tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antony GUILLOTEAU <antony.guillot...@systeme-u.fr>
Subject Rép. : SSL question
Date Tue, 04 Oct 2005 16:11:00 GMT
Many articles talk about how access https using java client throws HttpsURLConnection.

You must use :
  - your own TrustManager (implements javax.net.ssl.X509TrustManager)
  - your own KeyManager  (implements javax.net.ssl.X509KeyManager)
  - your own HostnameVerifer(implements javax.net.ssl.HostnameVerifer)

and use this following code : 

    TrustManager[] objTrustManager = new TrustManager[] {new MyX509TrustManager()};
    KeyManager[] objKeyManager = new KeyManager[] {new MyX509KeyManager()};

    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(objKeyManager, objTrustManager, new SecureRandom());

    SSLSocketFactory objSocketFactory = sc.getSocketFactory();        
    HttpsURLConnection.setDefaultSSLSocketFactory(objSocketFactory);

    HttpsURLConnection.setDefaultHostnameVerifier(new MyHostnameVerifer());


    ...
    URL objUrl = new URL(...)
    HttpsURLConnection objHttpsURLConnection = (javax.net.ssl.HttpsURLConnection) objUrl.openConnection();

I hope it's help you.

>>> fox_devils_wild@yahoo.co.uk 04/10/2005 17:54:30 >>>
Hi

I've got a servlet which works fine when using http. But when I want to access
it through https I get a certificate unknown exception. Why does
https://localhost:8443 work in a browser but accessing my servlet (with java
client)  not? Do I need to make my servlet SSL aware? Using another secure
webserver works with my client. Hope someone can help.

Thanks!


        
___________________________________________________________ 
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre.
http://uk.security.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message