The problem is the Verisign root certificate that ships with the Sun's JREs expired in January. You will need to upgrade to a newer JRE to fix this problem. In your case I think you will need something >= 1.4.1_06.
Mike
On Apr 28, 2004, at 12:51 AM, bagas wrote:
Thank you for your reply .. but I have another question
When I run sample code in the bottom of http://jakarta.apache.org/commons/httpclient/sslguide.html page (accessing https://www.verisign.com), I get Exception msg like this :
----------------------------------------------------------------------- -
----
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at
sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)
at
sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java: 40
4)
at
sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:408)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
at Test.main(Test.java:26)
Caused by: sun.security.validator.ValidatorException: No trusted
certificate found
at
sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidato r
.java:304)
at
sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.j a
va:107)
at sun.security.validator.Validator.validate(Validator.java:202)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Da s
hoA6275)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Da s
hoA6275)
... 13 more
----------------------------------------------------------------------- -
----
but when I altered the destination (field TARGET_HTTPS_SERVER) became www.verizon.com and www.mail.yahoo.com the program doing fine.
But then when change again the destination into sourceforge.net, the Exception as above happen again.
www.verisign.com and sourceforge.net have the same characteristic that
is when I browse them with Microsoft Internet Explorer 6, they yield a
dialog frame that say "this page contain both secure and nonsecure items
.... "
Is the characteristic above that caused me unable to open www.verisign.com and sourceforge.net? Or can you think another causes? And please tell how do I deal with it?
Thank you ...
For your Information this is my JVM :
C:\j2sdk1.4.2_01\jre\lib\security>java -version java version "1.4.1_02" Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1_02-b06) Java HotSpot(TM) Client VM (build 1.4.1_02-b06, mixed mode)
And this are my cacerts fill with :
C:\j2sdk1.4.2_01\jre\lib\security>keytool -list -keystore cacerts Enter keystore password:
***************** WARNING WARNING WARNING ***************** * The integrity of the information stored in your keystore * * has NOT been verified! In order to verify its integrity, * * you must provide your keystore password. * ***************** WARNING WARNING WARNING *****************
Keystore type: jks Keystore provider: SUN
Your keystore contains 20 entries
verisignclass4ca, Jun 30, 1998, trustedCertEntry, Certificate fingerprint (MD5): 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10 entrustglobalclientca, Jan 9, 2003, trustedCertEntry, Certificate fingerprint (MD5): 9A:77:19:18:ED:96:CF:DF:1B:B7:0E:F5:8D:B9:88:2E gtecybertrustglobalca, May 10, 2002, trustedCertEntry, Certificate fingerprint (MD5): CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB entrustgsslca, Jan 9, 2003, trustedCertEntry, Certificate fingerprint (MD5): 9D:66:6A:CC:FF:D5:F5:43:B4:BF:8C:16:D1:2B:A8:99 thawtepersonalbasicca, Feb 13, 1999, trustedCertEntry, Certificate fingerprint (MD5): E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41 verisignclass1ca, Jun 30, 1998, trustedCertEntry, Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20 thawtepersonalfreemailca, Feb 13, 1999, trustedCertEntry, Certificate fingerprint (MD5): 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9 entrustsslca, Jan 9, 2003, trustedCertEntry, Certificate fingerprint (MD5): DF:F2:80:73:CC:F1:E6:61:73:FC:F5:42:E9:C5:7C:EE verisignclass3ca, Jun 30, 1998, trustedCertEntry, Certificate fingerprint (MD5): 78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D gtecybertrustca, May 10, 2002, trustedCertEntry, Certificate fingerprint (MD5): C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58 thawteserverca, Feb 13, 1999, trustedCertEntry, Certificate fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D thawtepersonalpremiumca, Feb 13, 1999, trustedCertEntry, Certificate fingerprint (MD5): 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D thawtepremiumserverca, Feb 13, 1999, trustedCertEntry, Certificate fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A entrust2048ca, Jan 9, 2003, trustedCertEntry, Certificate fingerprint (MD5): BA:21:EA:20:D6:DD:DB:8F:C1:57:8B:40:AD:A1:FC:FC baltimorecybertrustca, May 10, 2002, trustedCertEntry, Certificate fingerprint (MD5): AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4 entrustclientca, Jan 9, 2003, trustedCertEntry, Certificate fingerprint (MD5): 0C:41:2F:13:5B:A0:54:F5:96:66:2D:7E:CD:0E:03:F4 verisignserverca, Jun 30, 1998, trustedCertEntry, Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93 gtecybertrust5ca, May 10, 2002, trustedCertEntry, Certificate fingerprint (MD5): 7D:6C:86:E4:FC:4D:D1:0B:00:BA:22:BB:4E:7C:6A:8E baltimorecodesigningca, May 10, 2002, trustedCertEntry, Certificate fingerprint (MD5): 90:F5:28:49:56:D1:5D:2C:B0:53:D4:4B:EF:6F:90:22 verisignclass2ca, Jun 30, 1998, trustedCertEntry, Certificate fingerprint (MD5): EC:40:7D:2B:76:52:67:05:2C:EA:F2:3A:4F:65:F0:D8
-----Original Message----- From: Ortwin Glück [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 3:44 PM To: Commons HttpClient Project Subject: Re: [newbie] SSL
bagas wrote:
Dear All,javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExce
I am sorry let me rephrase my question. What I want to ask are 1. How do I check and approve a certificate sent by a web server in https request? So that I don't get error like :
ption: No trusted certificate found.me
2. Can a HttpClient uses a certificate so that it can be verified by a webserver that it trying to connect? If this can be done please givean example?
Thank You.
Regards,
Rahmat Bagas Santoso
Please check out the SSL guide
http://jakarta.apache.org/commons/httpclient/sslguide.html
which should answer your questions.
As statet frequently on this list, HttpClient makes no assumptions about
the underlying SSL implementation. Please refer to the documentation of your SSL implementation for further information.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
