Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "HttpClient User Discussion" <httpclient-users@hc.apache.org>
Received-SPF: neutral (nike.apache.org: local policy)
Message-ID: <1347631101.1758.9.camel@ubuntu>
Subject: Re: SSL Self-signed certificate problem JDK1.5 & 1.6
From: Oleg Kalnichevski <olegk@apache.org>
To: HttpClient User Discussion <httpclient-users@hc.apache.org>
Date: Fri, 14 Sep 2012 15:58:21 +0200
In-Reply-To: 
 <CAFL1CpOFj2JfMBgGF_4=XxW4MyQQhEP-O5ffva00OO9DZuxYhw@mail.gmail.com>
References: 
	<CAFL1CpNQ3=xme9UPPBRRjazumWtiYaTTadbJDxNwHeg_1shDwA@mail.gmail.com>
	 <CABMxSmgvEjhZj45PxHmrZ0OvDkLfvRX7MNx_wE9ZkekGM66k3Q@mail.gmail.com>
	 <CAFL1CpOFj2JfMBgGF_4=XxW4MyQQhEP-O5ffva00OO9DZuxYhw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0

On Fri, 2012-09-14 at 14:40 +0530, Susanta Mohapatra wrote:
> Thanks Jose,
> 
> I was trying to connector to Microsoft Share Point server which was
> configured with SSL + NTLM v2 support. Interesting thing I found was that
> after java disabled unsafe re-negotiation in Jre 1.6._22, the client code
> started giving error - connection reset. I didn't find any solution other
> than to include that flag in JVM after which code started working. This
> might be because of the NTLM authentication process.
> 
> Hope this helps someone in search for similar error.
> 
> -Susanta
> 
> On Mon, Sep 10, 2012 at 4:50 PM, Jose Escobar <eb.jose@gmail.com> wrote:
> 
> > Hi Susanta,
> >
> > I had a similar problem and Oleg Kalnichevski answered me:
> >
> > > Possibly a better option might be a custom socket factory that can
> > > create SSL connections with different SSL contexts using different trust
> > > and key material based on the hostname of the target server.
> >
> > I decided to make a little change on HttpClient to set a new
> > SchemeRegistry on each request thread that need
> > specific trust and key material and I add it as a SCHEME_REGISTRY
> > attribute to a Context variable.
> >
> > You can find this talk at
> > http://marc.info/?l=httpclient-users&m=133830124402823&w=2
> >
> > Jose Escobar
> >

Jose

As of version 4.3 HttpClient will allow SCHEME_REGISTRY to be overridden
though HttpContext. 

Oleg 


> > 2012/9/10 Susanta Mohapatra <mohapatra.susanta@gmail.com>:
> > > Hi all,
> > >
> > > I am trying to import a self-signed certificate into the default java
> > > keystore "cacerts" ( Java version 1.5 ). The certificate is imported
> > > successfully but when I try to use HttpClient library to connect to the
> > > server, I run into the error
> > >
> > > sun.security.validator.ValidatorException: PKIX path building failed:
> > > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> > find
> > > valid certification path to requested target
> > > javax.net.ssl.SSLHandshakeException
> > > com.sun.net.ssl.internal.ssl.Alerts:getSSLException
> > >
> > > I found some articles by googling that you need to make a new jks
> > keystore
> > > by importing the self-signed certificate. But I want to do it on the
> > > default keystore "cacerts". I don't want to relax the constraints of
> > > certificate checks at client side.
> > >
> > > Please help me out with the correct solution for the issue.
> > >
> > > Thanks
> > > Susanta
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
> >


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org