> Can you shed any light on the different behavior in Windows vs > HPUX? Not that it will change anything, but I like to learn why these things > behave the way they do to prevent future time wasting activities.
I have had no exposure to HPUX of what so ever, so I may only be guessing here. I have experienced inconsistencies in certificate chain verification across different JVMs. I am pretty sure that SUN's Java 1.4 SSL trust manager differs from that of earlier versions. My best guess is that the problem may have been caused by a JVM specific quirk in the JSSE code. Can it be that you are using a different version of JVM or JSSE on the HPUX platform compared to what you have on your Win2K workstation? Oleg Quoting Oleg Kalnichevski <[EMAIL PROTECTED]>: > David, > You may want to take a different approach and provide a custom SSL trust > manager (which in its crudest and ugliest form may be programmed to > simply trust all target servers) > > Take a look at the 'Customizing SSL in HttpClient' section of the > HttpClient SSL guide at the following location > <http://jakarta.apache.org/commons/httpclient/sslguide.html> > > Hope this helps > > Oleg > > On Mon, 2004-01-05 at 22:47, David Webb wrote: > > I have written a simple Java application to call a URL using Jakarta > > HttpClient. The code works like a champ on my windows 2K development > > workstation when accessing a URL the is protected by Siteminder (which > > redirects to SSL for Authentication). The big difference is that when I > try to > > run the same code on a HPUX box I get the following message... > > > > javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: > > CA certificate does not include basic constraints extension > > > > I read some posts about Trusted CAs. I used 'keytool' to create a keystore > and > > import the Root Certificate for the Trusted Authority and I start my JVM > like > > this... > > > > keystore filename is cacerts > > keystore password is password > > > > java -Djavax.net.ssl.trustStore=/full/path/to/cacerts - > > Djavax.net.ssl.trustStorePassword=password ClassName ARGS > > > > Any help is greatly appreciated. > > > > Thanks. > > > > -- > > Sincerely, > > David Webb > > Vice-President > > Hurff-Webb, Inc. > > http://www.hurff-webb.com > > (904) 861-2366 > > (904) 534-8294 Mobile > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
