On Mon, 2008-03-17 at 22:19 -0700, Ravichan wrote: > Hi .. I followed your steps . > > I have downloaded the certificate & and stored as DER in local. > Then I tried to execute the following command. > > keytool -keystore "C:\Program Files\Java\jdk1.6.0\jre\lib\security\cacerts" > -import -alias mysecurestore -file C:\temp\certfile.cer -trustcacerts > > Its asking for a password. I am not sure , What password to supply. >
changeit Sometime Google really helps Oleg > Can you please suggest me. > > > > olegk wrote: > > > > On Wed, 2007-05-02 at 22:22 -0700, RossW wrote: > >> ok cool...i fixed the problem. So first of all i had to connect through > >> proxy first and then secondly i had to add the certificate to the > >> keystore > >> and then add the keystore as a property to code..now working fine. so > >> here > >> is the code which made all the difference. > >> > >> first i had to export the cert from the site...once logged in i just > >> double > >> clicked on the lock icon in IE (on the status bar down the bottom of IE > >> when > >> logged into the secure site)and then found and copy to file button. I > >> saved > >> it as a DER encrypted file to say c:\temp\certfile.cer and then using > >> keytool as follows (keytool can be found in the JDK bin folder) > >> > >> keytool -keystore "C:\Program > >> Files\Java\jdk1.6.0\jre\lib\security\cacerts" > >> -import -alias mysecurestore -file C:\temp\certfile.cer -trustcacerts > >> > >> System.setProperty("javax.net.ssl.trustStore", "C:\\Program > >> Files\\Java\\jdk1.6.0\\jre\\lib\\security\\cacerts"); > >> > >> and now is working like a charm. I hope this comes in handy for someone > >> else in future cuz this one really sucked. > >> > > > > Ross > > > > You may consider using AuthSSLProtocolSocketFactory if you want to avoid > > having to modify the cacerts file > > > > http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/ > > http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup > > > > For details see > > > > http://jakarta.apache.org/commons/httpclient/sslguide.html > > > > Oleg > > > >> > >> RossW wrote: > >> > > >> > ok now i am getting this...the change i made which was causing the prev > >> > error was to connect via proxy first. Funny thing was that i was told > >> > without any doubt that it was not proxied. Anyways now i am getting SSL > >> > cert related errors > >> > > >> > javax.net.ssl.SSLHandshakeException: > >> > sun.security.validator.ValidatorException: PKIX path building failed: > >> > sun.security.provider.certpath.SunCertPathBuilderException: unable to > >> find > >> > valid certification path to requested target > >> > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) > >> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) > >> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) > >> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) > >> > at > >> > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown > >> > Source) > >> > at > >> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown > >> > Source) > >> > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) > >> > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown > >> Source) > >> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown > >> Source) > >> > at > >> > > >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown > >> > Source) > >> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown > >> Source) > >> > at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source) > >> > at java.io.BufferedOutputStream.flushBuffer(Unknown Source) > >> > at java.io.BufferedOutputStream.flush(Unknown Source) > >> > at > >> > > >> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Unknown > >> > Source) > >> > at org.apache.commons.httpclient.HttpMethodBase.writeRequest(Unknown > >> > Source) > >> > at org.apache.commons.httpclient.HttpMethodBase.execute(Unknown > >> Source) > >> > at > >> > > >> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown > >> > Source) > >> > at > >> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown > >> > Source) > >> > at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown > >> Source) > >> > at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown > >> Source) > >> > at chester_japp.Chester_queue.record_proc(Chester_queue.java:129) > >> > at chester_japp.Chester_queue.run(Chester_queue.java:382) > >> > at java.lang.Thread.run(Unknown Source) > >> > Caused by: sun.security.validator.ValidatorException: PKIX path > >> building > >> > failed: sun.security.provider.certpath.SunCertPathBuilderException: > >> unable > >> > to find valid certification path to requested target > >> > at sun.security.validator.PKIXValidator.doBuild(Unknown Source) > >> > at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) > >> > at sun.security.validator.Validator.validate(Unknown Source) > >> > at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown > >> > Source) > >> > at > >> > > >> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown > >> > Source) > >> > at > >> > > >> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown > >> > Source) > >> > ... 20 more > >> > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > >> > unable to find valid certification path to requested target > >> > at > >> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown > >> > Source) > >> > at java.security.cert.CertPathBuilder.build(Unknown Source) > >> > ... 26 more > >> > > >> > olegk wrote: > >> >> > >> >> On Tue, 2007-04-24 at 04:22 -0700, RossW wrote: > >> >>> > >> >>> > > >> >>> > Ross, > >> >>> > > >> >>> > This appears to be some kind of connectivity problem. Is this an > >> >>> > intranet or internet site? Can you establish a connection to that > >> site > >> >>> > using a browser? > >> >>> > > >> >>> > You do not explicitly set a connect timeout value, so JRE the > >> default > >> >>> > one applies. Try explicitly setting the connect timeout value to > >> >>> > something like 10 min and see what happens. > >> >>> > > >> >>> > Oleg > >> >>> > > >> >> > >> >> ... > >> >> > >> >>> > >> >>> Hey thanks for the reply. It is an intranet site but i am able to > >> >>> access it > >> >>> ok when using my browser and the proxy server does not affect this > >> site. > >> >>> I > >> >>> think i have tried setting the timeout for both the connection and > >> the > >> >>> socket to unlim and it was still failing. I suspect somehow it is > >> >>> related > >> >>> to the SSL but found it odd that i can connect to some SSL sites. A > >> >>> friend > >> >>> of mine wrote a similar program that uses HTTPCLIENT (the one written > >> by > >> >>> a > >> >>> chinese group cant recall there name) and the code is similar and it > >> >>> works > >> >>> fine. I want to the apache one because i believe it will have more > >> >>> ongoing > >> >>> support. > >> >>> > >> >>> Thanks. > >> >> > >> >> Please note that for some JREs infinite connect timeout (zero value) > >> >> effectively means the _default_ value, which may well be a finite > >> >> number. > >> >> > >> >> Are you absolutely sure the browser is hitting the site directly and > >> not > >> >> through a proxy? > >> >> > >> >> Anyways, if this is an internal site, internal infrastructure staff > >> are > >> >> your best friends. They should be able to tell why connections time > >> out. > >> >> > >> >> Oleg > >> >> > >> >> > >> >> --------------------------------------------------------------------- > >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> >> For additional commands, e-mail: > >> [EMAIL PROTECTED] > >> >> > >> >> > >> >> > >> > > >> > > >> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > -- > View this message in context: > http://www.nabble.com/SSL-Site-tp9803919p16114444.html > Sent from the HttpClient-User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]