Hi, Pen,
"EasySSLProtocolSocketFactory" really works. If you're using Easy properly
you won't get a "PKIX path building failed" problem. Maybe keep trying.
But "Easy" is also a bad habit that can become hard to break.
Jim's (ohaya) advice is also good, but personally I prefer not to pollute my
entire JVM's settings using System.setProperty(). Every SSL socket ever
created in your Java application from then on (RMI, LDAP, HTTPS, etc....)
will be using that setting!
Instead I prefer to take Jim's approach, but pair it with
AuthSSLProtocolSocketFactory
instead of using a System property. Set the keystore to null, but set the
truststore to the cert you need!
Another option is the TrustSSLProtocolSocketFactory provided by the
"not-yet-commons-ssl" library I'm working on:
http://juliusdavies.ca/commons-ssl/
http://juliusdavies.ca/commons-ssl/javadocs/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.html
BTW: to get your hands on the server's cert so that you can import it, try
"openssl s_client" or the not-yet-commons-ssl "Ping" utility:
http://juliusdavies.ca/commons-ssl/utilities.html
Good luck!
yours,
Julius
On 12/29/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
---- Praveen Maiya <[EMAIL PROTECTED]> wrote:
>
Hi,
I have a HttpClient related SSL question. I have a read the HttpClient SSL
guide. I am trying to connect to secure site over ssl. If we try to access
the ssl site in the browser(https), we get the certificate. I get the
following message:
There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a
trusted certificate authority.
But I can still go ahead and accept the certificate since I know it is a
test certificate we using for our development purpose. So I have the
certificate now.
I am trying to connect to the same site using(HttpClient) one of the
example EasySSLProtocolSocketFactory program. I get the following
errors
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
So my question is what should I do to work this. This program works or I
need other programs like
StrictSSLProtocolSocketFactory
AuthSSLProtocolSocketFactory
which program should I use and what are the various steps I need to do get
this work
Thanks in advance
Pen
Hi,
I haven't done any programming with HttpClient and SSL, but I have worked
with JSSE and SSL, and when I did that, and in order to get SSL working, I
had to add the certificate of the CA that issued the server cert to a
keystore, and point to that keystore (i.e., so that certs from that CA
were "trusted"). It's been awhile, but I think I had to do something like:
= Import the CA cert into a keystore:
keytool -import -trustcacerts -keystore <keystorefilename> -file <
theCAcert.cer>
-alias <anything>
= In the app, add this keystore as trustStore:
System.setProperty("javax.net.ssl.trustStore", "keystorefilename");
Hope that that helps!
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
yours,
Julius Davies
416-652-0183
http://juliusdavies.ca/
