hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julius Davies" <juliusdav...@gmail.com>
Subject Re: SSL issues
Date Tue, 24 Jul 2007 20:45:42 GMT

To transform the client certificate into a java "keystore" file, you
can try downloading "not-yet-commons-ssl-0.3.8.jar" and running a
special command-line java program:

#1.  Download from here:

#2.  Run command-line java utility as documented here:

java -cp not-yet-commons-ssl-0.3.8.jar org.apache.commons.ssl.KeyStoreBuilder

Once you've done that, AuthSSLProtocolSocketFactory is the ticket.
Personally I have a tradition where I keep at most a single private
key per keystore file.  I never install 2 or more private keys in a
single keystore file.

Good luck!



ps.  Or you can leave the certificate alone as ".pkcs12", ".p12", or
".pfx".  If your browser exports it with a name ending like that, it's
probably fine.  Just remember to tell Java that the "type" is "PKCS12"
instead of "JKS", and java will treat it like a keystore file.

On 7/24/07, Nathan Maves <nathan.maves@gmail.com> wrote:
> First off great product.  My team is looking for a bit of help / direction
> in how to get a specific SSL connection to work.  First off let me define
> the problem statement.  We have a service that we need to send http post
> requests to.  This request needs to send a digital
> id<http://www.verisign.com/products-services/security-services/pki/pki-application/email-digital-id/index.html>with
> the request.  Ignore the fact that this type of certificate is
> normally
> used for securing email.  This is what we have been told to use.  The
> process to use this certificate is the following.
> Install the cert into a browser.
> Export this cert to the file system ( base64 cer file)
> Import this cert to Java
> Use the contributed code AuthSSLProtocolSocketFactory from the
> http://jakarta.apache.org/commons/httpclient/sslguide.html to open an SSL
> connection.
> First off has anyone ever done this?  Are the above steps the correct path
> to take?  Is there a better way?
> Side notes....
> Once the cert is installed in a browser we can hit the mentioned service and
> it will prompt us to choose a cert to send.
> I actually think that the commons classes work perfect.  I think are issue
> lies in how to properly import the cer file into a keystore.  I am hoping
> that someone with some expertise might be on this alias.
> TIA,
> Nathan


Julius Davies

To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

View raw message