hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julius Davies" <juliusdav...@gmail.com>
Subject Re: ssl failure
Date Fri, 29 Feb 2008 17:24:24 GMT
Hi, G. Garrett Campbell,

The set of root certificate authorities that Java trusts by default
tends to be a little smaller than Firefox and IE.  It's located here:

$JAVA_HOME/jre/lib/security/cacerts

That's a keystore file, so you can use "keytool" to view and modify
it.  The password is "changeit".

Sun Java does not come with any "trustcenter.de" CA certs
pre-installed, so you'll have to go here and add them to your
"cacerts" file:

http://www.trustcenter.de/en/infocenter/root_certificates.htm


Note:  you might have to re-add those root certificates every time you
upgrade your JVM, even to just minor patch version (e.g. 1.6.0_03 to
1.6.0_04).

There are other ways, too....

http://hc.apache.org/httpclient-3.x/sslguide.html

http://juliusdavies.ca/commons-ssl/javadocs/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.html



yours,

Julius



On Thu, Feb 28, 2008 at 3:32 PM, G. Garrett Campbell <g395@comcast.net> wrote:
> I am attempting to connect to a https site.
>
>  I get the following stack trace.
>
>  Visiting the site from IE or FIREFOX lists no problems.
>
>  Is the an httpclient problem or a javax.net.ssl problem???
>
>  I also tried java1.6 and got the same result.
>
>  Thanks for any info
>
>  C:\trackm\air>"c:\program files\java\jdk1.5.0_07\bin\java" AirBerlin g395@comcast.net
track123 Campbell debug
>   want
>  https://www.airberlin.com/site/topbonus/login_miles.php?LANG=eng
>  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX
path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
>   at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
>   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
>   at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
>   at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
>   at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
>   at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
>   at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
>   at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
>   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
>   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
>   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
>   at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
>   at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>   at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>   at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
>   at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2124)
>   at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1088)
>   at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
>   at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
>   at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
>   at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
>   at HttpAccount.formGet(HttpAccount.java:495)
>   at HttpAccount.formGet(HttpAccount.java:480)
>   at HttpAccount.doit(HttpAccount.java:83)
>   at HttpAccount.doit(HttpAccount.java:64)
>   at AirBerlin.doit(AirBerlin.java:120)
>   at HttpAccount.process(HttpAccount.java:44)
>   at AirBerlin.main(AirBerlin.java:18)
>  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
>   at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
>   at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
>   at sun.security.validator.Validator.validate(Validator.java:203)
>   at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
>   at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
>   at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
>   ... 23 more
>  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
>   at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
>   at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
>   at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
>   ... 28 more
>



-- 
yours,

Julius Davies
250-592-2284 (Home)
250-893-4579 (Mobile)
http://juliusdavies.ca/

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message