Return-Path: Delivered-To: apmail-jakarta-httpclient-user-archive@www.apache.org Received: (qmail 15910 invoked from network); 30 Dec 2006 04:47:22 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 30 Dec 2006 04:47:22 -0000 Received: (qmail 36743 invoked by uid 500); 30 Dec 2006 04:47:28 -0000 Delivered-To: apmail-jakarta-httpclient-user-archive@jakarta.apache.org Received: (qmail 36728 invoked by uid 500); 30 Dec 2006 04:47:27 -0000 Mailing-List: contact httpclient-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: "HttpClient User Discussion" Reply-To: "HttpClient User Discussion" Delivered-To: mailing list httpclient-user@jakarta.apache.org Received: (qmail 36717 invoked by uid 99); 30 Dec 2006 04:47:27 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Dec 2006 20:47:27 -0800 X-ASF-Spam-Status: No, hits=2.9 required=10.0 tests=DNS_FROM_RFC_POST,DNS_FROM_RFC_WHOIS,NO_REAL_NAME,UNPARSEABLE_RELAY X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: local policy) Received: from [68.230.240.33] (HELO eastrmmtao06.cox.net) (68.230.240.33) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Dec 2006 20:47:19 -0800 Received: from eastrmimpo02.cox.net ([68.1.16.120]) by eastrmmtao06.cox.net (InterMail vM.6.01.06.03 201-2131-130-104-20060516) with ESMTP id <20061230044658.ZSJB19510.eastrmmtao06.cox.net@eastrmimpo02.cox.net>; Fri, 29 Dec 2006 23:46:58 -0500 Received: from eastrmwml07.mgt.cox.net ([172.18.52.66]) by eastrmimpo02.cox.net with bizsmtp id 4sle1W00W1RiAF80000000; Fri, 29 Dec 2006 23:45:38 -0500 Received: from 70.187.195.82 by webmail.east.cox.net; Fri, 29 Dec 2006 23:46:58 -0500 Message-ID: <3234381.1167454018255.JavaMail.root@eastrmwml07.mgt.cox.net> Date: Sat, 30 Dec 2006 4:46:58 +0000 From: To: HttpClient User Discussion Subject: Re: HttpClient SSL issue Cc: Praveen Maiya MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) Sensitivity: Normal X-Virus-Checked: Checked by ClamAV on apache.org ---- Praveen Maiya wrote: > Hi, I have a HttpClient related SSL question. I have a read the HttpClient SSL guide. I am trying to connect to secure site over ssl. If we try to access the ssl site in the browser(https), we get the certificate. I get the following message: There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority. But I can still go ahead and accept the certificate since I know it is a test certificate we using for our development purpose. So I have the certificate now. I am trying to connect to the same site using(HttpClient) one of the example EasySSLProtocolSocketFactory program. I get the following errors javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target So my question is what should I do to work this. This program works or I need other programs like StrictSSLProtocolSocketFactory AuthSSLProtocolSocketFactory which program should I use and what are the various steps I need to do get this work Thanks in advance Pen Hi, I haven't done any programming with HttpClient and SSL, but I have worked with JSSE and SSL, and when I did that, and in order to get SSL working, I had to add the certificate of the CA that issued the server cert to a keystore, and point to that keystore (i.e., so that certs from that CA were "trusted"). It's been awhile, but I think I had to do something like: = Import the CA cert into a keystore: keytool -import -trustcacerts -keystore -file -alias = In the app, add this keystore as trustStore: System.setProperty("javax.net.ssl.trustStore", "keystorefilename"); Hope that that helps! Jim --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: httpclient-user-help@jakarta.apache.org