ok cool...i fixed the problem. So first of all i had to connect through
proxy first and then secondly i had to add the certificate to the keystore
and then add the keystore as a property to code..now working fine. so here
is the code which made all the difference.
first i had to export the cert from the site...once logged in i just double
clicked on the lock icon in IE (on the status bar down the bottom of IE when
logged into the secure site)and then found and copy to file button. I saved
it as a DER encrypted file to say c:\temp\certfile.cer and then using
keytool as follows (keytool can be found in the JDK bin folder)
keytool -keystore "C:\Program Files\Java\jdk1.6.0\jre\lib\security\cacerts"
-import -alias mysecurestore -file C:\temp\certfile.cer -trustcacerts
System.setProperty("javax.net.ssl.trustStore", "C:\\Program
Files\\Java\\jdk1.6.0\\jre\\lib\\security\\cacerts");
and now is working like a charm. I hope this comes in handy for someone
else in future cuz this one really sucked.
RossW wrote:
>
> ok now i am getting this...the change i made which was causing the prev
> error was to connect via proxy first. Funny thing was that i was told
> without any doubt that it was not proxied. Anyways now i am getting SSL
> cert related errors
>
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
> at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
> at java.io.BufferedOutputStream.flush(Unknown Source)
> at
> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Unknown
> Source)
> at org.apache.commons.httpclient.HttpMethodBase.writeRequest(Unknown
> Source)
> at org.apache.commons.httpclient.HttpMethodBase.execute(Unknown Source)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown
> Source)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown
> Source)
> at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown
> Source)
> at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown
> Source)
> at chester_japp.Chester_queue.record_proc(Chester_queue.java:129)
> at chester_japp.Chester_queue.run(Chester_queue.java:382)
> at java.lang.Thread.run(Unknown Source)
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> at sun.security.validator.Validator.validate(Unknown Source)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)
> ... 20 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> Source)
> at java.security.cert.CertPathBuilder.build(Unknown Source)
> ... 26 more
>
> olegk wrote:
>>
>> On Tue, 2007-04-24 at 04:22 -0700, RossW wrote:
>>>
>>> >
>>> > Ross,
>>> >
>>> > This appears to be some kind of connectivity problem. Is this an
>>> > intranet or internet site? Can you establish a connection to that site
>>> > using a browser?
>>> >
>>> > You do not explicitly set a connect timeout value, so JRE the default
>>> > one applies. Try explicitly setting the connect timeout value to
>>> > something like 10 min and see what happens.
>>> >
>>> > Oleg
>>> >
>>
>> ...
>>
>>>
>>> Hey thanks for the reply. It is an intranet site but i am able to
>>> access it
>>> ok when using my browser and the proxy server does not affect this site.
>>> I
>>> think i have tried setting the timeout for both the connection and the
>>> socket to unlim and it was still failing. I suspect somehow it is
>>> related
>>> to the SSL but found it odd that i can connect to some SSL sites. A
>>> friend
>>> of mine wrote a similar program that uses HTTPCLIENT (the one written by
>>> a
>>> chinese group cant recall there name) and the code is similar and it
>>> works
>>> fine. I want to the apache one because i believe it will have more
>>> ongoing
>>> support.
>>>
>>> Thanks.
>>
>> Please note that for some JREs infinite connect timeout (zero value)
>> effectively means the _default_ value, which may well be a finite
>> number.
>>
>> Are you absolutely sure the browser is hitting the site directly and not
>> through a proxy?
>>
>> Anyways, if this is an internal site, internal infrastructure staff are
>> your best friends. They should be able to tell why connections time out.
>>
>> Oleg
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>
>
--
View this message in context:
http://www.nabble.com/SSL-Site-tf3509897.html#a10299173
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
