You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by Jeff Turner <je...@socialchange.net.au> on 2002/06/26 01:46:49 UTC

[OT] Re: [httpclient] with ssl

On Tue, Jun 25, 2002 at 04:52:36PM +1000, Stephenson Tim wrote:
> thanks this helped clarify a lot, i just need to get a new certificate
> to be sure it is working as the keytool reported mine was not X509. 
> 
> clearly i don't know anything about these things, can someone point me
> at any good resources, jeff you mentioned generating certs with
> openssl? (the oreilly link was great for the java side)

If you're able to use HTTPS from a browser, someone must have already
configured your Apache to talk via SSL. That means they've already
generated a server certificate and pointed mod_ssl (or whatever) at it.
You just need to find it and import it into your keystore. I'd imagine
they'd use the server's SSH public key, in /etc/ssh/ssh_host_key.pub,
but I've not personally done this part.


--Jeff


> thanks, tim 
> 
> -----Original Message-----
> From: Jeff Turner [mailto:jeff@socialchange.net.au]
> Sent: Tuesday, 25 June 2002 4:03 PM
> To: Jakarta Commons Developers List
> Subject: Re: [httpclient] with ssl
> 
> 
> On Tue, Jun 25, 2002 at 11:30:32AM +1000, Stephenson Tim wrote:
> > hi all, 
> > 
> > i am using the http client to make a secure request and have no
> > problem with doing so for test requests like https://www.verisign.com/
> > - thanks for the USING_HTTPS.txt and sample testcases. However when i
> > make a request to my own site it fails with a message: untrusted
> > server cert chain which is completely reasonable as i do not have a
> > large and popular certificate provider such as Verisign. 
> > 
> > My question is what do i have to register (and how do i do) it in
> > order to get my client to work? 
> > 
> > thanks in advance, tim 
> 
> You need to create a 'truststore' and import the certificate of the
> server you're hitting.
> 
> Attached is a little note I wrote for internal reference, dealing with
> the case where the HTTPS client is a servlet (JSP). The links at the end
> are probably the most useful in your case.
> 
> HTH,
> 
> 
> --Jeff

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>