Thank you for your reply .. but I have another question
When I run sample code in the bottom of
http://jakarta.apache.org/commons/httpclient/sslguide.html page
(accessing https://www.verisign.com), I get Exception msg like this :
------------------------------------------------------------------------
----
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at
sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)
at
sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:40
4)
at
sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:408)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
at Test.main(Test.java:26)
Caused by: sun.security.validator.ValidatorException: No trusted
certificate found
at
sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator
.java:304)
at
sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.ja
va:107)
at sun.security.validator.Validator.validate(Validator.java:202)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Das
hoA6275)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Das
hoA6275)
... 13 more
------------------------------------------------------------------------
----
but when I altered the destination (field TARGET_HTTPS_SERVER) became
www.verizon.com and www.mail.yahoo.com the program doing fine.
But then when change again the destination into sourceforge.net, the
Exception as above happen again.
www.verisign.com and sourceforge.net have the same characteristic that
is when I browse them with Microsoft Internet Explorer 6, they yield a
dialog frame that say "this page contain both secure and nonsecure items
.... "
Is the characteristic above that caused me unable to open
www.verisign.com and sourceforge.net? Or can you think another causes?
And please tell how do I deal with it?
Thank you ...
For your Information this is my JVM :
C:\j2sdk1.4.2_01\jre\lib\security>java -version
java version "1.4.1_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1_02-b06)
Java HotSpot(TM) Client VM (build 1.4.1_02-b06, mixed mode)
And this are my cacerts fill with :
C:\j2sdk1.4.2_01\jre\lib\security>keytool -list -keystore cacerts
Enter keystore password:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
Keystore type: jks
Keystore provider: SUN
Your keystore contains 20 entries
verisignclass4ca, Jun 30, 1998, trustedCertEntry,
Certificate fingerprint (MD5):
1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10
entrustglobalclientca, Jan 9, 2003, trustedCertEntry,
Certificate fingerprint (MD5):
9A:77:19:18:ED:96:CF:DF:1B:B7:0E:F5:8D:B9:88:2E
gtecybertrustglobalca, May 10, 2002, trustedCertEntry,
Certificate fingerprint (MD5):
CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
entrustgsslca, Jan 9, 2003, trustedCertEntry,
Certificate fingerprint (MD5):
9D:66:6A:CC:FF:D5:F5:43:B4:BF:8C:16:D1:2B:A8:99
thawtepersonalbasicca, Feb 13, 1999, trustedCertEntry,
Certificate fingerprint (MD5):
E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
verisignclass1ca, Jun 30, 1998, trustedCertEntry,
Certificate fingerprint (MD5):
51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20
thawtepersonalfreemailca, Feb 13, 1999, trustedCertEntry,
Certificate fingerprint (MD5):
1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
entrustsslca, Jan 9, 2003, trustedCertEntry,
Certificate fingerprint (MD5):
DF:F2:80:73:CC:F1:E6:61:73:FC:F5:42:E9:C5:7C:EE
verisignclass3ca, Jun 30, 1998, trustedCertEntry,
Certificate fingerprint (MD5):
78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D
gtecybertrustca, May 10, 2002, trustedCertEntry,
Certificate fingerprint (MD5):
C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
thawteserverca, Feb 13, 1999, trustedCertEntry,
Certificate fingerprint (MD5):
C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
thawtepersonalpremiumca, Feb 13, 1999, trustedCertEntry,
Certificate fingerprint (MD5):
3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D
thawtepremiumserverca, Feb 13, 1999, trustedCertEntry,
Certificate fingerprint (MD5):
06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
entrust2048ca, Jan 9, 2003, trustedCertEntry,
Certificate fingerprint (MD5):
BA:21:EA:20:D6:DD:DB:8F:C1:57:8B:40:AD:A1:FC:FC
baltimorecybertrustca, May 10, 2002, trustedCertEntry,
Certificate fingerprint (MD5):
AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4
entrustclientca, Jan 9, 2003, trustedCertEntry,
Certificate fingerprint (MD5):
0C:41:2F:13:5B:A0:54:F5:96:66:2D:7E:CD:0E:03:F4
verisignserverca, Jun 30, 1998, trustedCertEntry,
Certificate fingerprint (MD5):
74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
gtecybertrust5ca, May 10, 2002, trustedCertEntry,
Certificate fingerprint (MD5):
7D:6C:86:E4:FC:4D:D1:0B:00:BA:22:BB:4E:7C:6A:8E
baltimorecodesigningca, May 10, 2002, trustedCertEntry,
Certificate fingerprint (MD5):
90:F5:28:49:56:D1:5D:2C:B0:53:D4:4B:EF:6F:90:22
verisignclass2ca, Jun 30, 1998, trustedCertEntry,
Certificate fingerprint (MD5):
EC:40:7D:2B:76:52:67:05:2C:EA:F2:3A:4F:65:F0:D8
-----Original Message-----
From: Ortwin Glück [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 27, 2004 3:44 PM
To: Commons HttpClient Project
Subject: Re: [newbie] SSL
bagas wrote:
> Dear All,
>
> I am sorry let me rephrase my question.
> What I want to ask are
> 1. How do I check and approve a certificate sent by a web server in
> https request? So that I don't get error like :
>
javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorExce
> ption: No trusted certificate found.
>
> 2. Can a HttpClient uses a certificate so that it can be verified by a
> webserver that it trying to connect? If this can be done please give
me
> an example?
>
> Thank You.
>
> Regards,
>
> Rahmat Bagas Santoso
Please check out the SSL guide
http://jakarta.apache.org/commons/httpclient/sslguide.html
which should answer your questions.
As statet frequently on this list, HttpClient makes no assumptions about
the underlying SSL implementation. Please refer to the documentation of
your SSL implementation for further information.
---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
