We had the same situation. The osapi.http.get call is be proxied through your shindig server. You need to install the certificate into the cacerts file on your shindig host using keytool then java should be able to find it.
Doug On Jul 6, 2011, at 5:09 PM, "Eric Woods" <[email protected]> wrote: > Fellow Shindig Developers, > > I have a tough question regarding certificates. We have a server set up that > requires the acceptance of a certificate to access a URL which the server > hosts. If I access the URL via a web browser, the browser prompts the user > to trust the certificate (i.e. add an exception for the certificate in > Firefox) prior to using the service. Once I trust the certificate, all is > well. From a Shindig/gadget perspective, however, we don't have a pretty UI > to prompt the user to accept the certificate. We request the URL within a > gadget using osapi.http.get() as follows: > > var params = { > "href": "https://myhost.com/irequireacertificate";, > "headers": { > "Authorization": ["Basic xYz123"], > "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; > rv:5.0) Gecko/20100101 Firefox/5.0"], > "Accept": > ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8,application/json"], > "Accept-Encoding": ["gzip, deflate"], > "Accept-Charset": ["ISO-8859-1,utf-8;q=0.7,*;q=0.7"] > }; > osapi.http.get(params).execute(function(resp) { > console.log(resp); > }); > > Invoking the request throws the following exception from BasicHttpFetcher: > > Caused by: org.apache.shindig.gadgets.GadgetException: > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > at > org.apache.shindig.gadgets.http.BasicHttpFetcher.fetch(BasicHttpFetcher.java:389) > at > org.apache.shindig.gadgets.http.DefaultRequestPipeline.execute(DefaultRequestPipeline.java:104) > at > org.apache.shindig.gadgets.servlet.HttpRequestHandler.execute(HttpRequestHandler.java:231) > ... 33 more > > I suspect (and a quick Google search agrees) that this is likely because the > server requires a certificate to be trusted, but Shindig's BasicHttpFetcher > is unable to handle this challenge, so things blow up. What type of strategy > should we use for gadgets handling certificates? I don't have enough > expertise with SSL certificates for a credible recommendation. > > Thanks! > - Eric W.
