Kumar, Here's my theory. I think previously the Websphere 5.0 server used so called self-signed certificate, which EasyProtocolSocketFactory is meant to trust without verification. Now the Websphere 5.1 server is using a certificate signed by a certificate authority not trusted by the standard TrustManager. EasyProtocolSocketFactory delegates verification of non-self-signed certificates to the standard TrustManager, hence "unknown certificate" exception.
See the HttpClient SSL guide for details [1]. You may especially want to take a look at the AuthSSLProtocolSocketFactory and use it (or derive your own implementation from it) to configure the SSL context the way you want Oleg [1] http://jakarta.apache.org/commons/httpclient/sslguide.html On Thu, 2005-08-25 at 10:57 -0700, KOTA, KUMAR (SBCSI) wrote: > Hi Oleg, > > Yes that is right, I have a class that implements the > SecureProtocolSocketFactory, and in turn I set that class as te protocol > for https calls. > > Kumar Kota > SBC Information Technology > [EMAIL PROTECTED] > (925) 901-6898 > > > -----Original Message----- > From: Oleg Kalnichevski [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 25, 2005 10:51 AM > To: HttpClient Project > Subject: Re: WebSphere 5.1/HTTPS issue > > > Kumar, > > You are using the EasyProtocolSocketFactory or some code of your own > derived from it? > > Oleg > > > On Thu, 2005-08-25 at 10:03 -0700, KOTA, KUMAR (SBCSI) wrote: > > Hi All, > > > > HTTPS calls using WebSphere Application server 5.0 was working > with > > HTTPClient. However, once we migrated to WebSphere Application Server > > 5.1, we keep receiving "SSLException: unknown certificate" error for > > HTTPS calls. I was wondering if this is a known issue of some sort? > > And if there are any fixes available for this? > > > > Thank you, > > Kumar Kota > > > > > > > > -----Original Message----- > > From: Eric Johnson [mailto:[EMAIL PROTECTED] > > Sent: Thursday, August 25, 2005 9:56 AM > > To: HttpClient Project > > Subject: Re: Important things to discuss. Please make your opinion > known > > > > > > Oleg Kalnichevski wrote: > > > > >Folks, > > > > > >There are three issues that I think we need to discuss: > > > > > >(1) I inquired with the Jakarta PMC regarding the possibility of the > > project name change (Jakarta HttpClient -> Jakarta Http). The reaction > > was overwhelming negative, primarily due to high likelihood of > branding > > conflict with Apache HTTPD, which is a very valid point. We have > several > > options here: > > > > > >(1.1) leave Jakarta and join another TLP (either Apache Tomcat or > > Apache HTTPD) where _might_ be permitted to call the project jHTTP or > > some such sort > > >(1.2) stay with Jakarta and try to come up with a radically different > > project name > > > > > > > > I like Roland's suggestion of HTTP Agent (or is that HttpAgent?). I > > like Haiku as well, although that isn't self-explanatory, so it would > be > > > > my second choice. I'm not coming up with any better altenatives. > > > > >(1.3) essentially do nothing and keep the same name. In this case we > > are likely to not be permitted to release any lightweight HTTP server > or > > proxy under Jakarta name > > > > > >(2) Migration to JIRA. This finally can happen and happen very soon. > > The question is if we still want it. If yes, might have to decide on > the > > project name before the migration takes place > > > > > > > > Since it appears that Bugzilla has finally gotten some attention and > > badly needed upgrades, and HttpClient (or whatever we call it) is > > finally a top-level project in Bugzilla, it seems like switching now > > would provide minimal benefits, and might cause a major hassle. All > the > > > > email archives that currently refer to bugzilla bugs with URLs would > be > > broken, for example. > > > > >(3) 3.0 release. 3.0rc3 have not had any major bugs reported for > quite > > some time. Do we want to release another RC4 before the final release > or > > not? > > > > > > > > > > > I suggest doing an RC4, waiting a few weeks (or just two), and then > > declare it final, assuming no bugs arise. > > > > >Please let me know what you think. Everyone is very welcome to throw > in > > their ideas > > > > > > > > Consider them thrown! > > > > -Eric. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
