connecting to htttps site failed if certificate is expired

[Dhanasekaran Vivekanandhan <ma...@yahoo.com>]

Hi All,
I am using HttpClient and GetMethod classes to connect
to a https site,but the certificate provided by the
site is expired.so I am getting the following
exception.Is there a way to connect to https site even
if the certificate provided by the site is expired
Exception:
---------
": sun.security.validator.ValidatorException: PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target"

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org

Re: connecting to htttps site failed if certificate is expired

[Dhanasekaran Vivekanandhan <ma...@yahoo.com>]

Dear Ortwin,
thanks for the reply.
I am done with using 
1.EasySSLProtocolSocketFactory
(http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java?view=markup)
2.EasyX509TrustManager.java
(http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java)
In the checkServerTrusted method of
EasyX509TrustManager.java , I am calling
standardTrustManager.checkServerTrusted() method only
if the expiry date is less than sysdate.
if the certificate is expired , i wont call this
method.this solves my issue that if the certificate is
expired ,it will not throw
sun.security.validator.ValidatorException:
thanks Ortwin once again for ur immediate reply.
dhanasekaran
--- Ortwin Glück <od...@odi.ch> wrote:

> Hi,
> 
> This is an issue of your JSSE implementation (the
> one by Sun) and not
> HttpClient. Thus we can only offer limited support.
> 
> I guess you need to implement a suitable
> TrustManager that allows for
> this case. You may want to have a look at the
> contrib code:
>
http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/
> Maybe there is also a config option to achieve this.
> I don't know.
> 
> Cheers
> 
> Ortwin
> 
> Dhanasekaran Vivekanandhan wrote:
> > Hi All,
> > I am using HttpClient and GetMethod classes to
> connect
> > to a https site,but the certificate provided by
> the
> > site is expired.so I am getting the following
> > exception.Is there a way to connect to https site
> even
> > if the certificate provided by the site is expired
> > Exception:
> > ---------
> > ": sun.security.validator.ValidatorException: PKIX
> > path building failed:
> >
>
sun.security.provider.certpath.SunCertPathBuilderException:
> > unable to find valid certification path to
> requested target"
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> > http://mail.yahoo.com 
> > 
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> httpclient-dev-help@jakarta.apache.org
> > 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> httpclient-dev-help@jakarta.apache.org
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org

Re: connecting to htttps site failed if certificate is expired

[Ortwin Glück <od...@odi.ch>]

Hi,

This is an issue of your JSSE implementation (the one by Sun) and not
HttpClient. Thus we can only offer limited support.

I guess you need to implement a suitable TrustManager that allows for
this case. You may want to have a look at the contrib code:
http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/
Maybe there is also a config option to achieve this. I don't know.

Cheers

Ortwin

Dhanasekaran Vivekanandhan wrote:
> Hi All,
> I am using HttpClient and GetMethod classes to connect
> to a https site,but the certificate provided by the
> site is expired.so I am getting the following
> exception.Is there a way to connect to https site even
> if the certificate provided by the site is expired
> Exception:
> ---------
> ": sun.security.validator.ValidatorException: PKIX
> path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target"
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org