Hi .. I followed your steps .
I have downloaded the certificate & and stored as DER in local.
Then I tried to execute the following command.
keytool -keystore "C:\Program Files\Java\jdk1.6.0\jre\lib\security\cacerts"
-import -alias mysecurestore -file C:\temp\certfile.cer -trustcacerts
Its asking for a password. I am not sure , What password to supply.
Can you please suggest me.
olegk wrote:
>
> On Wed, 2007-05-02 at 22:22 -0700, RossW wrote:
>> ok cool...i fixed the problem. So first of all i had to connect through
>> proxy first and then secondly i had to add the certificate to the
>> keystore
>> and then add the keystore as a property to code..now working fine. so
>> here
>> is the code which made all the difference.
>>
>> first i had to export the cert from the site...once logged in i just
>> double
>> clicked on the lock icon in IE (on the status bar down the bottom of IE
>> when
>> logged into the secure site)and then found and copy to file button. I
>> saved
>> it as a DER encrypted file to say c:\temp\certfile.cer and then using
>> keytool as follows (keytool can be found in the JDK bin folder)
>>
>> keytool -keystore "C:\Program
>> Files\Java\jdk1.6.0\jre\lib\security\cacerts"
>> -import -alias mysecurestore -file C:\temp\certfile.cer -trustcacerts
>>
>> System.setProperty("javax.net.ssl.trustStore", "C:\\Program
>> Files\\Java\\jdk1.6.0\\jre\\lib\\security\\cacerts");
>>
>> and now is working like a charm. I hope this comes in handy for someone
>> else in future cuz this one really sucked.
>>
>
> Ross
>
> You may consider using AuthSSLProtocolSocketFactory if you want to avoid
> having to modify the cacerts file
>
> http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/
> http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup
>
> For details see
>
> http://jakarta.apache.org/commons/httpclient/sslguide.html
>
> Oleg
>
>>
>> RossW wrote:
>> >
>> > ok now i am getting this...the change i made which was causing the prev
>> > error was to connect via proxy first. Funny thing was that i was told
>> > without any doubt that it was not proxied. Anyways now i am getting SSL
>> > cert related errors
>> >
>> > javax.net.ssl.SSLHandshakeException:
>> > sun.security.validator.ValidatorException: PKIX path building failed:
>> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
>> find
>> > valid certification path to requested target
>> > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
>> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
>> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
>> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
>> > at
>> > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
>> > Source)
>> > at
>> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
>> > Source)
>> > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
>> > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
>> Source)
>> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
>> Source)
>> > at
>> >
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
>> > Source)
>> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown
>> Source)
>> > at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
>> > at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
>> > at java.io.BufferedOutputStream.flush(Unknown Source)
>> > at
>> >
>> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Unknown
>> > Source)
>> > at org.apache.commons.httpclient.HttpMethodBase.writeRequest(Unknown
>> > Source)
>> > at org.apache.commons.httpclient.HttpMethodBase.execute(Unknown
>> Source)
>> > at
>> >
>> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown
>> > Source)
>> > at
>> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown
>> > Source)
>> > at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown
>> Source)
>> > at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown
>> Source)
>> > at chester_japp.Chester_queue.record_proc(Chester_queue.java:129)
>> > at chester_japp.Chester_queue.run(Chester_queue.java:382)
>> > at java.lang.Thread.run(Unknown Source)
>> > Caused by: sun.security.validator.ValidatorException: PKIX path
>> building
>> > failed: sun.security.provider.certpath.SunCertPathBuilderException:
>> unable
>> > to find valid certification path to requested target
>> > at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
>> > at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
>> > at sun.security.validator.Validator.validate(Unknown Source)
>> > at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
>> > Source)
>> > at
>> >
>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
>> > Source)
>> > at
>> >
>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
>> > Source)
>> > ... 20 more
>> > Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
>> > unable to find valid certification path to requested target
>> > at
>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
>> > Source)
>> > at java.security.cert.CertPathBuilder.build(Unknown Source)
>> > ... 26 more
>> >
>> > olegk wrote:
>> >>
>> >> On Tue, 2007-04-24 at 04:22 -0700, RossW wrote:
>> >>>
>> >>> >
>> >>> > Ross,
>> >>> >
>> >>> > This appears to be some kind of connectivity problem. Is this an
>> >>> > intranet or internet site? Can you establish a connection to that
>> site
>> >>> > using a browser?
>> >>> >
>> >>> > You do not explicitly set a connect timeout value, so JRE the
>> default
>> >>> > one applies. Try explicitly setting the connect timeout value to
>> >>> > something like 10 min and see what happens.
>> >>> >
>> >>> > Oleg
>> >>> >
>> >>
>> >> ...
>> >>
>> >>>
>> >>> Hey thanks for the reply. It is an intranet site but i am able to
>> >>> access it
>> >>> ok when using my browser and the proxy server does not affect this
>> site.
>> >>> I
>> >>> think i have tried setting the timeout for both the connection and
>> the
>> >>> socket to unlim and it was still failing. I suspect somehow it is
>> >>> related
>> >>> to the SSL but found it odd that i can connect to some SSL sites. A
>> >>> friend
>> >>> of mine wrote a similar program that uses HTTPCLIENT (the one written
>> by
>> >>> a
>> >>> chinese group cant recall there name) and the code is similar and it
>> >>> works
>> >>> fine. I want to the apache one because i believe it will have more
>> >>> ongoing
>> >>> support.
>> >>>
>> >>> Thanks.
>> >>
>> >> Please note that for some JREs infinite connect timeout (zero value)
>> >> effectively means the _default_ value, which may well be a finite
>> >> number.
>> >>
>> >> Are you absolutely sure the browser is hitting the site directly and
>> not
>> >> through a proxy?
>> >>
>> >> Anyways, if this is an internal site, internal infrastructure staff
>> are
>> >> your best friends. They should be able to tell why connections time
>> out.
>> >>
>> >> Oleg
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> For additional commands, e-mail:
>> [EMAIL PROTECTED]
>> >>
>> >>
>> >>
>> >
>> >
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/SSL-Site-tp9803919p16114444.html
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
