5):
9D:66:6A:CC:FF:D5:F5:43:B4:BF:8C:16:D1:2B:A8:99
thawtepersonalbasicca, Feb 13, 1999, trustedCertEntry,
Certificate fingerprint (MD5):
E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
verisignclass1ca, Jun 30, 1998, trustedCertEntry,
Certificate fingerprint (MD5):
51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20
thawtepersonalfreemailca, Feb 13, 1999, trustedCertEntry,
Certificate fingerprint (MD5):
1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
entrustsslca, Jan 9, 2003, trustedCertEntry,
Certificate fingerprint (MD5):
DF:F2:80:73:CC:F1:E6:61:73:FC:F5:42:E9:C5:7C:EE
verisignclass3ca, Jun 30, 1998, trustedCertEntry,
Certificate fingerprint (MD5):
78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D
gtecybertrustca, May 10, 2002, trustedCertEntry,
Certificate fingerprint (MD5):
C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
thawteserverca, Feb 13, 1999, trustedCertEntry,
Certificate fingerprint (MD5):
C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
thawtepersonalpremiumca, Feb 13, 1999, trustedCertEntry,
Certificate fingerprint (MD5):
3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D
thawtepremiumserverca, Feb 13, 1999, trustedCertEntry,
Certificate fingerprint (MD5):
06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
entrust2048ca, Jan 9, 2003, trustedCertEntry,
Certificate fingerprint (MD5):
BA:21:EA:20:D6:DD:DB:8F:C1:57:8B:40:AD:A1:FC:FC
baltimorecybertrustca, May 10, 2002, trustedCertEntry,
Certificate fingerprint (MD5):
AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4
entrustclientca, Jan 9, 2003, trustedCertEntry,
Certificate fingerprint (MD5):
0C:41:2F:13:5B:A0:54:F5:96:66:2D:7E:CD:0E:03:F4
verisignserverca, Jun 30, 1998, trustedCertEntry,
Certificate fingerprint (MD5):
74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
gtecybertrust5ca, May 10, 2002, trustedCertEntry,
Certificate fingerprint (MD5):
7D:6C:86:E4:FC:4D:D1:0B:00:BA:22:BB:4E:7C:6A:8E
baltimorecodesigningca, May 10, 2002, trustedCertEntry,
Certificate fingerprint (MD5):
90:F5:28:49:56:D1:5D:2C:B0:53:D4:4B:EF:6F:90:22
verisignclass2ca, Jun 30, 1998, trustedCertEntry,
Certificate fingerprint (MD5):
EC:40:7D:2B:76:52:67:05:2C:EA:F2:3A:4F:65:F0:D8




-----Original Message-----
From: Ortwin Gl├╝ck [mailto:ortwin.glueck@nose.ch] 
Sent: Tuesday, April 27, 2004 3:44 PM
To: Commons HttpClient Project
Subject: Re: [newbie] SSL



bagas wrote:

> Dear All,
> 
> I am sorry let me rephrase my question.
> What I want to ask are
> 1. How do I check and approve a certificate sent by a web server in
> https request? So that I don't get error like :
>
javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorExce
> ption: No trusted certificate found.
> 
> 2. Can a HttpClient uses a certificate so that it can be verified by a
> webserver that it trying to connect? If this can be done please give
me
> an example?
> 
> Thank You.
>  
> Regards,
>  
> Rahmat Bagas Santoso

Please check out the SSL guide

http://jakarta.apache.org/commons/httpclient/sslguide.html

which should answer your questions.

As statet frequently on this list, HttpClient makes no assumptions about

the underlying SSL implementation. Please refer to the documentation of 
your SSL implementation for further information.

---------------------------------------------------------------------
To unsubscribe, e-mail:
commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail:
commons-httpclient-dev-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message