hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jose Escobar <eb.j...@gmail.com>
Subject Re: SSL Self-signed certificate problem JDK1.5 & 1.6
Date Mon, 10 Sep 2012 11:20:22 GMT
Hi Susanta,

I had a similar problem and Oleg Kalnichevski answered me:

> Possibly a better option might be a custom socket factory that can
> create SSL connections with different SSL contexts using different trust
> and key material based on the hostname of the target server.

I decided to make a little change on HttpClient to set a new
SchemeRegistry on each request thread that need
specific trust and key material and I add it as a SCHEME_REGISTRY
attribute to a Context variable.

You can find this talk at
http://marc.info/?l=httpclient-users&m=133830124402823&w=2

Jose Escobar

2012/9/10 Susanta Mohapatra <mohapatra.susanta@gmail.com>:
> Hi all,
>
> I am trying to import a self-signed certificate into the default java
> keystore "cacerts" ( Java version 1.5 ). The certificate is imported
> successfully but when I try to use HttpClient library to connect to the
> server, I run into the error
>
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> javax.net.ssl.SSLHandshakeException
> com.sun.net.ssl.internal.ssl.Alerts:getSSLException
>
> I found some articles by googling that you need to make a new jks keystore
> by importing the self-signed certificate. But I want to do it on the
> default keystore "cacerts". I don't want to relax the constraints of
> certificate checks at client side.
>
> Please help me out with the correct solution for the issue.
>
> Thanks
> Susanta

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message