There is a way to trust any CA in the Java client code. See below.
First, create inner class:
/*
* TrustManager inner class to allow access to all web sites
*/
public class TrustingManager implements javax.net.ssl.X509TrustManager
{
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
return null;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] c,
String authType) throws CertificateException
{
// do nothing, accept by default
}
public void checkServerTrusted(java.security.cert.X509Certificate[] c,
String authType) throws CertificateException
{
// do nothing, accept by default
}
} // TrustingManager inner class
Then call method to disable SSL checking:
private void disableSSLChecking() throws IOException {
// Inspired by John Cho
try {
javax.net.ssl.TrustManager[] trusty = new
javax.net.ssl.TrustManager[] { new TrustingManager() };
javax.net.ssl.SSLContext sc =
javax.net.ssl.SSLContext.getInstance("SSL");
sc.init(null, trusty, new java.security.SecureRandom());
SSLSocketFactory sslFactory = (SSLSocketFactory)
sc.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(sslFactory);
}
catch (Exception e) {
throw (new IOException("SSLFactory: " + e.getMessage()));
}
} // disableSSLChecking()
I hope that helps. Try that and let me know if it works for you.
T
At 09:27 AM 7/11/2007, [EMAIL PROTECTED] wrote:
Thanks!
In our case, I can be certain that it will not be a well known
certificate. Is there any way to enable the connection without
having a keystore in the file system, for example having the
certificate bytes available in a class or something?
The issue is this: the organization hosting the client application
doesn't allow me access to their server, and coordinating with them
to set up a keystore and a system property is problematic.
cheers,
md
> -----Original Message-----
> From: Dimuthu [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 11, 2007 12:48 AM
> To: [email protected]
> Subject: Re: issues with https?
>
>
> Hi,
>
> When you give the HTTPS url and it should work.
>
> If it is doesn't work, most probably it is not a well known root
> certificate. In this case add the following properties to the
> System in
> client code.
> System.setProperty("javax.net.ssl.trustStore","path to keystore" )
> System.setProperty("javax.net.ssl.trustStorePassword","apache")
>
>
> Cheers,
> Dimuthu
>
> On Tue, 2007-07-10 at 14:38 -0400, [EMAIL PROTECTED]
> wrote:
> > Hi,
> >
> > If I deploy a service using https, then is there anything
> special I need to do on the client side, or does the built-in
> http library take care of the certificate stuff?
> >
> > thanks
> > Michael Davis
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
