In the case where you don't need client-authentication (a client-side certificate), then you only need to ensure the Issuer of the server cert from <https://www.verisign.com> https://www.verisign.com (ie. the CA certificate) is in your 'trustStore'. The default truststore for JDK1.4 is a JKS KeyStore, located in the file JAVA_HOME/jre/lib/security/cacerts. While should not need to do anything special to connect to this URL, you will only need to ensure that the Verisign CA cert in that keystore. keytool -list -keystore JAVA_HOME/jre/lib/security/cacerts (default password is "changeit") Possibly, the verisign site uses a new CA, or an intermediate certificate (chain)... so you can add these to your "cacerts" KeyStore by openning that URL with a browser and 'exporting' them to DER encoded files, and importing them to the cacerts KeyStore. Your code as you typed it, worked fine for me -- using JDK1.4.2_03 (the latest, and perhaps an updated cacerts store). Good luck, Stuart
-----Original Message----- From: Coffman, Bill [mailto:[EMAIL PROTECTED] Sent: Tuesday 16 December 2003 04:16 To: [EMAIL PROTECTED] Subject: Couldn't find trusted certificate Hello, I am new to AXIS, and even pretty new to Java. My goal is to write a soap client that connects to a url over https, with a certificate. Having lot's of trouble with that, I am attempting to simply connect to a basic HTTPS server. The sample code from jsse1.0.3_02 gives a URLReader example, that doesn't work with my system. I get the infamous "Exception in thread "main" javax.net.ssl.SSLHandshakeException: Couldn't find trusted certificate" error. The code is below: import java.net.*; import java.io.*; public class URLReader { public static void main(String[] args) throws Exception { URL verisign = new URL("https://www.verisign.com/";); BufferedReader in = new BufferedReader( new InputStreamReader( verisign.openStream())); String inputLine; while ((inputLine = in.readLine()) != null) System.out.println(inputLine); in.close(); } } My compiler is j2sdk1.4.0, and interpreter is j2re1.4.0. Now, if I change the URL to http://www.paypal.com <http://www.paypal.com/> , (note the http, and not https) the program works! Inspite of the fact paypal will not send any unencrypted html. It forwards, via 302 code, to https, and then in fact prints out the https code that I request. I am not even trying to use a certificate here, but still get this message. I would appreciate any help. Please also reply to my email address: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> as I have having some issues receiving the mail, even though I am subscribed. Thanks, Bill Coffman Senior Software Engineer, QA PayPal, an ebaY Company
<<application/ms-tnef>>
