RE: Async client with self signed certificate

2017-05-25 Thread Joan Balagueró 
Hi,

Yes, you were right, the keystore didin't have the server's public certificate.

Thanks,

Joan.

-Mensaje original-
De: Hassan Khan [mailto:hassankhan...@gmail.com] 
Enviado el: jueves, 18 de mayo de 2017 21:08
Para: HttpClient User Discussion
Asunto: Re: Async client with self signed certificate

Hi,

This is a issue with the CA certs... SSL handshake is failing...

if java turn on ssl debug... you will see the error in detail...

But if you have added the cacert to the java cacert files.. then java should 
recognize the self signed cert..

This is not a code issue.. it more to do with cert that is the point i am 
trying to make... May be the file Store does not have the self signed 
certificate added to it...

Hope it helps

Thanks
Hassan



On Thu, May 18, 2017 at 2:48 PM, Joan Balagueró < 
joan.balagu...@grupoventus.com> wrote:

> Hello,
>
>
>
> I’ve been using SSL with client authentication with signed 
> certificates in async http client 4.1, with no problem.
>
>
>
> My code is:
>
>
>
> FileInputStream  fKeyStore = new FileInputStream(new 
> File(keyStoreLocation));
>
> KeyStore keyStore = KeyStore.getInstance(keyStoreType);
>
> keyStore.load(fKeyStore, keyStorePassword.toCharArray());
>
>
>
> KeyManagerFactory kmfactory =
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
> ;
>
> kmfactory.init(keyStore, keyStorePassword.toCharArray());
>
> KeyManager[] keyManagers = kmfactory.getKeyManagers();
>
>
>
> TrustManagerFactory tmf =
> TrustManagerFactory.getInstance(TrustManagerFactory.
> getDefaultAlgorithm());
>
> tmf.init(keyStore);
>
>
>
> SSLContext sslContext = SSLContexts.custom().build();
>
> sslContext.init(keyManagers, tmf.getTrustManagers(), null);
>
>
>
> return (new SSLIOSessionStrategy(sslContext, new String[] { "TLSv1" }, 
> null, SSLIOSessionStrategy.getDefaultHostnameVerifier()));
>
>
>
>
>
> But now I have an installation with ssl and client authentication but 
> with a self-signed certificate. Using the previous code I get the 
> following error (I suppose because it doesn’t find the CA 
> certificate):
>
> Caused by: sun.security.validator.ValidatorException: PKIX path 
> building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: 
> unable to find valid certification path to requested target
>
>
>
> Can anyone help me with this? How should I modify the previous code to 
> have this working? I’ve tried some alternatives but none of them worked.
>
>
>
> Thanks in advance.
>
>
>
> Joan.
>
>
>
>
>
>
>
>
>
>


--
Hassan Khan


-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Re: Async client with self signed certificate

2017-05-18 Thread Gary Gregory 
You can remove most of this boilerplate if use use the SslContextBuilder
class.

Gary

On May 18, 2017 11:48 AM, "Joan Balagueró" 
wrote:

> Hello,
>
>
>
> I’ve been using SSL with client authentication with signed certificates in
> async http client 4.1, with no problem.
>
>
>
> My code is:
>
>
>
> FileInputStream  fKeyStore = new FileInputStream(new
> File(keyStoreLocation));
>
> KeyStore keyStore = KeyStore.getInstance(keyStoreType);
>
> keyStore.load(fKeyStore, keyStorePassword.toCharArray());
>
>
>
> KeyManagerFactory kmfactory =
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
>
> kmfactory.init(keyStore, keyStorePassword.toCharArray());
>
> KeyManager[] keyManagers = kmfactory.getKeyManagers();
>
>
>
> TrustManagerFactory tmf =
> TrustManagerFactory.getInstance(TrustManagerFactory.
> getDefaultAlgorithm());
>
> tmf.init(keyStore);
>
>
>
> SSLContext sslContext = SSLContexts.custom().build();
>
> sslContext.init(keyManagers, tmf.getTrustManagers(), null);
>
>
>
> return (new SSLIOSessionStrategy(sslContext, new String[] { "TLSv1" },
> null,
> SSLIOSessionStrategy.getDefaultHostnameVerifier()));
>
>
>
>
>
> But now I have an installation with ssl and client authentication but with
> a
> self-signed certificate. Using the previous code I get the following error
> (I suppose because it doesn’t find the CA certificate):
>
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
>
>
>
> Can anyone help me with this? How should I modify the previous code to have
> this working? I’ve tried some alternatives but none of them worked.
>
>
>
> Thanks in advance.
>
>
>
> Joan.
>
>
>
>
>
>
>
>
>
>

Re: Async client with self signed certificate

2017-05-18 Thread Hassan Khan 
Hi,

This is a issue with the CA certs... SSL handshake is failing...

if java turn on ssl debug... you will see the error in detail...

But if you have added the cacert to the java cacert files.. then java
should recognize the self signed cert..

This is not a code issue.. it more to do with cert that is the point i am
trying to make... May be the file Store does not have the self signed
certificate added to it...

Hope it helps

Thanks
Hassan



On Thu, May 18, 2017 at 2:48 PM, Joan Balagueró <
joan.balagu...@grupoventus.com> wrote:

> Hello,
>
>
>
> I’ve been using SSL with client authentication with signed certificates in
> async http client 4.1, with no problem.
>
>
>
> My code is:
>
>
>
> FileInputStream  fKeyStore = new FileInputStream(new
> File(keyStoreLocation));
>
> KeyStore keyStore = KeyStore.getInstance(keyStoreType);
>
> keyStore.load(fKeyStore, keyStorePassword.toCharArray());
>
>
>
> KeyManagerFactory kmfactory =
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
>
> kmfactory.init(keyStore, keyStorePassword.toCharArray());
>
> KeyManager[] keyManagers = kmfactory.getKeyManagers();
>
>
>
> TrustManagerFactory tmf =
> TrustManagerFactory.getInstance(TrustManagerFactory.
> getDefaultAlgorithm());
>
> tmf.init(keyStore);
>
>
>
> SSLContext sslContext = SSLContexts.custom().build();
>
> sslContext.init(keyManagers, tmf.getTrustManagers(), null);
>
>
>
> return (new SSLIOSessionStrategy(sslContext, new String[] { "TLSv1" },
> null,
> SSLIOSessionStrategy.getDefaultHostnameVerifier()));
>
>
>
>
>
> But now I have an installation with ssl and client authentication but with
> a
> self-signed certificate. Using the previous code I get the following error
> (I suppose because it doesn’t find the CA certificate):
>
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
>
>
>
> Can anyone help me with this? How should I modify the previous code to have
> this working? I’ve tried some alternatives but none of them worked.
>
>
>
> Thanks in advance.
>
>
>
> Joan.
>
>
>
>
>
>
>
>
>
>


-- 
Hassan Khan

Async client with self signed certificate

2017-05-18 Thread Joan Balagueró 
Hello,

 

I’ve been using SSL with client authentication with signed certificates in
async http client 4.1, with no problem.

 

My code is:

 

FileInputStream  fKeyStore = new FileInputStream(new
File(keyStoreLocation));

KeyStore keyStore = KeyStore.getInstance(keyStoreType);

keyStore.load(fKeyStore, keyStorePassword.toCharArray());

 

KeyManagerFactory kmfactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

kmfactory.init(keyStore, keyStorePassword.toCharArray());

KeyManager[] keyManagers = kmfactory.getKeyManagers();

 

TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

tmf.init(keyStore);

 

SSLContext sslContext = SSLContexts.custom().build();

sslContext.init(keyManagers, tmf.getTrustManagers(), null);

 

return (new SSLIOSessionStrategy(sslContext, new String[] { "TLSv1" }, null,
SSLIOSessionStrategy.getDefaultHostnameVerifier()));

 

 

But now I have an installation with ssl and client authentication but with a
self-signed certificate. Using the previous code I get the following error
(I suppose because it doesn’t find the CA certificate):

Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target

 

Can anyone help me with this? How should I modify the previous code to have
this working? I’ve tried some alternatives but none of them worked.

 

Thanks in advance.

 

Joan.