Oleg.. again thanks for help.. Had a version (2.0.2 compliant) of AuthSSLProtocolSocketFactory. This class seems to me that you would have to have the cert added to keystore using keytool on each client machine..
I was under impression that HttpClient did not venture into keystore area because there was no API to include certs into keystore. Had to use keytool.. So.. (pardon my ignorance) but if I understood what needed to be done plus this is a swing application that lives on anyone within a company's employ.. Confused.. Thanks for your quick responses. ---------- Original Message ---------- Date: 7/29/05 From: Oleg Kalnichevski <[EMAIL PROTECTED]> To: [email protected] Subject: Re: SSL with Certificate-SSLPeerUnverifiedException >Michael, > >I suspect the SSL context has not been properly configured and a result >the socket factory was unable to verify the identity of the target >server. Please take a look at the AuthSSLProtocolSocketFactory below: > ><a >href='http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/' > >target='_top'>http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/</a> >There are some guidelines in the javadocs as to how one can correctly >set up an SSL context with required trust managers and/ or key managers > >Oleg > >On Fri, Jul 29, 2005 at 11:35:57AM -0400, Michael Clovis wrote: >> Oleg.. or anyone. >> Connecting with SSL and had this problem (SSLPeerUnverifiedException) with >> earlier >class that extended HttpClient. Wrote teststub class with TestURL that works >in browser >for testing servlet.. >> Googled and made sure we are not using Tomcat 4.1.13 or earlier (problem >> reported >in 1.12 bugzilla).. using highest current release of tomcat Ver 4 ,Apache2 and >OpenSSL. >Here is the test stub... >> >> try{ >> BasicConfigurator.configure(); >> HttpClient client = new HttpClient(); >> StrictSSLProtocolSocketFactory sf = new StrictSSLProtocolSocketFactory(); >> >> >> Protocol stricthttps = new Protocol( "https", sf, 443); >> Protocol.registerProtocol("https",stricthttps); >> >> client.getHostConfiguration().setHost("192.168.45.114", 443, stricthttps); >> >> >> String test = <a >> href='"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";;' >> target='_top'>"https://192.168.45.114/IS/ISUploadServer?configKey=HELLO";;</a> >> PostMethod post = null; >> >> >> try { >> post = new PostMethod(test); >> } catch (Exception e) { >> e.printStackTrace(); >> throw e; >> } >> post.setDoAuthentication(true); >> try { >> client.executeMethod(post); >> } catch (IOException e) { >> //e.printStackTrace(); >> throw e; >> } >> String res = null; >> if(post!=null &&post.getStatusCode() >= 300){ >> res = String.valueOf(post.getStatusCode()); >> } >> else if(post!=null){ >> Header headers[] = null; >> headers = post.getRequestHeaders(); >> if(headers!=null&&headers.length>0){ >> for (int i = 0; i < headers.length; i++) { >> System.out.println(headers[i].toExternalForm()); >> >> } >> } >> res = new String(post.getResponseBodyAsString()); >> } >> System.out.println(res); >> }catch(Exception e){ >> e.printStackTrace(); >> } >> >> >> Here is the wire and stack trace.. >> >> D:\J2EE1.4SDK\jdk\bin\java -Didea.launcher.port=7532 >> -Didea.launcher.library=F: >\IntelliJ-IDEA-4.5\bin\breakgen.dll -Dfile.encoding=windows-1252 -classpath >D:\J2EE1. >4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse. >jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;D: >\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1. >4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1. >4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider. >jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:\J2EE1. >4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;D:\J2EE1. >4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv- >jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags. >jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher. >jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.jar; >D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter_g. >jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.4SDK\jdk\lib\jax- >qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar; >D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1. >4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype. >jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1. >4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib. >jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.jar; >D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:\J2EE1. >4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0_02\common\lib\servlet. >jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.jar; >D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.jar; >D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp. >jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds- >0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8. >jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:\SystemTray\systray. >jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient- >2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging- >api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer. >jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1\junit. >jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.jar; >S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0. >jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:\Mindbridge\lib\jcifs- >0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.jar; >S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI- >dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces- >2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt. >jar com.intellij.rt.execution.application.AppMain TestPlain >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java version: >> 1.4.2_02 >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java vendor: Sun >> Microsystems >Inc. >> 0 [main] DEBUG org.apache.commons.httpclient.HttpClient - Java class path: >> D:\J2EE1. >4SDK\jdk\jre\lib\charsets.jar;D:\J2EE1.4SDK\jdk\jre\lib\jce.jar;D:\J2EE1.4SDK\jdk\jre\lib\jsse. >jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin.jar;D:\J2EE1.4SDK\jdk\jre\lib\plugin_g.jar;D: >\J2EE1.4SDK\jdk\jre\lib\rt.jar;D:\J2EE1.4SDK\jdk\jre\lib\sunrsasign.jar;D:\J2EE1. >4SDK\jdk\jre\lib\ext\dnsns.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\ldapsec.jar;D:\J2EE1. >4SDK\jdk\jre\lib\ext\localedata.jar;D:\J2EE1.4SDK\jdk\jre\lib\ext\sunjce_provider. >jar;D:\J2EE1.4SDK\jdk\lib\activation.jar;D:\J2EE1.4SDK\jdk\lib\admin-cli.jar;D:\J2EE1. >4SDK\jdk\lib\appserv-admin.jar;D:\J2EE1.4SDK\jdk\lib\appserv-assemblytool.jar;D:\J2EE1. >4SDK\jdk\lib\appserv-cmp.jar;D:\J2EE1.4SDK\jdk\lib\appserv-ext.jar;D:\J2EE1.4SDK\jdk\lib\appserv- >jstl.jar;D:\J2EE1.4SDK\jdk\lib\appserv-rt.jar;D:\J2EE1.4SDK\jdk\lib\appserv-tags. >jar;D:\J2EE1.4SDK\jdk\lib\appserv-upgrade.jar;D:\J2EE1.4SDK\jdk\lib\commons-launcher. >jar;D:\J2EE1.4SDK\jdk\lib\commons-logging.jar;D:\J2EE1.4SDK\jdk\lib\deployhelp.jar; >D:\J2EE1.4SDK\jdk\lib\dt.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter.jar;D:\J2EE1.4SDK\jdk\lib\htmlconverter_g. >jar;D:\J2EE1.4SDK\jdk\lib\j2ee-svc.jar;D:\J2EE1.4SDK\jdk\lib\j2ee.jar;D:\J2EE1.4SDK\jdk\lib\jax- >qname.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxr-impl.jar; >D:\J2EE1.4SDK\jdk\lib\jaxrpc-api.jar;D:\J2EE1.4SDK\jdk\lib\jaxrpc-impl.jar;D:\J2EE1. >4SDK\jdk\lib\jhall.jar;D:\J2EE1.4SDK\jdk\lib\mail.jar;D:\J2EE1.4SDK\jdk\lib\relaxngDatatype. >jar;D:\J2EE1.4SDK\jdk\lib\saaj-api.jar;D:\J2EE1.4SDK\jdk\lib\saaj-impl.jar;D:\J2EE1. >4SDK\jdk\lib\sun-appserv-ant.jar;D:\J2EE1.4SDK\jdk\lib\tools.jar;D:\J2EE1.4SDK\jdk\lib\xsdlib. >jar;D:\J2EE1.4SDK\lib\endorsed\dom.jar;D:\J2EE1.4SDK\lib\endorsed\servlet-api.jar; >D:\J2EE1.4SDK\lib\endorsed\servlet.jar;D:\J2EE1.4SDK\lib\endorsed\xalan.jar;D:\J2EE1. >4SDK\lib\endorsed\xercesImpl.jar;D:\IntelliJ;D:\jdk1.2.1\src.jar;D:\j2sdk1.4.0_02\common\lib\servlet. >jar;D:\JDBCDrivers\mysql-connector-java-2.0.14\mysql-connector-java-2.0.14-bin.jar; >D:\JDBCDrivers\db2java.zip;D:\JDBCDrivers\msbase.jar;D:\JDBCDrivers\mssqlserver.jar; >D:\JDBCDrivers\msutil.jar;D:\JDBCDrivers\mysql_comp.jar;D:\JDBCDrivers\mysql_uncomp. >jar;D:\JDBCDrivers\Opta2000.jar;D:\JDBCDrivers\ora9\classes12.zip;D:\JDBCDrivers\jtds- >0.6-rc1.jar;D:\Layouts\TableLayout.jar;D:\jakarta-log4j-1.2.8\dist\lib\log4j-1.2.8. >jar;F:\jdom-1.0\build\jdom.jar;D:\jpim-0.1\build\jpim.jar;D:\Jacob\jacob.jar;D:\SystemTray\systray. >jar;D:\MindIM\lib\common\ostermillerutils_1_02_24.jar;F:\commonsProj\commons-httpclient- >2.0\commons-httpclient-2.0.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging- >api.jar;F:\commonsProj\commons-logging-1.0.3\commons-logging.jar;D:\htmlparser1_5\lib\htmllexer. >jar;D:\htmlparser1_5\lib\htmlparser.jar;D:\htmlparser1_5\src;D:\JUnit\junit3.8.1\junit. >jar;S:\Mindbridge\lib\commons-logging-api.jar;S:\Mindbridge\lib\commons-logging.jar; >S:\Mindbridge\lib\commons-httpclient-2.0.jar;S:\Mindbridge\lib\commons-net-1.1.0. >jar;S:\Mindbridge\lib\commons-vfs-1.0-dev.jar;S:\Mindbridge\lib\informa.jar;S:\Mindbridge\lib\jcifs- >0.8.2.jar;S:\Mindbridge\lib\jsch-0.1.13.zip;S:\Mindbridge\lib\lucene-1.4-final.jar; >S:\Mindbridge\lib\lucene-demos-1.4-final.jar;F:\CvsCheckOut\IntrasmartAPI\dist\latest\IntraSmartAPI- >dev.jar;D:\xerces-2_5_0\xercesImpl.jar;D:\xerces-2_5_0\xercesSamples.jar;D:\xerces- >2_5_0\xml-apis.jar;D:\xerces-2_5_0\xmlParserAPIs.jar;F:\IntelliJ-IDEA-4.5\lib\idea_rt. >jar >> 10 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system >> name: >Windows NT >> 20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system >> architecture: >x86 >> 20 [main] DEBUG org.apache.commons.httpclient.HttpClient - Operating system >> version: >4.0 >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SUN 1.42: SUN >> (DSA >key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 >certificates; >JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection >CertStores) >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJSSE 1.42: >> Sun JSSE >provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, >SSLv3, TLSv1) >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunRsaSign 1.42: >> SUN's >provider for RSA signatures >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJCE 1.42: >> SunJCE >Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, >HMAC-MD5, >HMAC-SHA1) >> 390 [main] DEBUG org.apache.commons.httpclient.HttpClient - SunJGSS 1.0: Sun >> (Kerberos >v5) >> 560 [main] DEBUG org.apache.commons.httpclient.methods.GetMethod - enter >> GetMethod >(String) >> 560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter >> HttpClient.executeMethod >(HttpMethod) >> 560 [main] DEBUG org.apache.commons.httpclient.HttpClient - enter >> HttpClient.executeMethod >(HostConfiguration,HttpMethod,HttpState) >> 851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - >> HttpConnection. >setSoTimeout(0) >> 851 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter >> HttpConnection. >open() >> 1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter >> HttpConnection. >closeSockedAndStreams() >> 1332 [main] DEBUG org.apache.commons.httpclient.HttpConnection - enter >> HttpConnection. >releaseConnection() >> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated >> at >> com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275) >> at >> mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyHostname >(StrictSSLProtocolSocketFactory.java:253) >> at >> mb.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createSocket >(StrictSSLProtocolSocketFactory.java:208) >> at >> org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:683) >> at >> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:662) >> at >> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:529) >> at TestPlain.main(TestPlain.java:65) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl. >java:25) >> at java.lang.reflect.Method.invoke(Method.java:324) >> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:78) >> count = 0, total = 67 >> >> Process finished with exit code 0 >> >> Thanks for any insight >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
