You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by "G. Garrett Campbell" <g3...@comcast.net> on 2008/02/29 00:32:32 UTC
ssl failure
I am attempting to connect to a https site.
I get the following stack trace.
Visiting the site from IE or FIREFOX lists no problems.
Is the an httpclient problem or a javax.net.ssl problem???
I also tried java1.6 and got the same result.
Thanks for any info
C:\trackm\air>"c:\program files\java\jdk1.5.0_07\bin\java" AirBerlin g395@comcast.net track123 Campbell debug
want
https://www.airberlin.com/site/topbonus/login_miles.php?LANG=eng
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2124)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1088)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at HttpAccount.formGet(HttpAccount.java:495)
at HttpAccount.formGet(HttpAccount.java:480)
at HttpAccount.doit(HttpAccount.java:83)
at HttpAccount.doit(HttpAccount.java:64)
at AirBerlin.doit(AirBerlin.java:120)
at HttpAccount.process(HttpAccount.java:44)
at AirBerlin.main(AirBerlin.java:18)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
at sun.security.validator.Validator.validate(Validator.java:203)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
... 23 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
... 28 more
Re: ssl failure
Posted by Julius Davies <ju...@gmail.com>.
Hi, G. Garrett Campbell,
The set of root certificate authorities that Java trusts by default
tends to be a little smaller than Firefox and IE. It's located here:
$JAVA_HOME/jre/lib/security/cacerts
That's a keystore file, so you can use "keytool" to view and modify
it. The password is "changeit".
Sun Java does not come with any "trustcenter.de" CA certs
pre-installed, so you'll have to go here and add them to your
"cacerts" file:
http://www.trustcenter.de/en/infocenter/root_certificates.htm
Note: you might have to re-add those root certificates every time you
upgrade your JVM, even to just minor patch version (e.g. 1.6.0_03 to
1.6.0_04).
There are other ways, too....
http://hc.apache.org/httpclient-3.x/sslguide.html
http://juliusdavies.ca/commons-ssl/javadocs/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.html
yours,
Julius
On Thu, Feb 28, 2008 at 3:32 PM, G. Garrett Campbell <g3...@comcast.net> wrote:
> I am attempting to connect to a https site.
>
> I get the following stack trace.
>
> Visiting the site from IE or FIREFOX lists no problems.
>
> Is the an httpclient problem or a javax.net.ssl problem???
>
> I also tried java1.6 and got the same result.
>
> Thanks for any info
>
> C:\trackm\air>"c:\program files\java\jdk1.5.0_07\bin\java" AirBerlin g395@comcast.net track123 Campbell debug
> want
> https://www.airberlin.com/site/topbonus/login_miles.php?LANG=eng
> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2124)
> at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1088)
> at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at HttpAccount.formGet(HttpAccount.java:495)
> at HttpAccount.formGet(HttpAccount.java:480)
> at HttpAccount.doit(HttpAccount.java:83)
> at HttpAccount.doit(HttpAccount.java:64)
> at AirBerlin.doit(AirBerlin.java:120)
> at HttpAccount.process(HttpAccount.java:44)
> at AirBerlin.main(AirBerlin.java:18)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
> at sun.security.validator.Validator.validate(Validator.java:203)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
> at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
> ... 23 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
> ... 28 more
>
--
yours,
Julius Davies
250-592-2284 (Home)
250-893-4579 (Mobile)
http://juliusdavies.ca/
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org