You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Meghana <sy...@yahoo.com> on 2005/08/26 07:31:03 UTC
SSL (Untrusted Server Certificate Chain)
Hi,
I tried using EasySSLProtocolSocketFactory to
create an SSL connection to a secured site. It throws
the following error.
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Untrusted
Server Certificate Chain
at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at
java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at
org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:825)
at
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1975)
at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:393)
at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
Any ideas are really appreciated,
Thanks a lot in advance
-M
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL (Untrusted Server Certificate Chain)
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Fri, 2005-08-26 at 20:26 -0700, Meghana wrote:
> Oleg,
> Thanks for your answer. I have got
> AuthSSLProtocolSocketFactory now. But the comments in
> the AuthSSLProtocolSocketFactory.java file has some
> thing like
>
> keytool -import -alias "my server cert" -file
> server.crt -keystore my.truststore
>
> When I run the above command it throws:
> keytool error: java.io.FileNotFoundException:
> server.crt (The system cannot find
> the file specified)
>
> where do I get the file server.crt from? I googled it
> up but in vain. Could you please let me know this step
> is required?
>
Meghana,
It is just not feasible that I explain you the fundamentals of SSL in
few sentences or even paragraphs. It is a very complex protocol.
Essentially you need a certificate to be able to authenticate the
counterparty you are communicating with. There are various ways to
obtain such a certificate depending on what organization you are dealing
with
Oleg
> Thanks
> -M
>
> --- Oleg Kalnichevski <ol...@apache.org> wrote:
>
> > On Thu, Aug 25, 2005 at 10:31:03PM -0700, Meghana
> > wrote:
> > > Hi,
> > > I tried using EasySSLProtocolSocketFactory to
> > > create an SSL connection to a secured site. It
> > throws
> > > the following error.
> > >
> >
> > Meghana,
> >
> > I just recently answered a similar question:
> >
> >
> http://www.mail-archive.com/httpclient-dev%40jakarta.apache.org/msg01935.html
> >
> > Hope this helps
> >
> > Oleg
> >
> >
> > > javax.net.ssl.SSLHandshakeException:
> > > java.security.cert.CertificateException: Untrusted
> > > Server Certificate Chain
> > > at
> > >
> >
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
> > > at
> > >
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
> > > at
> > >
> >
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
> > > at
> > >
> >
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
> > > at
> > >
> >
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
> > > at
> > >
> >
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
> > > at
> > >
> >
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
> > > at
> > >
> >
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
> > > at
> > >
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
> > > at
> > >
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
> > > at
> > >
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
> > > at
> > >
> >
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
> > > at
> > >
> >
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> > > at
> > >
> >
> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> > > at
> > >
> >
> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:825)
> > > at
> > >
> >
> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1975)
> > > at
> > >
> >
> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
> > > at
> > >
> >
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:393)
> > > at
> > >
> >
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
> > > at
> > >
> >
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
> > > at
> > >
> >
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
> > >
> > >
> > > Any ideas are really appreciated,
> > > Thanks a lot in advance
> > > -M
> > >
> > >
> > >
> > >
> > ____________________________________________________
> > > Start your day with Yahoo! - make it your home
> > page
> > > http://www.yahoo.com/r/hs
> > >
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
> > httpclient-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> > httpclient-user-help@jakarta.apache.org
> > >
> > >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> > httpclient-user-help@jakarta.apache.org
> >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL (Untrusted Server Certificate Chain)
Posted by Meghana <sy...@yahoo.com>.
Oleg,
Thanks for your answer. I have got
AuthSSLProtocolSocketFactory now. But the comments in
the AuthSSLProtocolSocketFactory.java file has some
thing like
keytool -import -alias "my server cert" -file
server.crt -keystore my.truststore
When I run the above command it throws:
keytool error: java.io.FileNotFoundException:
server.crt (The system cannot find
the file specified)
where do I get the file server.crt from? I googled it
up but in vain. Could you please let me know this step
is required?
Thanks
-M
--- Oleg Kalnichevski <ol...@apache.org> wrote:
> On Thu, Aug 25, 2005 at 10:31:03PM -0700, Meghana
> wrote:
> > Hi,
> > I tried using EasySSLProtocolSocketFactory to
> > create an SSL connection to a secured site. It
> throws
> > the following error.
> >
>
> Meghana,
>
> I just recently answered a similar question:
>
>
http://www.mail-archive.com/httpclient-dev%40jakarta.apache.org/msg01935.html
>
> Hope this helps
>
> Oleg
>
>
> > javax.net.ssl.SSLHandshakeException:
> > java.security.cert.CertificateException: Untrusted
> > Server Certificate Chain
> > at
> >
>
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
> > at
> >
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
> > at
> >
>
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
> > at
> >
>
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
> > at
> >
>
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
> > at
> >
>
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
> > at
> >
>
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
> > at
> >
>
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
> > at
> >
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
> > at
> >
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
> > at
> >
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
> > at
> >
>
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
> > at
> >
>
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> > at
> >
>
java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> > at
> >
>
org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:825)
> > at
> >
>
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1975)
> > at
> >
>
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
> > at
> >
>
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:393)
> > at
> >
>
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
> > at
> >
>
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
> > at
> >
>
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
> >
> >
> > Any ideas are really appreciated,
> > Thanks a lot in advance
> > -M
> >
> >
> >
> >
> ____________________________________________________
> > Start your day with Yahoo! - make it your home
> page
> > http://www.yahoo.com/r/hs
> >
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> httpclient-user-help@jakarta.apache.org
> >
> >
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> httpclient-user-help@jakarta.apache.org
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL (Untrusted Server Certificate Chain)
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Thu, Aug 25, 2005 at 10:31:03PM -0700, Meghana wrote:
> Hi,
> I tried using EasySSLProtocolSocketFactory to
> create an SSL connection to a secured site. It throws
> the following error.
>
Meghana,
I just recently answered a similar question:
http://www.mail-archive.com/httpclient-dev%40jakarta.apache.org/msg01935.html
Hope this helps
Oleg
> javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: Untrusted
> Server Certificate Chain
> at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
> at
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at
> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at
> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:825)
> at
> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1975)
> at
> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:393)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
>
>
> Any ideas are really appreciated,
> Thanks a lot in advance
> -M
>
>
>
> ____________________________________________________
> Start your day with Yahoo! - make it your home page
> http://www.yahoo.com/r/hs
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org