hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: about unable to find valid certification path to requested target
Date Wed, 02 Mar 2005 14:55:28 GMT
On Wed, Mar 02, 2005 at 11:40:49AM +0800, char li wrote:
> hi,Oleg
>     thanks 
>   ???have fix the error, 
>    I use keytool -import  myCA.cer 
>    But now  I think  if It can auto import CA. or it can import CA in
> my program.
>    Do you think it OK, and how to do ?

Charlse,

Take a look at the AuthSSLProtocolSocketFactory. The source code comes
with extensive instructions in the java docs. This should help you get
up to the speed.

The AuthSSLProtocolSocketFactory and related files can be found here:

http://svn.apache.org/viewcvs.cgi/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/

Hope this helps

Oleg


>     thanks again.
> charlse
> 
> 
> On Tue, 01 Mar 2005 20:35:19 +0100, Oleg Kalnichevski <olegk@apache.org> wrote:
> > Char Li,
> > 
> > I have not worked extensively with JVM 5.0, but most likely this problem
> > occurs because the server certificate is not trusted. You have to
> > configure the trust manager within the SSL context used by your
> > application to trust the server. Please refer to the Sun's documentation
> > on SSL configuration in Java 1.5
> > 
> > Hope this helps
> > 
> > Oleg
> > 
> > 
> > On Sun, 2005-02-27 at 12:18 +0800, char li wrote:
> > > Hi all
> > >    I have get an error with https.
> > >    Now I use jre 5.0  and Commons HttpClient 3.0 RC1
> > >    I have read http://jakarta.apache.org/commons/httpclient/sslguide.html
> > > to test https
> > >    It get context with https://www.verisign.com/ by ("
> > > get.getResponseBodyAsString()")
> > >    but failed with my test https site.
> > >    It thorw the follow error:
> > >
> > > -----------------------------------------------------------
> > > Exception in thread "main" javax.net.ssl.SSLHandshakeException:
> > > sun.security.validator.ValidatorException: PKIX path building failed:
> > > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> > > find valid certification path to requested target
> > >         at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
> > >         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
> > >         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
> > >         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
> > >         at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:843)
> > >         at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
> > >         at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
> > >         at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
> > >         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
> > >         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
> > >         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
> > >         at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
> > >         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> > >         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> > >         at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:825)
> > >         at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1920)
> > >         at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1002)
> > >         at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382)
> > >         at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
> > >         at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:393)
> > >         at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
> > >         at com.demo.http.BasicAuthenticationExample.main(BasicAuthenticationExample.java:45)
> > > Caused by: sun.security.validator.ValidatorException: PKIX path
> > > building failed:
> > > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> > > find valid certification path to requested target
> > >         at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
> > >         at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
> > >         at sun.security.validator.Validator.validate(Validator.java:203)
> > >         at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
> > >         at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
> > >         at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:836)
> > >         ... 17 more
> > > Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> > > unable to find valid certification path to requested target
> > >         at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
> > >         at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
> > >         at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
> > >         ... 22 more
> > > -----------------------------------------------------------
> > >
> > > Thanks and regards,
> > >
> > > charlse
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> > >
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> > 
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message