You are viewing a plain text version of this content. The canonical link for it is here.

Posted to httpclient-users@hc.apache.org by "BAYER, Patrice" <pa...@capgemini.com> on 2009/11/23 13:21:56 UTC

SSL certificate 2048 bit with 3.0

Hello,
In a projet, we're using commons-httpclient 3.0 and the class EasySSLProtocolSocketFactory (EasyX509TrustManager) to have a SSL connection to a server.
But we have the error < java.security.cert.CertificateException: Untrusted Server Certificate Chain > when the client connects to the server.
The certificate is with 2048 bit but not with 1024 signed by the organism Verisign.

In this version of commons-httpclient, can the client accept this kind of key or must we upgrade client ?

Patrice Bayer
</PRE><p style="font-family:arial;color:grey" style="font-size:13px">This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.</p><PRE>

Re: SSL certificate 2048 bit with 3.0

Posted by Oleg Kalnichevski <ol...@apache.org>.

On Mon, 2009-11-23 at 13:21 +0100, BAYER, Patrice wrote:
> Hello,
> In a projet, we're using commons-httpclient 3.0 and the class EasySSLProtocolSocketFactory (EasyX509TrustManager) to have a SSL connection to a server.
> But we have the error < java.security.cert.CertificateException: Untrusted Server Certificate Chain > when the client connects to the server.
> The certificate is with 2048 bit but not with 1024 signed by the organism Verisign.
> 
> In this version of commons-httpclient, can the client accept this kind of key or must we upgrade client ?
> 
> Patrice Bayer

Patrice

HttpClient relies on standard java SSL functionality and therefore can
work with any certificates supported by JSSE.

This problem has nothing to do with the key length. The certificate has
been rejected as untrusted so apparently the SSL context have not
correctly initialized with the trust material.

Oleg    


> </PRE><p style="font-family:arial;color:grey" style="font-size:13px">This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.</p><PRE>



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org