You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Oleg Kalnichevski <ol...@apache.org> on 2005/03/01 20:35:19 UTC
Re: about unable to find valid certification path to requested
target
Char Li,
I have not worked extensively with JVM 5.0, but most likely this problem
occurs because the server certificate is not trusted. You have to
configure the trust manager within the SSL context used by your
application to trust the server. Please refer to the Sun's documentation
on SSL configuration in Java 1.5
Hope this helps
Oleg
On Sun, 2005-02-27 at 12:18 +0800, char li wrote:
> Hi all
> I have get an error with https.
> Now I use jre 5.0 and Commons HttpClient 3.0 RC1
> I have read http://jakarta.apache.org/commons/httpclient/sslguide.html
> to test https
> It get context with https://www.verisign.com/ by ("
> get.getResponseBodyAsString()")
> but failed with my test https site.
> It thorw the follow error:
>
> -----------------------------------------------------------
> Exception in thread "main" javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:843)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:825)
> at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1920)
> at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1002)
> at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382)
> at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:393)
> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
> at com.demo.http.BasicAuthenticationExample.main(BasicAuthenticationExample.java:45)
> Caused by: sun.security.validator.ValidatorException: PKIX path
> building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
> at sun.security.validator.Validator.validate(Validator.java:203)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
> at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:836)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
> ... 22 more
> -----------------------------------------------------------
>
> Thanks and regards,
>
> charlse
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: about unable to find valid certification path to requested target
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Wed, Mar 02, 2005 at 11:40:49AM +0800, char li wrote:
> hi,Oleg
> thanks
> ???have fix the error,
> I use keytool -import myCA.cer
> But now I think if It can auto import CA. or it can import CA in
> my program.
> Do you think it OK, and how to do ?
Charlse,
Take a look at the AuthSSLProtocolSocketFactory. The source code comes
with extensive instructions in the java docs. This should help you get
up to the speed.
The AuthSSLProtocolSocketFactory and related files can be found here:
http://svn.apache.org/viewcvs.cgi/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/
Hope this helps
Oleg
> thanks again.
> charlse
>
>
> On Tue, 01 Mar 2005 20:35:19 +0100, Oleg Kalnichevski <ol...@apache.org> wrote:
> > Char Li,
> >
> > I have not worked extensively with JVM 5.0, but most likely this problem
> > occurs because the server certificate is not trusted. You have to
> > configure the trust manager within the SSL context used by your
> > application to trust the server. Please refer to the Sun's documentation
> > on SSL configuration in Java 1.5
> >
> > Hope this helps
> >
> > Oleg
> >
> >
> > On Sun, 2005-02-27 at 12:18 +0800, char li wrote:
> > > Hi all
> > > I have get an error with https.
> > > Now I use jre 5.0 and Commons HttpClient 3.0 RC1
> > > I have read http://jakarta.apache.org/commons/httpclient/sslguide.html
> > > to test https
> > > It get context with https://www.verisign.com/ by ("
> > > get.getResponseBodyAsString()")
> > > but failed with my test https site.
> > > It thorw the follow error:
> > >
> > > -----------------------------------------------------------
> > > Exception in thread "main" javax.net.ssl.SSLHandshakeException:
> > > sun.security.validator.ValidatorException: PKIX path building failed:
> > > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> > > find valid certification path to requested target
> > > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
> > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
> > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
> > > at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:843)
> > > at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
> > > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
> > > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
> > > at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
> > > at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> > > at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> > > at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:825)
> > > at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1920)
> > > at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1002)
> > > at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382)
> > > at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
> > > at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:393)
> > > at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
> > > at com.demo.http.BasicAuthenticationExample.main(BasicAuthenticationExample.java:45)
> > > Caused by: sun.security.validator.ValidatorException: PKIX path
> > > building failed:
> > > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> > > find valid certification path to requested target
> > > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
> > > at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
> > > at sun.security.validator.Validator.validate(Validator.java:203)
> > > at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
> > > at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
> > > at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:836)
> > > ... 17 more
> > > Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> > > unable to find valid certification path to requested target
> > > at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
> > > at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
> > > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
> > > ... 22 more
> > > -----------------------------------------------------------
> > >
> > > Thanks and regards,
> > >
> > > charlse
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: about unable to find valid certification path to requested target
Posted by char li <ch...@gmail.com>.
hi,Oleg
thanks
Ihave fix the error,
I use keytool -import myCA.cer
But now I think if It can auto import CA. or it can import CA in
my program.
Do you think it OK, and how to do ?
thanks again.
charlse
On Tue, 01 Mar 2005 20:35:19 +0100, Oleg Kalnichevski <ol...@apache.org> wrote:
> Char Li,
>
> I have not worked extensively with JVM 5.0, but most likely this problem
> occurs because the server certificate is not trusted. You have to
> configure the trust manager within the SSL context used by your
> application to trust the server. Please refer to the Sun's documentation
> on SSL configuration in Java 1.5
>
> Hope this helps
>
> Oleg
>
>
> On Sun, 2005-02-27 at 12:18 +0800, char li wrote:
> > Hi all
> > I have get an error with https.
> > Now I use jre 5.0 and Commons HttpClient 3.0 RC1
> > I have read http://jakarta.apache.org/commons/httpclient/sslguide.html
> > to test https
> > It get context with https://www.verisign.com/ by ("
> > get.getResponseBodyAsString()")
> > but failed with my test https site.
> > It thorw the follow error:
> >
> > -----------------------------------------------------------
> > Exception in thread "main" javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: PKIX path building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> > find valid certification path to requested target
> > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
> > at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:843)
> > at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
> > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
> > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
> > at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
> > at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> > at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> > at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:825)
> > at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1920)
> > at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1002)
> > at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382)
> > at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
> > at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:393)
> > at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
> > at com.demo.http.BasicAuthenticationExample.main(BasicAuthenticationExample.java:45)
> > Caused by: sun.security.validator.ValidatorException: PKIX path
> > building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> > find valid certification path to requested target
> > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
> > at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
> > at sun.security.validator.Validator.validate(Validator.java:203)
> > at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
> > at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
> > at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:836)
> > ... 17 more
> > Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> > unable to find valid certification path to requested target
> > at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
> > at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
> > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
> > ... 22 more
> > -----------------------------------------------------------
> >
> > Thanks and regards,
> >
> > charlse
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org