hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon.Andr...@eu.nabgroup.com
Subject RE: [HttpClient] Trying To Connect SSL
Date Mon, 18 Jul 2005 08:08:25 GMT
What type of certificate is it? a versign type 3 for example or a thwaite 
cert? You can cehck this by saving the cert offered to you when you browse 
to the URL in question in a web browser - in IE double click the padlock 
at bottom... then view and see if it is a "common"certificate supplied by 
one of the typical vendors (thwaite, verisign etc as earlier). If standard 
cert, then this is probably shipped with the runtime that you are using... 
it will be in the "cacerts" file, can't remember of the top of my head 
where it is. The problem you got is that you got the certificate in the 
cacert key store, but it is old and/or doen't match that which is 
presented by the service your client is trying to connect to. You will 
have to remove the outdated cert and replace with the one which is now 
being presented to you. By doing this you are basically telling the 
cacerts key store that you implicitly trust this cert prior to SLL 

I also believe (if you are using WAS) that there is patch to bring the 
cacerts keys up to date as the ones shipped with base install expired in 
March or sometime ago, can't remember.
I had the same issue, and once I updated the certificate in question inthe 
key store, everything started to work again.

on my windoze PC, the cacerts I am using is @ C:\Program 

Hope this helps.

"Bashiro" <bashiro@enter.vg>
16/07/2005 09:12
Please respond to "HttpClient User Discussion"

        To:     "HttpClient User Discussion" <httpclient-user@jakarta.apache.org>
        Subject:        RE: [HttpClient] Trying To Connect SSL

Thanks for the links.
As you asked;
> If you can say what problems u are facing specifically.. It wud be 
> to
> help out :)

I have always been using Innovation HttpClient in my application. And then
I was recommended by friends to try Commons HttpClient. Now I have not
been using SSL. I always connect unsecured (http). But then I decided to
add the SSL (https) function to the application. I have read the JSSE and
yet do not know where to beguin.

I tried couple of times to connect through SSL  with Commons HttpClient
but then I get "Certificate not verified or not valid". Then I read
somewhere on ththe net to connect with ordinary browser and then download
the key at the button of the browser by exporting it into my class path.
But that doesn't hehelp either.

Am I to contact the owner of the server for a certificate or what ?

Thanks in advance

> You can have a look at this
> http://jakarta.apache.org/commons/httpclient/authentication.html
> http://jakarta.apache.org/commons/httpclient/sslguide.html
> There are some examples listed in this page.

> Jaya.
> -----Original Message-----
> From: bashiro [mailto:bashiro@myway.com]
> Sent: Saturday, July 16, 2005 11:36 AM
> To: httpclient-user@jakarta.apache.org
> Subject: [HttpClient] Trying To Connect SSL
> Hello Everybody,
> I am trying to conect to a server through SSL. But without success.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

National Australia Group Europe Limited (Company Number 02108635, Registered Office 88 Wood
Street, London EC2V 7QQ) (NAGE) is a subsidiary of National Australia Bank Limited (an Australian
registered company). The following UK companies are authorised and regulated by the Financial
Services Authority: Clydesdale Bank PLC (trading as Clydesdale Bank and Yorkshire Bank), 
MLC Savings Limited, MLC Trust Management Company Limited, Clydesdale Bank Insurance Brokers
Limited, Yorkshire Bank Financial Services Limited, National Australia Insurance Services
Limited and Custom Fleet Limited. 

The views and opinions expressed in this email may not reflect the views and opinions of any
member of the group of which NAGE forms part. The information contained in this message is
confidential and may also be privileged. It is intended only for the addressee named above.
The unauthorised use, disclosure, copying or alteration of this message is strictly prohibited.
If you are not the addressee (or responsible for delivery of the message to the addressee),
please notify the originator immediately by return message and destroy the original message.
This message and any attachments have been scanned for viruses prior to leaving the NAGE network.
However, NAGE does not guarantee the security of this message and will not be responsible
for any damages arising as a result of any virus being passed on or arising from any alteration
of this message by a third party. NAGE may monitor emails sent to and from the NAGE network.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message