I've gone over those instructions and a dozen variants. Like I said, I've imported the cert into a JKS keystore and use that in my SSLSocketFactory. No dice.
There's no client authentication; it's just trying to authenticate the server against a trusted CA and I think I'm just having a problem properly importing a certificate _chain_ (not just a single certificate) into the keystore. I don't really want to create a custom trust manager as this more or less bypasses the SSL security. I've tried... - exporting the chain as a PEM file and importing into the keystore (I get only one the top certificate) - exporting the chain as a pkcs7 file - keytool says it's not an x.509 certificate - exporting the individual certs as PEM or pkcs7 - they can be imported into a keystore but are not chained - exported via various different options that IE's certificate export wizard gives. None of them seem to work. olegk wrote: > > The Javadocs of the SSLSocketFactory include instructions how to create > a trust store given a trusted public certificate. I guess this should be > sufficient: > > http://hc.apache.org/httpcomponents-client/httpclient/apidocs/org/apache/http/conn/ssl/SSLSocketFactory.html > > The worst case, one can set up an SSL context with a trust manager > trusting any certificate, including invalid ones. > -- View this message in context: http://www.nabble.com/SSLPeerUnverifiedException----cannot-get-chain-imported-correctly-tp21564943p21570945.html Sent from the HttpClient-User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
