Re: HTTPS/JSSE problem

Tue, 04 Feb 2003 11:15:18 -0800

Since the JRE doesn't recognize Entrust by default it is as though the cert is self signed.

Take a look at Sun's docs for the keytool:

http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html

There is also a good discussion thread covering this topic at:

http://forum.java.sun.com/thread.jsp?thread=153188&forum=2&message=448971

Enjoy,

Mike


Tom Samplonius wrote:
  Actually, the certificate is signed by Entrust (the site is
https://www3.interaction.bell.ca).

  Can the Entrust root certificate be imported into the keystore easily?
The JSSE INSTALL.TXT talks about which file they go into, but doesn't
really provide any detail on where they come from.  Where did you get the
various signing authorities root certificates?


Tom


On Tue, 4 Feb 2003, Michael Becke wrote:
By default JSSE only support SSL certs that are signed by Verisign or Thawte. To use a self signed cert (this appears to be what you are doing) you have two options:

1) import the servers cert into your keystore
2) mess around with the X509 stuff, someone posted a URL earlier talking about how to do this

Mike

Tom Samplonius wrote:

 Now I get the runtime error:

javax.net.ssl.SSLException: untrusted server cert chain


 Is there anything more that needs to be done to setup the connection?
I've seend some examples that setup all sorts of X509 stuff.  Is that
required too?  I'm using JSSE 1.0.3_01.


Tom


On Tue, 4 Feb 2003, Michael Becke wrote:




java.security.Security.addProvider().

Mike

Tom Samplonius wrote:
I'm getting an unresolved symbol now. Where do I import
"Security.addProvider()" from?

Tom


On Tue, 4 Feb 2003, Michael Becke wrote:




You need to add the following line to your code somewhere:

Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

The "java.protocol.handler.pkgs" property is only needed if you want to use https with java.net.URL.

I previously thought that addProvider() was not needed, but it seems that it is. We probably need to change this in documentation in a few places.

Mike



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to