hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From TomStrummer <tomstrum...@gmail.com>
Subject Re: SSLPeerUnverifiedException -- cannot get chain imported correctly
Date Tue, 20 Jan 2009 20:25:51 GMT

I've gone over those instructions and a dozen variants.  Like I said, I've
imported the cert into a JKS keystore and use that in my SSLSocketFactory. 
No dice.  

There's no client authentication; it's just trying to authenticate the
server against a trusted CA and I think I'm just having a problem properly
importing a certificate _chain_ (not just a single certificate) into the
keystore.  I don't really want to create a custom trust manager as this more
or less bypasses the SSL security.

I've tried...
- exporting the chain as a PEM file and importing into the keystore (I get
only one the top certificate)
- exporting the chain as a pkcs7 file - keytool says it's not an x.509
- exporting the individual certs as PEM or pkcs7 - they can be imported into
a keystore but are not chained
- exported via various different options that IE's certificate export wizard
gives.  None of them seem to work.

olegk wrote:
> The Javadocs of the SSLSocketFactory include instructions how to create 
> a trust store given a trusted public certificate. I guess this should be 
> sufficient:
> http://hc.apache.org/httpcomponents-client/httpclient/apidocs/org/apache/http/conn/ssl/SSLSocketFactory.html
> The worst case, one can set up an SSL context with a trust manager 
> trusting any certificate, including invalid ones.

View this message in context: http://www.nabble.com/SSLPeerUnverifiedException----cannot-get-chain-imported-correctly-tp21564943p21570945.html
Sent from the HttpClient-User mailing list archive at Nabble.com.

To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

View raw message