hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SSL Self-signed certificate problem JDK1.5 & 1.6
Date Fri, 14 Sep 2012 13:58:21 GMT
On Fri, 2012-09-14 at 14:40 +0530, Susanta Mohapatra wrote:
> Thanks Jose,
> 
> I was trying to connector to Microsoft Share Point server which was
> configured with SSL + NTLM v2 support. Interesting thing I found was that
> after java disabled unsafe re-negotiation in Jre 1.6._22, the client code
> started giving error - connection reset. I didn't find any solution other
> than to include that flag in JVM after which code started working. This
> might be because of the NTLM authentication process.
> 
> Hope this helps someone in search for similar error.
> 
> -Susanta
> 
> On Mon, Sep 10, 2012 at 4:50 PM, Jose Escobar <eb.jose@gmail.com> wrote:
> 
> > Hi Susanta,
> >
> > I had a similar problem and Oleg Kalnichevski answered me:
> >
> > > Possibly a better option might be a custom socket factory that can
> > > create SSL connections with different SSL contexts using different trust
> > > and key material based on the hostname of the target server.
> >
> > I decided to make a little change on HttpClient to set a new
> > SchemeRegistry on each request thread that need
> > specific trust and key material and I add it as a SCHEME_REGISTRY
> > attribute to a Context variable.
> >
> > You can find this talk at
> > http://marc.info/?l=httpclient-users&m=133830124402823&w=2
> >
> > Jose Escobar
> >

Jose

As of version 4.3 HttpClient will allow SCHEME_REGISTRY to be overridden
though HttpContext. 

Oleg 


> > 2012/9/10 Susanta Mohapatra <mohapatra.susanta@gmail.com>:
> > > Hi all,
> > >
> > > I am trying to import a self-signed certificate into the default java
> > > keystore "cacerts" ( Java version 1.5 ). The certificate is imported
> > > successfully but when I try to use HttpClient library to connect to the
> > > server, I run into the error
> > >
> > > sun.security.validator.ValidatorException: PKIX path building failed:
> > > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> > find
> > > valid certification path to requested target
> > > javax.net.ssl.SSLHandshakeException
> > > com.sun.net.ssl.internal.ssl.Alerts:getSSLException
> > >
> > > I found some articles by googling that you need to make a new jks
> > keystore
> > > by importing the self-signed certificate. But I want to do it on the
> > > default keystore "cacerts". I don't want to relax the constraints of
> > > certificate checks at client side.
> > >
> > > Please help me out with the correct solution for the issue.
> > >
> > > Thanks
> > > Susanta
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
> >



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message