hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Susanta Mohapatra <mohapatra.susa...@gmail.com>
Subject Re: SSL Self-signed certificate problem JDK1.5 & 1.6
Date Fri, 14 Sep 2012 09:10:26 GMT
Thanks Jose,

I was trying to connector to Microsoft Share Point server which was
configured with SSL + NTLM v2 support. Interesting thing I found was that
after java disabled unsafe re-negotiation in Jre 1.6._22, the client code
started giving error - connection reset. I didn't find any solution other
than to include that flag in JVM after which code started working. This
might be because of the NTLM authentication process.

Hope this helps someone in search for similar error.

-Susanta

On Mon, Sep 10, 2012 at 4:50 PM, Jose Escobar <eb.jose@gmail.com> wrote:

> Hi Susanta,
>
> I had a similar problem and Oleg Kalnichevski answered me:
>
> > Possibly a better option might be a custom socket factory that can
> > create SSL connections with different SSL contexts using different trust
> > and key material based on the hostname of the target server.
>
> I decided to make a little change on HttpClient to set a new
> SchemeRegistry on each request thread that need
> specific trust and key material and I add it as a SCHEME_REGISTRY
> attribute to a Context variable.
>
> You can find this talk at
> http://marc.info/?l=httpclient-users&m=133830124402823&w=2
>
> Jose Escobar
>
> 2012/9/10 Susanta Mohapatra <mohapatra.susanta@gmail.com>:
> > Hi all,
> >
> > I am trying to import a self-signed certificate into the default java
> > keystore "cacerts" ( Java version 1.5 ). The certificate is imported
> > successfully but when I try to use HttpClient library to connect to the
> > server, I run into the error
> >
> > sun.security.validator.ValidatorException: PKIX path building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find
> > valid certification path to requested target
> > javax.net.ssl.SSLHandshakeException
> > com.sun.net.ssl.internal.ssl.Alerts:getSSLException
> >
> > I found some articles by googling that you need to make a new jks
> keystore
> > by importing the self-signed certificate. But I want to do it on the
> > default keystore "cacerts". I don't want to relax the constraints of
> > certificate checks at client side.
> >
> > Please help me out with the correct solution for the issue.
> >
> > Thanks
> > Susanta
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message