Return-Path: 
 <users-return-53141-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 3596 invoked from network); 1 Jun 2005 15:17:04 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 1 Jun 2005 15:17:04 -0000
Received: (qmail 679 invoked by uid 500); 1 Jun 2005 15:16:47 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 602 invoked by uid 500); 1 Jun 2005 15:16:47 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 545 invoked by uid 99); 1 Jun 2005 15:16:47 -0000
X-ASF-Spam-Status: No, hits=0.4 required=10.0
	tests=DNS_FROM_RFC_ABUSE,RCVD_BY_IP,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (hermes.apache.org: domain of linh.b.ngo@gmail.com
 designates 64.233.184.200 as permitted sender)
Received: from wproxy.gmail.com (HELO wproxy.gmail.com) (64.233.184.200)
  by apache.org (qpsmtpd/0.28) with ESMTP; Wed, 01 Jun 2005 08:16:43 -0700
Received: by wproxy.gmail.com with SMTP id 71so2360567wra
        for <users@httpd.apache.org>; Wed, 01 Jun 2005 08:16:26 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=nk8uNe2galITzfoGCnrMNxNdVl7S6Hq7Xcwx2/Uo0++lW2g9oa+u7KkUpFO/bSnZJ70YXTkpBqOOW3HQSKPrz3czoLixFy7xMnjb7W3hqfCf6OUHS6+pmAOmX0mmhNtJTTSYyii8YSMkQBP3EwDO4JIM6PXX3A+bInCUiI5Q9Ug=
Received: by 10.54.50.12 with SMTP id x12mr770044wrx;
        Wed, 01 Jun 2005 08:16:24 -0700 (PDT)
Received: by 10.54.18.58 with HTTP; Wed, 1 Jun 2005 08:16:23 -0700 (PDT)
Message-ID: <b00f2bc405060108165a011228@mail.gmail.com>
Date: Wed, 1 Jun 2005 10:16:23 -0500
From: Linh Ngo <linh.b.ngo@gmail.com>
Reply-To: Linh Ngo <linh.b.ngo@gmail.com>
To: users@httpd.apache.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Virus-Checked: Checked
Subject: [users@httpd] Certificate issues for text-based browser
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

Hi everybody,=20
I am trying to create a Java text-based web browser in order to access
a specific Apache web server. However, I am having the folowing error:
...........................................................................=
...........................................

THE HEADERS
-----------
Exception in thread "main" javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)        at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAcce=
ssorImpl.java:39)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Delega=
tingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
        at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnect=
ion.java:1186)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.net.www.protocol.http.HttpURLConnection.getChainedException(=
HttpURLConnection.java:1180)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpU=
RLConnection.java:877)
        at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOl=
dImpl.getInputStream(HttpsURLConnectionOldImpl.java:204)
        at command_line.Browser.run(Browser.java:44)
        at command_line.SecureBrowser.main(SecureBrowser.java:24)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:=
150)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.j=
ava:1476)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:=
174)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:=
168)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(=
ClientHandshaker.java:843)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Cli=
entHandshaker.java:106)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.j=
ava:495)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshake=
r.java:433)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketI=
mpl.java:815)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandsha=
ke(SSLSocketImpl.java:1025)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSoc=
ketImpl.java:1038)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.=
java:405)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.co=
nnect(AbstractDelegateHttpsURLConnection.java:170)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpU=
RLConnection.java:905)
        at sun.net.www.protocol.http.HttpURLConnection.getHeaderFieldKey(Ht=
tpURLConnection.java:1903)
        at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOl=
dImpl.getHeaderFieldKey(HttpsURLConnectionOldImpl.java:257)
        at command_line.Browser.run(Browser.java:39)
        ... 1 more
Caused by: sun.security.validator.ValidatorException: PKIX path
building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:=
221)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidato=
r.java:145)
        at sun.security.validator.Validator.validate(Validator.java:203)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTru=
sted(X509TrustManagerImpl.java:172)
        at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTru=
sted(SSLContextImpl.java:320)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(=
ClientHandshaker.java:836)
        ... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Su=
nCertPathBuilder.java:236)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:19=
4)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:=
216)
        ... 18 more
...........................................................................=
................................................

I have tried adding the certificate of the website into Java's
/jre/lib/security/cacerts directory; yet it would still not work.
Is there anyway that I could bypass this certificate checking process
from the client side?
I understand that this post would be close to being off topic since it
is mostly java-related, but any thoughts would be much appreciated.

Thank you

Linh Ngo

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org