You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by Jeff Turner <je...@socialchange.net.au> on 2002/06/26 01:46:49 UTC
[OT] Re: [httpclient] with ssl
On Tue, Jun 25, 2002 at 04:52:36PM +1000, Stephenson Tim wrote:
> thanks this helped clarify a lot, i just need to get a new certificate
> to be sure it is working as the keytool reported mine was not X509.
>
> clearly i don't know anything about these things, can someone point me
> at any good resources, jeff you mentioned generating certs with
> openssl? (the oreilly link was great for the java side)
If you're able to use HTTPS from a browser, someone must have already
configured your Apache to talk via SSL. That means they've already
generated a server certificate and pointed mod_ssl (or whatever) at it.
You just need to find it and import it into your keystore. I'd imagine
they'd use the server's SSH public key, in /etc/ssh/ssh_host_key.pub,
but I've not personally done this part.
--Jeff
> thanks, tim
>
> -----Original Message-----
> From: Jeff Turner [mailto:jeff@socialchange.net.au]
> Sent: Tuesday, 25 June 2002 4:03 PM
> To: Jakarta Commons Developers List
> Subject: Re: [httpclient] with ssl
>
>
> On Tue, Jun 25, 2002 at 11:30:32AM +1000, Stephenson Tim wrote:
> > hi all,
> >
> > i am using the http client to make a secure request and have no
> > problem with doing so for test requests like https://www.verisign.com/
> > - thanks for the USING_HTTPS.txt and sample testcases. However when i
> > make a request to my own site it fails with a message: untrusted
> > server cert chain which is completely reasonable as i do not have a
> > large and popular certificate provider such as Verisign.
> >
> > My question is what do i have to register (and how do i do) it in
> > order to get my client to work?
> >
> > thanks in advance, tim
>
> You need to create a 'truststore' and import the certificate of the
> server you're hitting.
>
> Attached is a little note I wrote for internal reference, dealing with
> the case where the HTTPS client is a servlet (JSP). The links at the end
> are probably the most useful in your case.
>
> HTH,
>
>
> --Jeff
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>