Hi Nicho,
The second command (parameters.add("DefaultSslContextFactory", ...))
actually doesn't do anything, since it's the "sslContextFactory"
parameter name that is user ("DefaultSslContextFactory" is a possible
value but not the parameter name), so this falls back to the default
configuration.
If you use "com.noelios.restlet.ext.ssl.PkixSslContextFactory", you need
to set the trust store explicitly with the old version.
If you're not using client-certificates or doing anything fancy with the
SSL settings, you might as well use
"com.noelios.restlet.util.DefaultSslContextFactory" or no specific
settings at all (and use the parameter names for setting the trust
stores and key stores).
This should have been fixed in Restlet 2.0 (and the SSL configuration
has been harmonized across all connectors).
Best wishes,
Bruno.
On 17/08/10 09:50, [email protected] wrote:
> Hi
>
> I want to implement https server by using Simple connector and Restlet 1.1. I
> put com.noelios.restlet.ext.simple_3.1.jar, org.simpleframework.jar,
> com.noelios.restlet.ext.ssl.jar and org.jsslutils.jar in my classpath.
But I encountered a SSLContextFactory$SSLContextFactoryException when I
call parameters.add("sslContextFactory",
"com.noelios.restlet.ext.ssl.PkixSslContextFactory");
> if I call parameters.add("DefaultSslContextFactory",
> "com.noelios.restlet.ext.ssl.PkixSslContextFactory"); it looks fine.
>
> anybody tell me the reason?
>
> Thanks,
>
> Nicho
>
>
> The Exception message:
>
> org.jsslutils.sslcontext.SSLContextFactory$SSLContextFactoryException:
> Exception in SSLContextFactory
> at
> org.jsslutils.sslcontext.PKIXSSLContextFactory.getPKIXParameters(PKIXSSLContextFactory.java:231)
> at
> org.jsslutils.sslcontext.PKIXSSLContextFactory.getTrustParams(PKIXSSLContextFactory.java:190)
> at
> org.jsslutils.sslcontext.PKIXSSLContextFactory.getRawTrustManagers(PKIXSSLContextFactory.java:163)
> at
> org.jsslutils.sslcontext.X509SSLContextFactory.getTrustManagers(X509SSLContextFactory.java:346)
> at
> org.jsslutils.sslcontext.SSLContextFactory.buildSSLContext(SSLContextFactory.java:256)
> at
> com.noelios.restlet.ext.ssl.PkixSslContextFactory.createSslContext(PkixSslContextFactory.java:72)
> at
> com.noelios.restlet.ext.simple.HttpsServerHelper.start(HttpsServerHelper.java:267)
> at org.restlet.Server.start(Server.java:383)
> at org.restlet.Component.startServers(Component.java:1233)
> at org.restlet.Component.start(Component.java:1194)
> at uk.ngs.ca.server.HttpsServerRun.<init>(HttpsServerRun.java:72)
> at uk.ngs.ca.server.HttpsServerRun.main(HttpsServerRun.java:86)
> Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors
> parameter must be non-empty
> at
> java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:183)
> at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:140)
> at
> java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:113)
> at
> org.jsslutils.sslcontext.PKIXSSLContextFactory.getPKIXParameters(PKIXSSLContextFactory.java:215)
> ... 11 more
>
> ------------------------------------------------------
> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2647748
>
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2651201
