(yet another) HTTPS SSL question (but I read the FAQ)

Wed, 14 Feb 2007 11:48:45 -0800 



To start, I want to acknowledge that the httpclient library is very 
useful and I have had a lot of success with it. And I need to state that 
I have read the SSL FAQ, and even implemented the 
EasySSLProtocolSocketFactory solution. However, I am still running into 
an issue and perhaps I can approach the solution I am looking for by 
asking 2 questions (not the usual "how do I get it to work with SSL").



So I use the library to connect to many different webservers, and 
occasionally one comes along with a certificate that causes httpclient 
to throw an exception like this :



javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target



Now I can get around this by signing my keychain with the certificate in 
question, which is the typical approach. So here's my first question :



1. Are there a set of certificates, possibly found in the average 
browser, that once added will "complete" my vanilla JDK1.5.6 (64 bit) 
keychain and allow httpclient to successfully make an HTTPS connection 
"anywhere the browser can without asking permission ?" Has anyone had 
some success say, adding all certificates in IE and FF ? As an addendum, 
does anyone know how to export a certificate from FF ? IE makes this 
easy but FF doesn't seem to allow it. Typically the issue that I find is 
that an intermediary certificate in the chain is not recognized (usually 
just above the certificates presented by the webserver in question).



I don't mind adding the odd certificate for self-signers, but I'd like 
to do it once and for (if possible) and not piecemeal.



Now for question 2. I implemented the EasySSLProtocolSocketFactory, and 
turned it on to test some of these connections. But I still get the 
"unable to find valid certification path to requested target" exception. 
So here is question 2.



2. Have I made an error in my implementation or is this "unable to find 
valid certification path to requested target" possible even when using 
EasySSLProtocolSocketFactory ?


Thanks in advance for any responses.

alex

--

Alex Orloff
Software Engineering
Root Exchange, a division of Root Markets
http://www.rootexchange.com
W – (510) 812-3163
F – (415) 643-6789

E - [EMAIL PROTECTED] 



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to