hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SSLPeerUnverifiedException -- cannot get chain imported correctly
Date Tue, 20 Jan 2009 20:03:44 GMT
TomStrummer wrote:
> I have this URL: 
> https://oxbranch.optionsxpress.com/accountservice/account.asmx/GetOxSessionWithSource
> 
> If you hit it from your browser, you will probably get a 500 response and a
> stacktrace printed.  OK -- this is what we want.
> 
> However, hit it from HttpClient and you'll get a SSLPeerUnverifiedException. 
> I am guessing it has to do with that site's root certificate not being in
> the JVM's cacerts.  So I tried to import the chain into a keystore file, but
> have had no such luck so far.  Attempting to use keytool to import an entire
> PEM or p7c chain only seems to import the top certificate in the file, and
> importing the certificates individually doesn't seem to create the chain
> properly either.  
> 
> I have tried this fifteen different ways and spent like a whole day
> searching for the correct 'keytool' incantation...  Any help would be
> _greatly_ appreciated.
> 
> Example file attached.   http://www.nabble.com/file/p21564943/HCTest.java
> HCTest.java 

The Javadocs of the SSLSocketFactory include instructions how to create 
a trust store given a trusted public certificate. I guess this should be 
sufficient:

http://hc.apache.org/httpcomponents-client/httpclient/apidocs/org/apache/http/conn/ssl/SSLSocketFactory.html

The worst case, one can set up an SSL context with a trust manager 
trusting any certificate, including invalid ones.

Hope this helps

Oleg

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message