One alternative is to import the server certificate into the client's SSL key store.
This will solve the SSL handshake exception and you don't have to prompt the user for accepting the certificate everytime.
Not sure if this is what you are looking for.
You can run the following command to import the server certificate. Copy the server certificate (.arm file) and cacerts of client (..\base_v51\java\jre\lib\security\.) into the bin folder and run this.
C:\PROGRA~1\IBM\WebSphere Studio\Application Developer\v5.1.2\runtimes\base_v51\
java\jre\bin>keytool -import -alias XXXXX -file XXXXX.arm -keystore cacerts
Praveen
| "Trey Ethridge"
<[EMAIL PROTECTED]>
08/04/2005 01:30 PM
|
To: [email protected] cc: Subject: Java Application using SOAP over SSL, problems... |
Hello all,
I'm having some problems getting this working. First off, I've got the Tomcat server configured for https traffic and it appears to be working fine from the tests that I've done via a browser.
The problem I'm having is configuring the Java client to use an untrusted certificate. I want my application to work just like a web browser when an untrusted certificate is sent from the server. I want to show the certificate info to the user and ask if they want to continue or not. I'll also allow them to add the key to their keystore for future use, so they won't be prompted again.
I've got this sort of working with some sample code, but not using SOAP. My sample code tries to read a line from a web page that I know will be there. Like this:
URL verisign = new URL("https://" + server + "/index.html");
BufferedReader in = new BufferedReader(
new InputStreamReader(verisign.openStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
If it gets a SSLHandshakeException, it prompts the user to add the certificate or cancel. If the user adds the certificate, the code adds the certificate to the keystore and then tries to read the line again. Here is a sample of my code.
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
// MyDummyTrustManager prompts user if base class validation fails.
TrustManager[] myTM = new TrustManager [] { new MyDummyTrustManager(keyStore) };
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, myTM, null);
SSLSocketFactory ssf = sc.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(ssf);
// MyHostnameVerifier prompts user if validation fails.
HttpsURLConnection.setDefaultHostnameVerifier(new MyHostNameVerifier());
When I run this code and then construct a Call object and invoke it, I get a SSLHandshakeException. Why doesn't the Call object use the same DefaultSSLSocketFactory on the HttpsURLConnection object?
Also, does anybody have an example of how to grab the default keystore without asking the user to specify it? I want to have the Java app "just work" without a lot of knowledge on the users part.
Finally, is there a simpler way to do what I'm trying to do? I just want to make calls across soap using SSL. My code must allow the user to accept a server's certificate from the gui like a browser does if certificate authentication fails. I figured this would be built into java as a common dialog, since I saw it pop up once when an applet accessed a web server encrypted with SSL.
Any example code would be greatly appreciated.
Thanks in advance for any help,
-- Trey
___________________________________________________________________
Try Juno Platinum for Free! Then, only $9.95/month!
Unlimited Internet Access with 250MB of Email Storage.
Visit http://www.juno.com/value to sign up today!
The information contained in this message may be CONFIDENTIAL and is for
the intended addressee only. Any unauthorized use, dissemination of the
information, or copying of this message is prohibited. If you are not the
intended addressee, please notify the sender immediately and delete this
message.
