hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "sudip shrestha" <sud...@gmail.com>
Subject SSLHandshakeException with apache+tomcat httpd server
Date Fri, 05 May 2006 16:20:02 GMT
Hi,
I have apache httpd 2.0 server working with Tomcat 5.5.7 that server dynamic
contents.  Only HTTPS requests are allowed by this server.  We have a
trusted certificate from a CA, comodo. I have written an applet that needs
to talk to this server via ssl.
I have added the cert from the CA to the jdk keystore with:  keytool -import
-file mydomain.com.crt.

So, when I use this piece of code below to make a connection I get an
Exception:

javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path buil
ding failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid
certification path to requested target
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
Source)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown
Source)
        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown
Source)
        at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
        at java.io.BufferedOutputStream.flush(Unknown Source)
        at
org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream
(HttpConnectio
n.java:827)
        at org.apache.commons.httpclient.HttpMethodBase.writeRequest(
HttpMethodBase.java:1975)

        at org.apache.commons.httpclient.HttpMethodBase.execute(
HttpMethodBase.java:993)
        at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry
(HttpMethodDirecto
r.java:397)
        at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(
HttpMethodDirector.j
ava:170)
        at org.apache.commons.httpclient.HttpClient.executeMethod(
HttpClient.java:396)
        at org.apache.commons.httpclient.HttpClient.executeMethod(
HttpClient.java:324)
        at main.main(main.java:54)
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.
provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requ
ested target
        at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
        at sun.security.validator.PKIXValidator.engineValidate(Unknown
Source)
        at sun.security.validator.Validator.validate(Unknown Source)
        at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source
)
        at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown
Source
)
        ... 18 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid ce
rtification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
        at java.security.cert.CertPathBuilder.build(Unknown Source)
        ... 23 more
----------------------------------------------------------------
Test Code:
---------------
  HttpClient httpclient = new HttpClient();
  GetMethod httpget = new GetMethod("https://mydomain.com/");
  try {

*     //Protocol easyhttps = new Protocol("https", new
EasySSLProtocolSocketFactory(), 443);
     //Protocol.registerProtocol("https", easyhttps);*

    httpclient.executeMethod(httpget);

    System.out.println( httpget.getStatusLine() );

  } catch(Exception e) {
    e.printStackTrace();
  } finally {
    httpget.releaseConnection();
  }
----------------------------------------------------------------

I have tried this with/without the *EasySSLProtocolSocketFactory and I get
the same result.   Searched through the archive but could not move forward.

In my case, all the SSL requests are handled by apache first, so is there
something else that I have to do to make it work?... thanks....
*

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message