You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Susanta Mohapatra <mo...@gmail.com> on 2012/09/10 10:55:00 UTC
SSL Self-signed certificate problem JDK1.5 & 1.6
Hi all,
I am trying to import a self-signed certificate into the default java
keystore "cacerts" ( Java version 1.5 ). The certificate is imported
successfully but when I try to use HttpClient library to connect to the
server, I run into the error
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
javax.net.ssl.SSLHandshakeException
com.sun.net.ssl.internal.ssl.Alerts:getSSLException
I found some articles by googling that you need to make a new jks keystore
by importing the self-signed certificate. But I want to do it on the
default keystore "cacerts". I don't want to relax the constraints of
certificate checks at client side.
Please help me out with the correct solution for the issue.
Thanks
Susanta
Re: SSL Self-signed certificate problem JDK1.5 & 1.6
Posted by Jose Escobar <eb...@gmail.com>.
>
> Jose
>
> As of version 4.3 HttpClient will allow SCHEME_REGISTRY to be overridden
> though HttpContext.
>
> Oleg
>
>
This sounds great!
I' ll be able to change the dependency of a patched httpClient when it releases.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: SSL Self-signed certificate problem JDK1.5 & 1.6
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Fri, 2012-09-14 at 14:40 +0530, Susanta Mohapatra wrote:
> Thanks Jose,
>
> I was trying to connector to Microsoft Share Point server which was
> configured with SSL + NTLM v2 support. Interesting thing I found was that
> after java disabled unsafe re-negotiation in Jre 1.6._22, the client code
> started giving error - connection reset. I didn't find any solution other
> than to include that flag in JVM after which code started working. This
> might be because of the NTLM authentication process.
>
> Hope this helps someone in search for similar error.
>
> -Susanta
>
> On Mon, Sep 10, 2012 at 4:50 PM, Jose Escobar <eb...@gmail.com> wrote:
>
> > Hi Susanta,
> >
> > I had a similar problem and Oleg Kalnichevski answered me:
> >
> > > Possibly a better option might be a custom socket factory that can
> > > create SSL connections with different SSL contexts using different trust
> > > and key material based on the hostname of the target server.
> >
> > I decided to make a little change on HttpClient to set a new
> > SchemeRegistry on each request thread that need
> > specific trust and key material and I add it as a SCHEME_REGISTRY
> > attribute to a Context variable.
> >
> > You can find this talk at
> > http://marc.info/?l=httpclient-users&m=133830124402823&w=2
> >
> > Jose Escobar
> >
Jose
As of version 4.3 HttpClient will allow SCHEME_REGISTRY to be overridden
though HttpContext.
Oleg
> > 2012/9/10 Susanta Mohapatra <mo...@gmail.com>:
> > > Hi all,
> > >
> > > I am trying to import a self-signed certificate into the default java
> > > keystore "cacerts" ( Java version 1.5 ). The certificate is imported
> > > successfully but when I try to use HttpClient library to connect to the
> > > server, I run into the error
> > >
> > > sun.security.validator.ValidatorException: PKIX path building failed:
> > > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> > find
> > > valid certification path to requested target
> > > javax.net.ssl.SSLHandshakeException
> > > com.sun.net.ssl.internal.ssl.Alerts:getSSLException
> > >
> > > I found some articles by googling that you need to make a new jks
> > keystore
> > > by importing the self-signed certificate. But I want to do it on the
> > > default keystore "cacerts". I don't want to relax the constraints of
> > > certificate checks at client side.
> > >
> > > Please help me out with the correct solution for the issue.
> > >
> > > Thanks
> > > Susanta
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: SSL Self-signed certificate problem JDK1.5 & 1.6
Posted by Susanta Mohapatra <mo...@gmail.com>.
Thanks Jose,
I was trying to connector to Microsoft Share Point server which was
configured with SSL + NTLM v2 support. Interesting thing I found was that
after java disabled unsafe re-negotiation in Jre 1.6._22, the client code
started giving error - connection reset. I didn't find any solution other
than to include that flag in JVM after which code started working. This
might be because of the NTLM authentication process.
Hope this helps someone in search for similar error.
-Susanta
On Mon, Sep 10, 2012 at 4:50 PM, Jose Escobar <eb...@gmail.com> wrote:
> Hi Susanta,
>
> I had a similar problem and Oleg Kalnichevski answered me:
>
> > Possibly a better option might be a custom socket factory that can
> > create SSL connections with different SSL contexts using different trust
> > and key material based on the hostname of the target server.
>
> I decided to make a little change on HttpClient to set a new
> SchemeRegistry on each request thread that need
> specific trust and key material and I add it as a SCHEME_REGISTRY
> attribute to a Context variable.
>
> You can find this talk at
> http://marc.info/?l=httpclient-users&m=133830124402823&w=2
>
> Jose Escobar
>
> 2012/9/10 Susanta Mohapatra <mo...@gmail.com>:
> > Hi all,
> >
> > I am trying to import a self-signed certificate into the default java
> > keystore "cacerts" ( Java version 1.5 ). The certificate is imported
> > successfully but when I try to use HttpClient library to connect to the
> > server, I run into the error
> >
> > sun.security.validator.ValidatorException: PKIX path building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find
> > valid certification path to requested target
> > javax.net.ssl.SSLHandshakeException
> > com.sun.net.ssl.internal.ssl.Alerts:getSSLException
> >
> > I found some articles by googling that you need to make a new jks
> keystore
> > by importing the self-signed certificate. But I want to do it on the
> > default keystore "cacerts". I don't want to relax the constraints of
> > certificate checks at client side.
> >
> > Please help me out with the correct solution for the issue.
> >
> > Thanks
> > Susanta
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
Re: SSL Self-signed certificate problem JDK1.5 & 1.6
Posted by Jose Escobar <eb...@gmail.com>.
Hi Susanta,
I had a similar problem and Oleg Kalnichevski answered me:
> Possibly a better option might be a custom socket factory that can
> create SSL connections with different SSL contexts using different trust
> and key material based on the hostname of the target server.
I decided to make a little change on HttpClient to set a new
SchemeRegistry on each request thread that need
specific trust and key material and I add it as a SCHEME_REGISTRY
attribute to a Context variable.
You can find this talk at
http://marc.info/?l=httpclient-users&m=133830124402823&w=2
Jose Escobar
2012/9/10 Susanta Mohapatra <mo...@gmail.com>:
> Hi all,
>
> I am trying to import a self-signed certificate into the default java
> keystore "cacerts" ( Java version 1.5 ). The certificate is imported
> successfully but when I try to use HttpClient library to connect to the
> server, I run into the error
>
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> javax.net.ssl.SSLHandshakeException
> com.sun.net.ssl.internal.ssl.Alerts:getSSLException
>
> I found some articles by googling that you need to make a new jks keystore
> by importing the self-signed certificate. But I want to do it on the
> default keystore "cacerts". I don't want to relax the constraints of
> certificate checks at client side.
>
> Please help me out with the correct solution for the issue.
>
> Thanks
> Susanta
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org