hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joan Balagueró <joan.balagu...@grupoventus.com>
Subject RE: Async client with self signed certificate
Date Thu, 25 May 2017 07:50:43 GMT
Hi,

Yes, you were right, the keystore didin't have the server's public certificate.

Thanks,

Joan.

-----Mensaje original-----
De: Hassan Khan [mailto:hassankhan986@gmail.com] 
Enviado el: jueves, 18 de mayo de 2017 21:08
Para: HttpClient User Discussion
Asunto: Re: Async client with self signed certificate

Hi,

This is a issue with the CA certs... SSL handshake is failing...

if java turn on ssl debug... you will see the error in detail...

But if you have added the cacert to the java cacert files.. then java should recognize the
self signed cert..

This is not a code issue.. it more to do with cert that is the point i am trying to make...
May be the file Store does not have the self signed certificate added to it...

Hope it helps

Thanks
Hassan



On Thu, May 18, 2017 at 2:48 PM, Joan Balagueró < joan.balaguero@grupoventus.com> wrote:

> Hello,
>
>
>
> I’ve been using SSL with client authentication with signed 
> certificates in async http client 4.1, with no problem.
>
>
>
> My code is:
>
>
>
> FileInputStream  fKeyStore = new FileInputStream(new 
> File(keyStoreLocation));
>
> KeyStore keyStore = KeyStore.getInstance(keyStoreType);
>
> keyStore.load(fKeyStore, keyStorePassword.toCharArray());
>
>
>
> KeyManagerFactory kmfactory =
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
> ;
>
> kmfactory.init(keyStore, keyStorePassword.toCharArray());
>
> KeyManager[] keyManagers = kmfactory.getKeyManagers();
>
>
>
> TrustManagerFactory tmf =
> TrustManagerFactory.getInstance(TrustManagerFactory.
> getDefaultAlgorithm());
>
> tmf.init(keyStore);
>
>
>
> SSLContext sslContext = SSLContexts.custom().build();
>
> sslContext.init(keyManagers, tmf.getTrustManagers(), null);
>
>
>
> return (new SSLIOSessionStrategy(sslContext, new String[] { "TLSv1" }, 
> null, SSLIOSessionStrategy.getDefaultHostnameVerifier()));
>
>
>
>
>
> But now I have an installation with ssl and client authentication but 
> with a self-signed certificate. Using the previous code I get the 
> following error (I suppose because it doesn’t find the CA 
> certificate):
>
> Caused by: sun.security.validator.ValidatorException: PKIX path 
> building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: 
> unable to find valid certification path to requested target
>
>
>
> Can anyone help me with this? How should I modify the previous code to 
> have this working? I’ve tried some alternatives but none of them worked.
>
>
>
> Thanks in advance.
>
>
>
> Joan.
>
>
>
>
>
>
>
>
>
>


--
Hassan Khan


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message