Hi Mike, Thanks for you reply.
The error message would indicate something like that but it doesn't seem to bother IE. As far as I can see everything is in order in the certificate too. Anyway, as you suggested I've imported the site's cert into the keystore my TrustManager is using and that seems to do the trick. Thanks again, D. > -----Original Message----- > From: Michael Becke [mailto:[EMAIL PROTECTED] > Sent: 10 September 2003 21:58 > To: Jakarta Commons Users List > Subject: Re: [HttpClient] Certificate problems > > > Hi Derek, > > I don't think the CA is the problem here (at least not yet). The > message when the CA is not supported is something like "untrusted > server cert chain". The problem here is that the cert DNS name not > match the server DNS name. This is either because they are actually > different, or because the cert is for a domain instead of a host (e.g. > .apache.org instead of jakarta.apache.org). > > In regard to untrusted certs, importing the cert into the keystore will > solve the problem. > > Mike > > On Wednesday, September 10, 2003, at 03:03 PM, Derek Alexander wrote: > > > Hi, > > > > Using the HttpClient, I've run into some problems with Certificates. > > > > The error I'm getting is this: > > > > javax.net.ssl.SSLHandshakeException: > > java.security.cert.CertificateException: Certificate chaining error: > > issuer > > DN != subject DN > > > > Running with ssl debug on, I think the problem is that the site uses a > > CA > > who isn't in CACERTS. > > > > Following the SecureSockets info on the HttpClient pages, I've put a > > temporary workaround in place with a modified version of the > > EasySSLProtocolSocketFactory.java class from there. For the moment > > I've put > > a TrustManager that trusts everything. > > > > IE has the certificates and I know I can export them. If I did that, > > could I > > then import them into a KeyStore (other CACERTS) and use that somehow? > > If so > > how? > > > > If anyone has done this before, I'd appreciate the help. > > > > Thanks, > > D. > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
