Return-Path: <httpclient-users-return-13970-archive-asf-public=cust-asf.ponee.io@hc.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 86AE6200C80
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu, 25 May 2017 09:50:59 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 83389160BCA; Thu, 25 May 2017 07:50:59 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id C8C88160BC7
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 25 May 2017 09:50:58 +0200 (CEST)
Received: (qmail 27099 invoked by uid 500); 25 May 2017 07:50:56 -0000
Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:httpclient-users-help@hc.apache.org>
List-Unsubscribe: <mailto:httpclient-users-unsubscribe@hc.apache.org>
List-Post: <mailto:httpclient-users@hc.apache.org>
List-Id: <httpclient-users.hc.apache.org>
Reply-To: "HttpClient User Discussion" <httpclient-users@hc.apache.org>
Delivered-To: mailing list httpclient-users@hc.apache.org
Received: (qmail 27086 invoked by uid 99); 25 May 2017 07:50:55 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 25 May 2017 07:50:55 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 6D12E18FC28
	for <httpclient-users@hc.apache.org>; Thu, 25 May 2017 07:50:55 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.1
X-Spam-Level: *
X-Spam-Status: No, score=1.1 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	KAM_LINEPADDING=1.2, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
	autolearn=disabled
Authentication-Results: spamd3-us-west.apache.org (amavisd-new);
	dkim=pass (1024-bit key) header.d=grupoventus.com header.b=lcjf9kve;
	dkim=pass (1024-bit key) header.d=grupoventus.com header.b=hfJfl7XY
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id sCv-RZ4kvU1u for <httpclient-users@hc.apache.org>;
	Thu, 25 May 2017 07:50:53 +0000 (UTC)
Received: from mail01.feelhosting.com (mail01.feelhosting.com [137.74.235.62])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 1EDFA5FCD2
	for <httpclient-users@hc.apache.org>; Thu, 25 May 2017 07:50:53 +0000 (UTC)
Received: from mail01.ad-6bits.net (localhost.localdomain [127.0.0.1])
	by mail01.ad-6bits.net (Postfix) with ESMTP id A6B764083E
	for <httpclient-users@hc.apache.org>; Thu, 25 May 2017 09:50:45 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=grupoventus.com;
	s=default; t=1495698645;
	bh=Hm7RJyFI+FgDEmGEvjwec/fIdlHWcwFcsN2O3exOXJY=;
	h=From:To:References:In-Reply-To:Subject:Date;
	b=lcjf9kveA+ekWEEHaqlLALTKWI0znLeV4kbE0Jby+3Tx7HtnJbBCaXuWxvG3j5okT
	 tvO7RwfRzIOv/MHh5GfwxaAPn9UtkK15jfEwulxavij1CVRDIJfCHfDCv7cUyvoMlZ
	 5tc6oJGZ2ZpuP9/CD5bpykEw7RDx3KvIGRuy0XB8=
Received: from Ventus (186.red-88-0-193.dynamicip.rima-tde.net [88.0.193.186])
	by mail01.ad-6bits.net (Postfix) with ESMTPA id E14CF3FCF2
	for <httpclient-users@hc.apache.org>; Thu, 25 May 2017 09:50:43 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=grupoventus.com;
	s=default; t=1495698644;
	bh=Hm7RJyFI+FgDEmGEvjwec/fIdlHWcwFcsN2O3exOXJY=;
	h=From:To:References:In-Reply-To:Subject:Date;
	b=hfJfl7XYo0PCmDLKgkJRj694vbyTBQZwjEe+ByTYtSc+tV9MB68gNqyTpPKeHxxsX
	 n0RehW1k0ViFru5i/NlAHUZKehP0/yo7Ez1RD7/TwHY2znNRbE9zfQhD+h5fzzgkzD
	 IujMkV07eNPjYA75R5DSCG7YfSYmW0XUxE4ITm+0=
From: =?utf-8?Q?Joan_Balaguer=C3=B3?= <joan.balaguero@grupoventus.com>
To: "'HttpClient User Discussion'" <httpclient-users@hc.apache.org>
References: <00a001d2d007$4274e030$c75ea090$@grupoventus.com> <00b001d2d007$60b02230$22106690$@grupoventus.com> <CAOpoXhHK4ccWSEQr23Ftoxg76WPrmqzbiQtA9KVbkAONaG6A_A@mail.gmail.com>
In-Reply-To: <CAOpoXhHK4ccWSEQr23Ftoxg76WPrmqzbiQtA9KVbkAONaG6A_A@mail.gmail.com>
Subject: RE: Async client with self signed certificate
Date: Thu, 25 May 2017 09:50:43 +0200
Message-ID: <000f01d2d52b$9ceea040$d6cbe0c0$@grupoventus.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQCv9+tlGYhBSfn8JGOFL0kSm4DCXwJzfJv/Anko3ZukIwH08A==
Content-Language: es
X-AV-Checked: ClamAV using ClamSMTP
archived-at: Thu, 25 May 2017 07:50:59 -0000

Hi,

Yes, you were right, the keystore didin't have the server's public =
certificate.

Thanks,

Joan.

-----Mensaje original-----
De: Hassan Khan [mailto:hassankhan986@gmail.com]=20
Enviado el: jueves, 18 de mayo de 2017 21:08
Para: HttpClient User Discussion
Asunto: Re: Async client with self signed certificate

Hi,

This is a issue with the CA certs... SSL handshake is failing...

if java turn on ssl debug... you will see the error in detail...

But if you have added the cacert to the java cacert files.. then java =
should recognize the self signed cert..

This is not a code issue.. it more to do with cert that is the point i =
am trying to make... May be the file Store does not have the self signed =
certificate added to it...

Hope it helps

Thanks
Hassan



On Thu, May 18, 2017 at 2:48 PM, Joan Balaguer=C3=B3 < =
joan.balaguero@grupoventus.com> wrote:

> Hello,
>
>
>
> I=E2=80=99ve been using SSL with client authentication with signed=20
> certificates in async http client 4.1, with no problem.
>
>
>
> My code is:
>
>
>
> FileInputStream  fKeyStore =3D new FileInputStream(new=20
> File(keyStoreLocation));
>
> KeyStore keyStore =3D KeyStore.getInstance(keyStoreType);
>
> keyStore.load(fKeyStore, keyStorePassword.toCharArray());
>
>
>
> KeyManagerFactory kmfactory =3D
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
> ;
>
> kmfactory.init(keyStore, keyStorePassword.toCharArray());
>
> KeyManager[] keyManagers =3D kmfactory.getKeyManagers();
>
>
>
> TrustManagerFactory tmf =3D
> TrustManagerFactory.getInstance(TrustManagerFactory.
> getDefaultAlgorithm());
>
> tmf.init(keyStore);
>
>
>
> SSLContext sslContext =3D SSLContexts.custom().build();
>
> sslContext.init(keyManagers, tmf.getTrustManagers(), null);
>
>
>
> return (new SSLIOSessionStrategy(sslContext, new String[] { "TLSv1" }, =

> null, SSLIOSessionStrategy.getDefaultHostnameVerifier()));
>
>
>
>
>
> But now I have an installation with ssl and client authentication but=20
> with a self-signed certificate. Using the previous code I get the=20
> following error (I suppose because it doesn=E2=80=99t find the CA=20
> certificate):
>
> Caused by: sun.security.validator.ValidatorException: PKIX path=20
> building
> failed: sun.security.provider.certpath.SunCertPathBuilderException:=20
> unable to find valid certification path to requested target
>
>
>
> Can anyone help me with this? How should I modify the previous code to =

> have this working? I=E2=80=99ve tried some alternatives but none of =
them worked.
>
>
>
> Thanks in advance.
>
>
>
> Joan.
>
>
>
>
>
>
>
>
>
>


--
Hassan Khan


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org