hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <oh...@cox.net>
Subject Re: HttpClient SSL issue
Date Thu, 01 Jan 1970 00:00:00 GMT

---- Praveen Maiya <praveenhm2@yahoo.com> wrote: 
> 


Hi,

I have a HttpClient related SSL question. I have a read the HttpClient SSL guide. I am trying
to connect to secure site over ssl. If  we try to access the ssl site in the browser(https),
we get the certificate. I get the following message:

There is a problem with this website's security certificate.     
 The security certificate presented by this website was not issued by a trusted certificate
authority.

But I can still go ahead and accept the certificate since I know it is a test certificate
we using for our development purpose. So I have the certificate now. 
I am trying to connect to the same site using(HttpClient) one of the example EasySSLProtocolSocketFactory
program. I get the following
 errors

javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: 
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

So my question is what should I do to work this. This program works or I need other programs
like

StrictSSLProtocolSocketFactory 
AuthSSLProtocolSocketFactory 


which program should I use and what are the various steps I need to do get this work

Thanks in advance

Pen


Hi,

I haven't done any programming with HttpClient and SSL, but I have worked with JSSE and SSL,
and when I did that, and in order to get SSL working, I had to add the certificate of the
CA that issued the server cert to a keystore, and point to that keystore (i.e., so that certs
from that CA were "trusted").  It's been awhile, but I think I had to do something like:

= Import the CA cert into a keystore: 

keytool -import -trustcacerts -keystore <keystorefilename> -file <theCAcert.cer>

-alias <anything>   

= In the app, add this keystore as trustStore:
 
System.setProperty("javax.net.ssl.trustStore", "keystorefilename"); 

Hope that that helps!

Jim

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message