You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Tom Samplonius <to...@sdf.com> on 2003/02/04 08:39:16 UTC
HTTPS/JSSE problem
I'm trying to access a https URL with a simple test problem. Upon
executing the program, I get:
java.net.SocketException: SSL implementation not available
I'm using jdk1.3.1. I've download JSSE, and put jsse.jar, jcert.jar,
and jnet.jar into my classpath. I've also tried adding
"-D-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol" to
the jvm startup. That doesn't change anthing.
What is the proper way to get JSSE working?
Tom
Re: HTTPS/JSSE problem
Posted by Tom Samplonius <to...@sdf.com>.
After trying to find the Entrust root certficate, I just exported a .cer
file from IE, and imported it like this:
keytool -import -alias entrust -file entrust.cer \
-keystore /usr/local/jdk/jre/lib/security/cacerts
That seems to do the trick.
Tom
On Tue, 4 Feb 2003, Michael Becke wrote:
> Since the JRE doesn't recognize Entrust by default it is as though the
> cert is self signed.
>
> Take a look at Sun's docs for the keytool:
>
> http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html
>
> There is also a good discussion thread covering this topic at:
>
> http://forum.java.sun.com/thread.jsp?thread=153188&forum=2&message=448971
>
> Enjoy,
>
> Mike
>
>
> Tom Samplonius wrote:
> > Actually, the certificate is signed by Entrust (the site is
> > https://www3.interaction.bell.ca).
> >
> > Can the Entrust root certificate be imported into the keystore easily?
> > The JSSE INSTALL.TXT talks about which file they go into, but doesn't
> > really provide any detail on where they come from. Where did you get the
> > various signing authorities root certificates?
> >
> >
> > Tom
> >
> >
> > On Tue, 4 Feb 2003, Michael Becke wrote:
> >
> >
> >>By default JSSE only support SSL certs that are signed by Verisign or
> >>Thawte. To use a self signed cert (this appears to be what you are
> >>doing) you have two options:
> >>
> >>1) import the servers cert into your keystore
> >>2) mess around with the X509 stuff, someone posted a URL earlier talking
> >>about how to do this
> >>
> >>Mike
> >>
> >>Tom Samplonius wrote:
> >>
> >>> Now I get the runtime error:
> >>>
> >>>javax.net.ssl.SSLException: untrusted server cert chain
> >>>
> >>>
> >>> Is there anything more that needs to be done to setup the connection?
> >>>I've seend some examples that setup all sorts of X509 stuff. Is that
> >>>required too? I'm using JSSE 1.0.3_01.
> >>>
> >>>
> >>>Tom
> >>>
> >>>
> >>>On Tue, 4 Feb 2003, Michael Becke wrote:
> >>>
> >>>
> >>>
> >>>>java.security.Security.addProvider().
> >>>>
> >>>>Mike
> >>>>
> >>>>Tom Samplonius wrote:
> >>>>
> >>>>
> >>>>> I'm getting an unresolved symbol now. Where do I import
> >>>>>"Security.addProvider()" from?
> >>>>>
> >>>>>
> >>>>>Tom
> >>>>>
> >>>>>
> >>>>>On Tue, 4 Feb 2003, Michael Becke wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>You need to add the following line to your code somewhere:
> >>>>>>
> >>>>>> Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
> >>>>>>
> >>>>>>The "java.protocol.handler.pkgs" property is only needed if you want to
> >>>>>>use https with java.net.URL.
> >>>>>>
> >>>>>>I previously thought that addProvider() was not needed, but it seems
> >>>>>>that it is. We probably need to change this in documentation in a few
> >>>>>>places.
> >>>>>>
> >>>>>>Mike
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>---------------------------------------------------------------------
> >>>>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> >>>>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >>>>>
> >>>>
> >>>>
> >>>>---------------------------------------------------------------------
> >>>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> >>>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>>---------------------------------------------------------------------
> >>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> >>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >>>
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >>
> >>
> >>
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>
>
>
Re: HTTPS/JSSE problem
Posted by Michael Becke <be...@u.washington.edu>.
Since the JRE doesn't recognize Entrust by default it is as though the
cert is self signed.
Take a look at Sun's docs for the keytool:
http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html
There is also a good discussion thread covering this topic at:
http://forum.java.sun.com/thread.jsp?thread=153188&forum=2&message=448971
Enjoy,
Mike
Tom Samplonius wrote:
> Actually, the certificate is signed by Entrust (the site is
> https://www3.interaction.bell.ca).
>
> Can the Entrust root certificate be imported into the keystore easily?
> The JSSE INSTALL.TXT talks about which file they go into, but doesn't
> really provide any detail on where they come from. Where did you get the
> various signing authorities root certificates?
>
>
> Tom
>
>
> On Tue, 4 Feb 2003, Michael Becke wrote:
>
>
>>By default JSSE only support SSL certs that are signed by Verisign or
>>Thawte. To use a self signed cert (this appears to be what you are
>>doing) you have two options:
>>
>>1) import the servers cert into your keystore
>>2) mess around with the X509 stuff, someone posted a URL earlier talking
>>about how to do this
>>
>>Mike
>>
>>Tom Samplonius wrote:
>>
>>> Now I get the runtime error:
>>>
>>>javax.net.ssl.SSLException: untrusted server cert chain
>>>
>>>
>>> Is there anything more that needs to be done to setup the connection?
>>>I've seend some examples that setup all sorts of X509 stuff. Is that
>>>required too? I'm using JSSE 1.0.3_01.
>>>
>>>
>>>Tom
>>>
>>>
>>>On Tue, 4 Feb 2003, Michael Becke wrote:
>>>
>>>
>>>
>>>>java.security.Security.addProvider().
>>>>
>>>>Mike
>>>>
>>>>Tom Samplonius wrote:
>>>>
>>>>
>>>>> I'm getting an unresolved symbol now. Where do I import
>>>>>"Security.addProvider()" from?
>>>>>
>>>>>
>>>>>Tom
>>>>>
>>>>>
>>>>>On Tue, 4 Feb 2003, Michael Becke wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>You need to add the following line to your code somewhere:
>>>>>>
>>>>>> Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
>>>>>>
>>>>>>The "java.protocol.handler.pkgs" property is only needed if you want to
>>>>>>use https with java.net.URL.
>>>>>>
>>>>>>I previously thought that addProvider() was not needed, but it seems
>>>>>>that it is. We probably need to change this in documentation in a few
>>>>>>places.
>>>>>>
>>>>>>Mike
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>---------------------------------------------------------------------
>>>>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
>>>>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>>>>>
>>>>
>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
>>>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>>
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>
Re: HTTPS/JSSE problem
Posted by Tom Samplonius <to...@sdf.com>.
Actually, the certificate is signed by Entrust (the site is
https://www3.interaction.bell.ca).
Can the Entrust root certificate be imported into the keystore easily?
The JSSE INSTALL.TXT talks about which file they go into, but doesn't
really provide any detail on where they come from. Where did you get the
various signing authorities root certificates?
Tom
On Tue, 4 Feb 2003, Michael Becke wrote:
> By default JSSE only support SSL certs that are signed by Verisign or
> Thawte. To use a self signed cert (this appears to be what you are
> doing) you have two options:
>
> 1) import the servers cert into your keystore
> 2) mess around with the X509 stuff, someone posted a URL earlier talking
> about how to do this
>
> Mike
>
> Tom Samplonius wrote:
> > Now I get the runtime error:
> >
> > javax.net.ssl.SSLException: untrusted server cert chain
> >
> >
> > Is there anything more that needs to be done to setup the connection?
> > I've seend some examples that setup all sorts of X509 stuff. Is that
> > required too? I'm using JSSE 1.0.3_01.
> >
> >
> > Tom
> >
> >
> > On Tue, 4 Feb 2003, Michael Becke wrote:
> >
> >
> >>java.security.Security.addProvider().
> >>
> >>Mike
> >>
> >>Tom Samplonius wrote:
> >>
> >>> I'm getting an unresolved symbol now. Where do I import
> >>>"Security.addProvider()" from?
> >>>
> >>>
> >>>Tom
> >>>
> >>>
> >>>On Tue, 4 Feb 2003, Michael Becke wrote:
> >>>
> >>>
> >>>
> >>>>You need to add the following line to your code somewhere:
> >>>>
> >>>> Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
> >>>>
> >>>>The "java.protocol.handler.pkgs" property is only needed if you want to
> >>>>use https with java.net.URL.
> >>>>
> >>>>I previously thought that addProvider() was not needed, but it seems
> >>>>that it is. We probably need to change this in documentation in a few
> >>>>places.
> >>>>
> >>>>Mike
> >>>
> >>>
> >>>
> >>>
> >>>---------------------------------------------------------------------
> >>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> >>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >>>
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >>
> >>
> >>
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>
>
>
Re: HTTPS/JSSE problem
Posted by Michael Becke <be...@u.washington.edu>.
By default JSSE only support SSL certs that are signed by Verisign or
Thawte. To use a self signed cert (this appears to be what you are
doing) you have two options:
1) import the servers cert into your keystore
2) mess around with the X509 stuff, someone posted a URL earlier talking
about how to do this
Mike
Tom Samplonius wrote:
> Now I get the runtime error:
>
> javax.net.ssl.SSLException: untrusted server cert chain
>
>
> Is there anything more that needs to be done to setup the connection?
> I've seend some examples that setup all sorts of X509 stuff. Is that
> required too? I'm using JSSE 1.0.3_01.
>
>
> Tom
>
>
> On Tue, 4 Feb 2003, Michael Becke wrote:
>
>
>>java.security.Security.addProvider().
>>
>>Mike
>>
>>Tom Samplonius wrote:
>>
>>> I'm getting an unresolved symbol now. Where do I import
>>>"Security.addProvider()" from?
>>>
>>>
>>>Tom
>>>
>>>
>>>On Tue, 4 Feb 2003, Michael Becke wrote:
>>>
>>>
>>>
>>>>You need to add the following line to your code somewhere:
>>>>
>>>> Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
>>>>
>>>>The "java.protocol.handler.pkgs" property is only needed if you want to
>>>>use https with java.net.URL.
>>>>
>>>>I previously thought that addProvider() was not needed, but it seems
>>>>that it is. We probably need to change this in documentation in a few
>>>>places.
>>>>
>>>>Mike
>>>
>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>>
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>
Re: HTTPS/JSSE problem
Posted by Tom Samplonius <to...@sdf.com>.
Now I get the runtime error:
javax.net.ssl.SSLException: untrusted server cert chain
Is there anything more that needs to be done to setup the connection?
I've seend some examples that setup all sorts of X509 stuff. Is that
required too? I'm using JSSE 1.0.3_01.
Tom
On Tue, 4 Feb 2003, Michael Becke wrote:
> java.security.Security.addProvider().
>
> Mike
>
> Tom Samplonius wrote:
> > I'm getting an unresolved symbol now. Where do I import
> > "Security.addProvider()" from?
> >
> >
> > Tom
> >
> >
> > On Tue, 4 Feb 2003, Michael Becke wrote:
> >
> >
> >>You need to add the following line to your code somewhere:
> >>
> >> Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
> >>
> >>The "java.protocol.handler.pkgs" property is only needed if you want to
> >>use https with java.net.URL.
> >>
> >>I previously thought that addProvider() was not needed, but it seems
> >>that it is. We probably need to change this in documentation in a few
> >>places.
> >>
> >>Mike
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>
>
>
Re: HTTPS/JSSE problem
Posted by Michael Becke <be...@u.washington.edu>.
java.security.Security.addProvider().
Mike
Tom Samplonius wrote:
> I'm getting an unresolved symbol now. Where do I import
> "Security.addProvider()" from?
>
>
> Tom
>
>
> On Tue, 4 Feb 2003, Michael Becke wrote:
>
>
>>You need to add the following line to your code somewhere:
>>
>> Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
>>
>>The "java.protocol.handler.pkgs" property is only needed if you want to
>>use https with java.net.URL.
>>
>>I previously thought that addProvider() was not needed, but it seems
>>that it is. We probably need to change this in documentation in a few
>>places.
>>
>>Mike
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>
Re: HTTPS/JSSE problem
Posted by Tom Samplonius <to...@sdf.com>.
I'm getting an unresolved symbol now. Where do I import
"Security.addProvider()" from?
Tom
On Tue, 4 Feb 2003, Michael Becke wrote:
> You need to add the following line to your code somewhere:
>
> Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
>
> The "java.protocol.handler.pkgs" property is only needed if you want to
> use https with java.net.URL.
>
> I previously thought that addProvider() was not needed, but it seems
> that it is. We probably need to change this in documentation in a few
> places.
>
> Mike
Re: HTTPS/JSSE problem
Posted by Michael Becke <be...@u.washington.edu>.
You need to add the following line to your code somewhere:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
The "java.protocol.handler.pkgs" property is only needed if you want to
use https with java.net.URL.
I previously thought that addProvider() was not needed, but it seems
that it is. We probably need to change this in documentation in a few
places.
Mike
On Tuesday, February 4, 2003, at 02:39 AM, Tom Samplonius wrote:
>
> I'm trying to access a https URL with a simple test problem. Upon
> executing the program, I get:
>
> java.net.SocketException: SSL implementation not available
>
>
> I'm using jdk1.3.1. I've download JSSE, and put jsse.jar, jcert.jar,
> and jnet.jar into my classpath. I've also tried adding
> "-D-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
> to
> the jvm startup. That doesn't change anthing.
>
> What is the proper way to get JSSE working?
>
>
> Tom
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> commons-httpclient-dev-help@jakarta.apache.org
>
RE: HTTPS/JSSE problem
Posted by "O'brien, Tim" <to...@transolutions.net>.
Tom, I'm not sure if you are running into this problem, but it can't hurt:
http://www.discursive.com/articles/2002/06/tomcat_ssl.html
--------
Tim O'Brien
> -----Original Message-----
> From: Tom Samplonius [mailto:tom@sdf.com]
> Sent: Tuesday, February 04, 2003 1:39 AM
> To: commons-httpclient-dev@jakarta.apache.org
> Subject: HTTPS/JSSE problem
>
>
>
> I'm trying to access a https URL with a simple test
> problem. Upon executing the program, I get:
>
> java.net.SocketException: SSL implementation not available
>
>
> I'm using jdk1.3.1. I've download JSSE, and put jsse.jar,
> jcert.jar, and jnet.jar into my classpath. I've also tried
> adding
> "-D-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.p
> rotocol" to the jvm startup. That doesn't change anthing.
>
> What is the proper way to get JSSE working?
>
>
> Tom
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> commons-httpclient-dev-help@jakarta.apache.org
>