On Mon, 2008-03-17 at 22:19 -0700, Ravichan wrote:
> Hi .. I followed your steps .
>
> I have downloaded the certificate & and stored as DER in local.
> Then I tried to execute the following command.
>
> keytool -keystore "C:\Program Files\Java\jdk1.6.0\jre\lib\security\cacerts"
> -import -alias mysecurestore -file C:\temp\certfile.cer -trustcacerts
>
> Its asking for a password. I am not sure , What password to supply.
>
changeit
Sometime Google really helps
Oleg
> Can you please suggest me.
>
>
>
> olegk wrote:
> >
> > On Wed, 2007-05-02 at 22:22 -0700, RossW wrote:
> >> ok cool...i fixed the problem. So first of all i had to connect through
> >> proxy first and then secondly i had to add the certificate to the
> >> keystore
> >> and then add the keystore as a property to code..now working fine. so
> >> here
> >> is the code which made all the difference.
> >>
> >> first i had to export the cert from the site...once logged in i just
> >> double
> >> clicked on the lock icon in IE (on the status bar down the bottom of IE
> >> when
> >> logged into the secure site)and then found and copy to file button. I
> >> saved
> >> it as a DER encrypted file to say c:\temp\certfile.cer and then using
> >> keytool as follows (keytool can be found in the JDK bin folder)
> >>
> >> keytool -keystore "C:\Program
> >> Files\Java\jdk1.6.0\jre\lib\security\cacerts"
> >> -import -alias mysecurestore -file C:\temp\certfile.cer -trustcacerts
> >>
> >> System.setProperty("javax.net.ssl.trustStore", "C:\\Program
> >> Files\\Java\\jdk1.6.0\\jre\\lib\\security\\cacerts");
> >>
> >> and now is working like a charm. I hope this comes in handy for someone
> >> else in future cuz this one really sucked.
> >>
> >
> > Ross
> >
> > You may consider using AuthSSLProtocolSocketFactory if you want to avoid
> > having to modify the cacerts file
> >
> > http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/
> > http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup
> >
> > For details see
> >
> > http://jakarta.apache.org/commons/httpclient/sslguide.html
> >
> > Oleg
> >
> >>
> >> RossW wrote:
> >> >
> >> > ok now i am getting this...the change i made which was causing the prev
> >> > error was to connect via proxy first. Funny thing was that i was told
> >> > without any doubt that it was not proxied. Anyways now i am getting SSL
> >> > cert related errors
> >> >
> >> > javax.net.ssl.SSLHandshakeException:
> >> > sun.security.validator.ValidatorException: PKIX path building failed:
> >> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> >> find
> >> > valid certification path to requested target
> >> > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
> >> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
> >> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> >> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> >> > at
> >> > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> >> > Source)
> >> > at
> >> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> >> > Source)
> >> > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
> >> > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
> >> Source)
> >> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> >> Source)
> >> > at
> >> >
> >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> >> > Source)
> >> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown
> >> Source)
> >> > at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
> >> > at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
> >> > at java.io.BufferedOutputStream.flush(Unknown Source)
> >> > at
> >> >
> >> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Unknown
> >> > Source)
> >> > at org.apache.commons.httpclient.HttpMethodBase.writeRequest(Unknown
> >> > Source)
> >> > at org.apache.commons.httpclient.HttpMethodBase.execute(Unknown
> >> Source)
> >> > at
> >> >
> >> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown
> >> > Source)
> >> > at
> >> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown
> >> > Source)
> >> > at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown
> >> Source)
> >> > at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown
> >> Source)
> >> > at chester_japp.Chester_queue.record_proc(Chester_queue.java:129)
> >> > at chester_japp.Chester_queue.run(Chester_queue.java:382)
> >> > at java.lang.Thread.run(Unknown Source)
> >> > Caused by: sun.security.validator.ValidatorException: PKIX path
> >> building
> >> > failed: sun.security.provider.certpath.SunCertPathBuilderException:
> >> unable
> >> > to find valid certification path to requested target
> >> > at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> >> > at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> >> > at sun.security.validator.Validator.validate(Unknown Source)
> >> > at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
> >> > Source)
> >> > at
> >> >
> >> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> >> > Source)
> >> > at
> >> >
> >> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> >> > Source)
> >> > ... 20 more
> >> > Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> >> > unable to find valid certification path to requested target
> >> > at
> >> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> >> > Source)
> >> > at java.security.cert.CertPathBuilder.build(Unknown Source)
> >> > ... 26 more
> >> >
> >> > olegk wrote:
> >> >>
> >> >> On Tue, 2007-04-24 at 04:22 -0700, RossW wrote:
> >> >>>
> >> >>> >
> >> >>> > Ross,
> >> >>> >
> >> >>> > This appears to be some kind of connectivity problem. Is this an
> >> >>> > intranet or internet site? Can you establish a connection to that
> >> site
> >> >>> > using a browser?
> >> >>> >
> >> >>> > You do not explicitly set a connect timeout value, so JRE the
> >> default
> >> >>> > one applies. Try explicitly setting the connect timeout value to
> >> >>> > something like 10 min and see what happens.
> >> >>> >
> >> >>> > Oleg
> >> >>> >
> >> >>
> >> >> ...
> >> >>
> >> >>>
> >> >>> Hey thanks for the reply. It is an intranet site but i am able to
> >> >>> access it
> >> >>> ok when using my browser and the proxy server does not affect this
> >> site.
> >> >>> I
> >> >>> think i have tried setting the timeout for both the connection and
> >> the
> >> >>> socket to unlim and it was still failing. I suspect somehow it is
> >> >>> related
> >> >>> to the SSL but found it odd that i can connect to some SSL sites. A
> >> >>> friend
> >> >>> of mine wrote a similar program that uses HTTPCLIENT (the one written
> >> by
> >> >>> a
> >> >>> chinese group cant recall there name) and the code is similar and it
> >> >>> works
> >> >>> fine. I want to the apache one because i believe it will have more
> >> >>> ongoing
> >> >>> support.
> >> >>>
> >> >>> Thanks.
> >> >>
> >> >> Please note that for some JREs infinite connect timeout (zero value)
> >> >> effectively means the _default_ value, which may well be a finite
> >> >> number.
> >> >>
> >> >> Are you absolutely sure the browser is hitting the site directly and
> >> not
> >> >> through a proxy?
> >> >>
> >> >> Anyways, if this is an internal site, internal infrastructure staff
> >> are
> >> >> your best friends. They should be able to tell why connections time
> >> out.
> >> >>
> >> >> Oleg
> >> >>
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> >> For additional commands, e-mail:
> >> [EMAIL PROTECTED]
> >> >>
> >> >>
> >> >>
> >> >
> >> >
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/SSL-Site-tp9803919p16114444.html
> Sent from the HttpClient-User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
