hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SSL (Untrusted Server Certificate Chain)
Date Sat, 27 Aug 2005 21:25:02 GMT
On Fri, 2005-08-26 at 20:26 -0700, Meghana wrote:
> Oleg,
>     Thanks for your answer. I have got
> AuthSSLProtocolSocketFactory now. But the comments in
> the AuthSSLProtocolSocketFactory.java file has some
> thing like 
> 
> keytool -import -alias "my server cert" -file
> server.crt -keystore my.truststore
> 
> When I run the above command it throws:
> keytool error: java.io.FileNotFoundException:
> server.crt (The system cannot find
>  the file specified)
> 
> where do I get the file server.crt from? I googled it
> up but in vain. Could you please let me know this step
> is required?
> 
Meghana,

It is just not feasible that I explain you the fundamentals of SSL in
few sentences or even paragraphs. It is a very complex protocol.
Essentially you need a certificate to be able to authenticate the
counterparty you are communicating with. There are various ways to
obtain such a certificate depending on what organization you are dealing
with

Oleg




> Thanks
> -M
> 
> --- Oleg Kalnichevski <olegk@apache.org> wrote:
> 
> > On Thu, Aug 25, 2005 at 10:31:03PM -0700, Meghana
> > wrote:
> > > Hi,
> > >    I tried using EasySSLProtocolSocketFactory to
> > > create an SSL connection to a secured site. It
> > throws
> > > the following error. 
> > > 
> > 
> > Meghana,
> > 
> > I just recently answered a similar question:
> > 
> >
> http://www.mail-archive.com/httpclient-dev%40jakarta.apache.org/msg01935.html
> > 
> > Hope this helps
> > 
> > Oleg
> > 
> > 
> > > javax.net.ssl.SSLHandshakeException:
> > > java.security.cert.CertificateException: Untrusted
> > > Server Certificate Chain
> > > 	at
> > >
> >
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
> > > 	at
> > >
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
> > > 	at
> > >
> >
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
> > > 	at
> > >
> >
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
> > > 	at
> > >
> >
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
> > > 	at
> > >
> >
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
> > > 	at
> > >
> >
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
> > > 	at
> > >
> >
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
> > > 	at
> > >
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
> > > 	at
> > >
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
> > > 	at
> > >
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
> > > 	at
> > >
> >
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
> > > 	at
> > >
> >
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> > > 	at
> > >
> >
> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> > > 	at
> > >
> >
> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:825)
> > > 	at
> > >
> >
> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1975)
> > > 	at
> > >
> >
> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
> > > 	at
> > >
> >
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:393)
> > > 	at
> > >
> >
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
> > > 	at
> > >
> >
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
> > > 	at
> > >
> >
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
> > > 
> > > 
> > > Any ideas are really appreciated,
> > > Thanks a lot in advance
> > > -M
> > > 
> > > 
> > > 		
> > >
> > ____________________________________________________
> > > Start your day with Yahoo! - make it your home
> > page 
> > > http://www.yahoo.com/r/hs 
> > >  
> > > 
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
> > httpclient-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> > httpclient-user-help@jakarta.apache.org
> > > 
> > > 
> > 
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> > httpclient-user-help@jakarta.apache.org
> > 
> > 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message