Lukas,
I certainly cannot spend the time to help you, beyond this email, but for the sake of correct knowledge in the HttpClient mail logs....
Lukas Bradley wrote:
This simply isn't a valid criticism of Java. You are free to add additional certificate authorities to Java's cacerts file(found in jre/lib/security/). You can update the file using the "keytool" command line tool. If you have a small scale deployment, this is a perfectly good way to configure support for SSL (we've used this approach for in-house testing, for example). Note that Sun's SSL support has bugs, particularly in certain releases. If your problem lies there, you can play around with that to try to get it working, or you can use an alternative SSL provider (Entrust and IBM come to mind, but don't consider that an endorsement of either, or a criticism of any that exist that I've not mentioned).The response we have received from their technician is as follows:
"Okay, this is making some sense now. We are not logging your requests
because you are not reaching us. Your software is bailing out ahead of time
because you are using Java. Java has static lists included of valid
certificate authorities. Because we only issue certificates for personal
security reasons, we are not a valid certificate authority in Java's eyes.
This causes Java to have a fatal error at the handshake:
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
There are two ways around this: 1) Don't use java. Generate a new CSR, I will immediately sign it and send
it back to you. Use command line scripting or other programming languages to
communicate with our servers ( perl, curl, bash, etc...)
2) Write your own extended SSL verification classes. We have generated an
example of how do go about this which you will find attached. Feel free to
use any parts of the code to aid in the incorporation into your system.
Also check out various posts from the email archives.
If there is anything else I can do, please let me know."
In answer to your questions, it appears as if we are never reaching them.
I will find out the answer to your second question.
However, your third question is very perplexing. Are there SSL modules that do NOT work with JSSE? Wouldn't that be an open standard?
Lukas
-Eric.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
