You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ant.apache.org by Gordon Vidaver <gv...@bbn.com> on 2003/05/22 00:47:50 UTC

Couldn't find trusted certificate using get https

Hi,
  I'm trying to use the get command with https, but I get an error like this :

javax.net.ssl.SSLHandshakeException : 
java.security.cert.CertificateException: Couldn't find trusted certificate

  Forgive my ignorance - where should the trusted certificate live?  How do 
I tell ant about it?  Is this a system property?  How do I get the 
certificate?  Netscape walks me through the process and I can access the 
site.

  Any hints would be most appreciated - thanks!

  Gordon Vidaver


Gordon Vidaver                  BBN Technologies
gvidaver@bbn.com                Office 6/323
617 873-3558                    10 Moulton St.
617 873-2616 (fax)              Cambridge, MA 02138
866-322-9311 (toll free)

RE: Couldn't find trusted certificate using get https

Posted by Giuseppe Deriard <gi...@linguaserve.com>.

Look at this direction...

http://developer.java.sun.com/developer/technicalArticles/Security/secur
einternet2/


Giuseppe Deriard
 - Resp. Dept. Técnico -
Linguaserve S.A. 
C/ Seminario de Nobles 4, 2º izda. 
28015 MADRID (España)
Tel. +34 91 761 64 67 
e-mail: giuseppe.deriard@linguaserve.com
e-mail: tecnico@linguaserve.com
web:    www.linguaserve.com


-----Mensaje original-----
De: Gordon Vidaver [mailto:gvidaver@bbn.com] 
Enviado el: jueves, 22 de mayo de 2003 0:48
Para: user@ant.apache.org
Asunto: Couldn't find trusted certificate using get https

Hi,
  I'm trying to use the get command with https, but I get an error like
this :

javax.net.ssl.SSLHandshakeException : 
java.security.cert.CertificateException: Couldn't find trusted
certificate

  Forgive my ignorance - where should the trusted certificate live?  How
do 
I tell ant about it?  Is this a system property?  How do I get the 
certificate?  Netscape walks me through the process and I can access the

site.

  Any hints would be most appreciated - thanks!

  Gordon Vidaver


Gordon Vidaver                  BBN Technologies
gvidaver@bbn.com                Office 6/323
617 873-3558                    10 Moulton St.
617 873-2616 (fax)              Cambridge, MA 02138
866-322-9311 (toll free)


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org

Re: Couldn't find trusted certificate using get https

Posted by Gordon Vidaver <gv...@bbn.com>.

Hi,
         It turns out that one way is to:

         1) Get the site's certificate

         With IE, bring up the page with the URL,
         Go to File->Properties.
         Click on Certificates button on lower right.
         Click on the details tab.
         Click on copy to file.
         Hit next through the dialog until you save it to a file (e.g 
mycert.ce).

         2) Add it to the java certificate keystore
           $ keytool -keystore <jdk home>/jre/lib/security/cacerts -import 
-alias mycert -file ./mycert.ce

         Then if you get a message like :

         HTTPS hostname wrong

         it means that the name of the host in the certificate is an alias 
for the one in the get target's src.  In the IE certificate window under 
details, if you click on issuer, you can find out the real hostname in the 
certificate.

         Failed approaches :

         I tried to tell ant about a separate keystore using 
javax.net.ssl.trustStore and the ANT_OPS environment variable, but I just 
kept getting the original error about a missing certificate.

         Gordon

At 06:47 PM 5/21/2003 -0400, you wrote:
>Hi,
>  I'm trying to use the get command with https, but I get an error like this :
>
>javax.net.ssl.SSLHandshakeException : 
>java.security.cert.CertificateException: Couldn't find trusted certificate
>
>  Forgive my ignorance - where should the trusted certificate live?  How 
> do I tell ant about it?  Is this a system property?  How do I get the 
> certificate?  Netscape walks me through the process and I can access the site.
>
>  Any hints would be most appreciated - thanks!
>
>  Gordon Vidaver
>
>
>Gordon Vidaver                  BBN Technologies
>gvidaver@bbn.com                Office 6/323
>617 873-3558                    10 Moulton St.
>617 873-2616 (fax)              Cambridge, MA 02138
>866-322-9311 (toll free)
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
>For additional commands, e-mail: user-help@ant.apache.org

Gordon Vidaver                  BBN Technologies
gvidaver@bbn.com                Office 6/323
617 873-3558                    10 Moulton St.
617 873-2616 (fax)              Cambridge, MA 02138
866-322-9311 (toll free)