hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "bashiro" <bash...@myway.com>
Subject RE: [HttpClient] Trying To Connect SSL
Date Mon, 25 Jul 2005 15:08:35 GMT

Good day!

I thank all of you for the help.
I still get this error even with the
BasicAuthentication example. Any ideas ?

Thanks


javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted
certificate found
	at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)




 --- On Wed 07/20, bashiro < bashiro@myway.com > wrote:
From: bashiro [mailto: bashiro@myway.com]
To: httpclient-user@jakarta.apache.org
Date: Wed, 20 Jul 2005 02:46:57 -0400 (EDT)
Subject: RE: [HttpClient] Trying To Connect SSL

 Hello,  Thanks for the thorough explaination. I really appreciate that.The certificate is
Equifax Sec

ure certificate, as I checked from IE.Do you mean I should import this certificate to my class
path or into the"cacerts" file as you pointed out ?  Thanks a lotbashiro--- On Mon 07/18,
&lt; Jon.Andrews@eu.nabgroup.com &gt; wrote:<br>From: [mailto: Jon.Andrews@eu.nabgroup.com]To:
httpclient-user@jakarta.apache.orgDate: Mon, 18 Jul 2005 09:08:25 +0100Subject: RE: [HttpClient]
Trying To Connect SSLWhat type of certificate is it? a versign type 3 for example or a thwaite
cert? You can cehck this by saving the cert offered to you when you browseto the URL in question
in a web browser - in IE double click the padlockat bottom... then view and see if it is a
"common"certificate supplied byone of the typical vendors (thwaite, verisign etc as earlier).
If standardcert, then this is probably shipped with the runtime that you are using...it will
be in the "cacerts" file, can't remember of the top of my headwhere it is. The problem you
got is that you got the certificate in thecacert key
  
store, but it is old and/or doen't match that which ispresented by the service your client
is trying to connect to. You willhave to remove the outdated cert and replace with the one
which is nowbeing presented to you. By doing this <br>you are basically telling thecacerts
key store that you implicitly trust this cert prior to SLLconnect.I also believe (if you are
using WAS) that there is patch to bring thecacerts keys up to date as the ones shipped with
base install expired inMarch or sometime ago, can't remember.I had the same issue, and once
I updated the certificate in question inthekey store, everything started to work again.on
my windoze PC, the cacerts I am using is @ C:ProgramFilesJavaj2re1.4.2_05libsecurityHope this
helps.Jon"Bashiro" 16/07/2005 09:12Please respond to "HttpClient User Discussion"To: "HttpClient
User Discussion" cc:Subject: RE: [HttpClient] Trying To Connect SSLThanks for the links.As
you asked;&gt; If you can say what problems u are facing 
specifically.. It wud beeasier&gt; to&gt; help out :)I have always been using Innovation
HttpClient in my application. And thenI was recommended by friends to try Commons HttpClient.
Now I have notbeen using SSL. I always connect unsecured (http).<br>  <br>But
then I decided toadd the SSL (https) function to the application. I have read the JSSE andyet
do not know where to beguin.I tried couple of times to connect through SSL with Commons HttpClientbut
then I get "Certificate not verified or not valid". Then I readsomewhere on ththe net to connect
with ordinary browser and then downloadthe key at the button of the browser by exporting it
into my class path.But that doesn't hehelp either.Am I to contact the owner of the server
for a certificate or what ?Thanks in advancebashiro&gt; You can have a look at this&gt;
http://jakarta.apache.org/commons/httpclient/authentication.html&gt; http://jakarta.apache.org/commons/httpclient/sslguide.html&gt;&gt;
There are some examples listed
  
in this page.&gt;&gt;&gt;&gt; HTH&gt; Jaya.&gt;&gt;&gt; -----Original
Message-----&gt; From: bashiro [mailto:bashiro@myway.com]&gt; Sent: Saturday, July
16, 2005 11:36 AM&gt; To: httpclient-user@jakarta.apache.org&gt; Subject: [HttpClient]
Trying To <br>Connect SSL&gt;&gt;&gt; Hello Everybody,&gt;&gt; I
am trying to conect to a server through SSL. But without success.&gt;&gt;&gt;
---------------------------------------------------------------------&gt; To unsubscribe,
e-mail: httpclient-user-unsubscribe@jakarta.apache.org&gt; For additional commands, e-mail:
httpclient-user-help@jakarta.apache.org&gt;&gt;---------------------------------------------------------------------To
unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.orgFor additional commands,
e-mail: httpclient-user-help@jakarta.apache.org===============================================================National
Australia Group Europe Limited (Company Number 02108635, Registered Office 88 Wood Street,

London EC2V 7QQ) (NAGE) is a subsidiary of National Australia Bank Limited (an Australian
registered company). The following UK companies are authorised and regulated by the Financial
Services Authority: Clydesdale Bank PLC (trading as Clydesdale Bank and <br>Yorkshire
Bank), MLC Savings Limited, MLC Trust Management Company Limited, Clydesdale Bank Insurance
Brokers Limited, Yorkshire Bank Financial Services Limited, National Australia Insurance Services
Limited and Custom Fleet Limited.The views and opinions expressed in this email may not reflect
the views and opinions of any member of the group of which NAGE forms part. The information
contained in this message is confidential and may also be privileged. It is intended only
for the addressee named above. The unauthorised use, disclosure, copying or alteration of
this message is strictly prohibited. If you are not the addressee (or responsible for delivery
of the message to the addressee), please notify the originator 
immediately by return message and destroy the original message. This message and any attachments
have been scanned for viruses prior to leaving the NAGE network. However, NAGE does not guarantee
the security of this message and will not be responsible for any <br>damages arising
as a result of any virus being passed on or arising from any alteration of this message by
a third party. NAGE may monitor emails sent to and from the NAGE network.<br><br>_______________________________________________<br>No
banners. No pop-ups. No kidding.<br>Make My Way  your home on the Web - http://www.myway.com<br>

_______________________________________________
No banners. No pop-ups. No kidding.
Make My Way  your home on the Web - http://www.myway.com



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message