Return-Path: Delivered-To: apmail-jakarta-httpclient-user-archive@www.apache.org Received: (qmail 3394 invoked from network); 2 Mar 2005 14:55:28 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 2 Mar 2005 14:55:28 -0000 Received: (qmail 66946 invoked by uid 500); 2 Mar 2005 14:55:28 -0000 Delivered-To: apmail-jakarta-httpclient-user-archive@jakarta.apache.org Received: (qmail 66929 invoked by uid 500); 2 Mar 2005 14:55:27 -0000 Mailing-List: contact httpclient-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: "HttpClient User Discussion" Reply-To: "HttpClient User Discussion" Delivered-To: mailing list httpclient-user@jakarta.apache.org Received: (qmail 66916 invoked by uid 99); 2 Mar 2005 14:55:27 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (hermes.apache.org: local policy) Received: from mail2.bluewin.ch (HELO mail2.bluewin.ch) (195.186.4.73) by apache.org (qpsmtpd/0.28) with ESMTP; Wed, 02 Mar 2005 06:55:26 -0800 Received: from xbox.localdomain (83.76.32.162) by mail2.bluewin.ch (Bluewin AG 7.0.035) id 41DEA58B0053975B for httpclient-user@jakarta.apache.org; Wed, 2 Mar 2005 14:55:22 +0000 Received: by xbox.localdomain (Postfix, from userid 1000) id 138E9B6ECA; Wed, 2 Mar 2005 15:55:28 +0100 (CET) Date: Wed, 2 Mar 2005 15:55:28 +0100 From: Oleg Kalnichevski To: HttpClient User Discussion Subject: Re: about unable to find valid certification path to requested target Message-ID: <20050302145528.GA26234@xbox.localdomain> Mail-Followup-To: HttpClient User Discussion References: <10d4f6b4050226091546a0294c@mail.gmail.com> <10d4f6b4050226201850bc55eb@mail.gmail.com> <1109705719.5680.6.camel@localhost.localdomain> <10d4f6b40503011940de40e80@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <10d4f6b40503011940de40e80@mail.gmail.com> User-Agent: Mutt/1.4.2.1i X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N On Wed, Mar 02, 2005 at 11:40:49AM +0800, char li wrote: > hi,Oleg > thanks > ???have fix the error, > I use keytool -import myCA.cer > But now I think if It can auto import CA. or it can import CA in > my program. > Do you think it OK, and how to do ? Charlse, Take a look at the AuthSSLProtocolSocketFactory. The source code comes with extensive instructions in the java docs. This should help you get up to the speed. The AuthSSLProtocolSocketFactory and related files can be found here: http://svn.apache.org/viewcvs.cgi/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/ Hope this helps Oleg > thanks again. > charlse > > > On Tue, 01 Mar 2005 20:35:19 +0100, Oleg Kalnichevski wrote: > > Char Li, > > > > I have not worked extensively with JVM 5.0, but most likely this problem > > occurs because the server certificate is not trusted. You have to > > configure the trust manager within the SSL context used by your > > application to trust the server. Please refer to the Sun's documentation > > on SSL configuration in Java 1.5 > > > > Hope this helps > > > > Oleg > > > > > > On Sun, 2005-02-27 at 12:18 +0800, char li wrote: > > > Hi all > > > I have get an error with https. > > > Now I use jre 5.0 and Commons HttpClient 3.0 RC1 > > > I have read http://jakarta.apache.org/commons/httpclient/sslguide.html > > > to test https > > > It get context with https://www.verisign.com/ by (" > > > get.getResponseBodyAsString()") > > > but failed with my test https site. > > > It thorw the follow error: > > > > > > ----------------------------------------------------------- > > > Exception in thread "main" javax.net.ssl.SSLHandshakeException: > > > sun.security.validator.ValidatorException: PKIX path building failed: > > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > > find valid certification path to requested target > > > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) > > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) > > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) > > > at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:843) > > > at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) > > > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) > > > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619) > > > at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) > > > at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) > > > at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) > > > at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:825) > > > at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1920) > > > at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1002) > > > at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382) > > > at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168) > > > at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:393) > > > at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324) > > > at com.demo.http.BasicAuthenticationExample.main(BasicAuthenticationExample.java:45) > > > Caused by: sun.security.validator.ValidatorException: PKIX path > > > building failed: > > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > > find valid certification path to requested target > > > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) > > > at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) > > > at sun.security.validator.Validator.validate(Validator.java:203) > > > at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172) > > > at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320) > > > at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:836) > > > ... 17 more > > > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > > > unable to find valid certification path to requested target > > > at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236) > > > at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) > > > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) > > > ... 22 more > > > ----------------------------------------------------------- > > > > > > Thanks and regards, > > > > > > charlse > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org > > > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org > > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: httpclient-user-help@jakarta.apache.org