On Fri, 2012-09-14 at 14:40 +0530, Susanta Mohapatra wrote: > Thanks Jose, > > I was trying to connector to Microsoft Share Point server which was > configured with SSL + NTLM v2 support. Interesting thing I found was that > after java disabled unsafe re-negotiation in Jre 1.6._22, the client code > started giving error - connection reset. I didn't find any solution other > than to include that flag in JVM after which code started working. This > might be because of the NTLM authentication process. > > Hope this helps someone in search for similar error. > > -Susanta > > On Mon, Sep 10, 2012 at 4:50 PM, Jose Escobar <[email protected]> wrote: > > > Hi Susanta, > > > > I had a similar problem and Oleg Kalnichevski answered me: > > > > > Possibly a better option might be a custom socket factory that can > > > create SSL connections with different SSL contexts using different trust > > > and key material based on the hostname of the target server. > > > > I decided to make a little change on HttpClient to set a new > > SchemeRegistry on each request thread that need > > specific trust and key material and I add it as a SCHEME_REGISTRY > > attribute to a Context variable. > > > > You can find this talk at > > http://marc.info/?l=httpclient-users&m=133830124402823&w=2 > > > > Jose Escobar > >
Jose As of version 4.3 HttpClient will allow SCHEME_REGISTRY to be overridden though HttpContext. Oleg > > 2012/9/10 Susanta Mohapatra <[email protected]>: > > > Hi all, > > > > > > I am trying to import a self-signed certificate into the default java > > > keystore "cacerts" ( Java version 1.5 ). The certificate is imported > > > successfully but when I try to use HttpClient library to connect to the > > > server, I run into the error > > > > > > sun.security.validator.ValidatorException: PKIX path building failed: > > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > find > > > valid certification path to requested target > > > javax.net.ssl.SSLHandshakeException > > > com.sun.net.ssl.internal.ssl.Alerts:getSSLException > > > > > > I found some articles by googling that you need to make a new jks > > keystore > > > by importing the self-signed certificate. But I want to do it on the > > > default keystore "cacerts". I don't want to relax the constraints of > > > certificate checks at client side. > > > > > > Please help me out with the correct solution for the issue. > > > > > > Thanks > > > Susanta > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
