You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by patrunis <pa...@gmail.com> on 2007/10/23 20:13:09 UTC
AuthSSLProtocolSocketFactory : Error
Hello All,
I have been trying to use the AuthSSLProtocolSocketFactory for SSL Client
Authentication for a week but without success.
I am trying to use the
org.apache.commons.httpclient.contrib.ssl.contrib.AuthSSLProtocolSocketFactory
class.
I have server.crt(pem encoded certificate file), server.key file and a
root-ca.pem file.
my Apache2 mod_ssl configuration snippet is below:
*********************
SSLCertificateFile "C:/Java/Apache2.2/conf/verisgnCA/server.crt"
SSLCertificateKeyFile "C:/Java/Apache2.2/conf/verisgnCA/server.key"
SSLCACertificateFile "C:/Java/Apache2.2/conf/verisgnCA/root-ca.pem"
SSLVerifyClient require
SSLVerifyDepth 1
*********************
I would like to use the server cert as the client cert for now....(Please
correct me if I should not do this)
I created a keystore using the following command:
keytool -import -file C:/Java/Apache2.2/conf/verisgnCA/server.crt -keypass
C:/Java/Apache2.2/conf/verisgnCA/server.key -alias apacheclient -keystore
client.keystore -storepass 123456
I have created a truststore using the command below:
keytool -import -trustcacerts -file
C:/Java/Apache2.2/conf/verisgnCA/server.crt -keypass
C:/Java/Apache2.2/conf/verisgnCA/server.key -alias apacheclient -keystore
client.truststore -storepass 123456
I did nothing else.. did not mess anything with "cacerts"
Now I have a code like this... in my java client:
HttpClient tempClient = new HttpClient();
AuthSSLProtocolSocketFactory myAuthFactory = new
AuthSSLProtocolSocketFactory(new URL("file:" +
"C:/Java/Apache2.2/conf/verisgnCA/client.keystore"),"123456",new URL("file:"
+ "C:/Java/Apache2.2/conf/verisgnCA/client.keystore"),"123456");
Protocol myhttps = new Protocol("https",myAuthFactory,443);
Protocol.registerProtocol("https", myhttps);
tempClient.getHostConfiguration().setHost("blrsatish.domain.com", 443,
myhttps);
GetMethod getMethodObj = new
GetMethod("https://blrsatish-lt.asiapacific.hpqcorp.net/");
//**** tried like this aswell *****//
//GetMethod getMethodObj = new GetMethod("/");
tempClient.executeMethod(getMethodObj);
I get a java.net.SocketException: Software caused connection abort: recv
failed
What I know for sure is nothing is wrong with the server configuration becos
I can import the cert/key pair to the browser access the site. I can access
the server using the openssl s_client aswell.
Please let me know what is going wrong.. or any steps I missed. I have close
this by end of this week :(
Best Regards,
Satish
--
View this message in context: http://www.nabble.com/AuthSSLProtocolSocketFactory-%3A-Error-tf4679375.html#a13370403
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: AuthSSLProtocolSocketFactory : Error
Posted by Oleg Kalnichevski <ol...@apache.org>.
patrunis wrote:
> Hello All,
>
> I have been trying to use the AuthSSLProtocolSocketFactory for SSL Client
> Authentication for a week but without success.
>
> I am trying to use the
> org.apache.commons.httpclient.contrib.ssl.contrib.AuthSSLProtocolSocketFactory
> class.
>
> I have server.crt(pem encoded certificate file), server.key file and a
> root-ca.pem file.
> my Apache2 mod_ssl configuration snippet is below:
>
> *********************
> SSLCertificateFile "C:/Java/Apache2.2/conf/verisgnCA/server.crt"
> SSLCertificateKeyFile "C:/Java/Apache2.2/conf/verisgnCA/server.key"
> SSLCACertificateFile "C:/Java/Apache2.2/conf/verisgnCA/root-ca.pem"
> SSLVerifyClient require
> SSLVerifyDepth 1
> *********************
> I would like to use the server cert as the client cert for now....(Please
> correct me if I should not do this)
> I created a keystore using the following command:
> keytool -import -file C:/Java/Apache2.2/conf/verisgnCA/server.crt -keypass
> C:/Java/Apache2.2/conf/verisgnCA/server.key -alias apacheclient -keystore
> client.keystore -storepass 123456
> I have created a truststore using the command below:
> keytool -import -trustcacerts -file
> C:/Java/Apache2.2/conf/verisgnCA/server.crt -keypass
> C:/Java/Apache2.2/conf/verisgnCA/server.key -alias apacheclient -keystore
> client.truststore -storepass 123456
>
> I did nothing else.. did not mess anything with "cacerts"
>
> Now I have a code like this... in my java client:
>
> HttpClient tempClient = new HttpClient();
> AuthSSLProtocolSocketFactory myAuthFactory = new
> AuthSSLProtocolSocketFactory(new URL("file:" +
> "C:/Java/Apache2.2/conf/verisgnCA/client.keystore"),"123456",new URL("file:"
> + "C:/Java/Apache2.2/conf/verisgnCA/client.keystore"),"123456");
>
> Protocol myhttps = new Protocol("https",myAuthFactory,443);
> Protocol.registerProtocol("https", myhttps);
> tempClient.getHostConfiguration().setHost("blrsatish.domain.com", 443,
> myhttps);
> GetMethod getMethodObj = new
> GetMethod("https://blrsatish-lt.asiapacific.hpqcorp.net/");
> //**** tried like this aswell *****//
> //GetMethod getMethodObj = new GetMethod("/");
> tempClient.executeMethod(getMethodObj);
>
> I get a java.net.SocketException: Software caused connection abort: recv
> failed
>
> What I know for sure is nothing is wrong with the server configuration becos
> I can import the cert/key pair to the browser access the site. I can access
> the server using the openssl s_client aswell.
>
> Please let me know what is going wrong.. or any steps I missed. I have close
> this by end of this week :(
>
> Best Regards,
> Satish
Satish
This problem has nothing to do with HttpClient or HTTP in general. That
is why you are not getting a lot of responses. You may want to try using
nyc-ssl [1], which is an excellent library we recommend to all users who
require advanced SSL functionality, or posting your question to the
nyc-ssl list.
Oleg
[1] http://juliusdavies.ca/commons-ssl/index.html
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: AuthSSLProtocolSocketFactory : Error
Posted by patrunis <pa...@gmail.com>.
patrunis wrote:
>
> Hello All,
>
> I have been trying to use the AuthSSLProtocolSocketFactory for SSL Client
> Authentication for a week but without success.
>
> I am trying to use the
> org.apache.commons.httpclient.contrib.ssl.contrib.AuthSSLProtocolSocketFactory
> class.
>
> I have server.crt(pem encoded certificate file), server.key file and a
> root-ca.pem file.
> my Apache2 mod_ssl configuration snippet is below:
>
> *********************
> SSLCertificateFile "C:/Java/Apache2.2/conf/verisgnCA/server.crt"
> SSLCertificateKeyFile "C:/Java/Apache2.2/conf/verisgnCA/server.key"
> SSLCACertificateFile "C:/Java/Apache2.2/conf/verisgnCA/root-ca.pem"
> SSLVerifyClient require
> SSLVerifyDepth 1
> *********************
> I would like to use the server cert as the client cert for now....(Please
> correct me if I should not do this)
> I created a keystore using the following command:
> keytool -import -file C:/Java/Apache2.2/conf/verisgnCA/server.crt -keypass
> C:/Java/Apache2.2/conf/verisgnCA/server.key -alias apacheclient -keystore
> client.keystore -storepass 123456
> I have created a truststore using the command below:
> keytool -import -trustcacerts -file
> C:/Java/Apache2.2/conf/verisgnCA/server.crt -keypass
> C:/Java/Apache2.2/conf/verisgnCA/server.key -alias apacheclient -keystore
> client.truststore -storepass 123456
>
> I did nothing else.. did not mess anything with "cacerts"
>
> Now I have a code like this... in my java client:
>
> HttpClient tempClient = new HttpClient();
> AuthSSLProtocolSocketFactory myAuthFactory = new
> AuthSSLProtocolSocketFactory(new URL("file:" +
> "C:/Java/Apache2.2/conf/verisgnCA/client.keystore"),"123456",new
> URL("file:" + "C:/Java/Apache2.2/conf/verisgnCA/client.truststore(was
> miskate in earlier post)"),"123456");
>
> Protocol myhttps = new Protocol("https",myAuthFactory,443);
> Protocol.registerProtocol("https", myhttps);
> tempClient.getHostConfiguration().setHost("blrsatish.domain.com", 443,
> myhttps);
> GetMethod getMethodObj = new
> GetMethod("https://blrsatish-lt.asiapacific.hpqcorp.net/");
> //**** tried like this aswell *****//
> //GetMethod getMethodObj = new GetMethod("/");
> tempClient.executeMethod(getMethodObj);
>
> I get a java.net.SocketException: Software caused connection abort: recv
> failed
>
> What I know for sure is nothing is wrong with the server configuration
> becos I can import the cert/key pair to the browser access the site. I can
> access the server using the openssl s_client aswell.
>
> Please let me know what is going wrong.. or any steps I missed. I have
> close this by end of this week :(
>
> Best Regards,
> Satish
>
--
View this message in context: http://www.nabble.com/AuthSSLProtocolSocketFactory-%3A-Error-tf4679375.html#a13370620
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org