Hi,
I have apache httpd 2.0 server working with Tomcat 5.5.7 that server dynamic
contents. Only HTTPS requests are allowed by this server. We have a
trusted certificate from a CA, comodo. I have written an applet that needs
to talk to this server via ssl.
I have added the cert from the CA to the jdk keystore with: keytool -import
-file mydomain.com.crt.
So, when I use this piece of code below to make a connection I get an
Exception:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path buil
ding failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid
certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown
Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown
Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at
org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream
(HttpConnectio
n.java:827)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(
HttpMethodBase.java:1975)
at org.apache.commons.httpclient.HttpMethodBase.execute(
HttpMethodBase.java:993)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry
(HttpMethodDirecto
r.java:397)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(
HttpMethodDirector.j
ava:170)
at org.apache.commons.httpclient.HttpClient.executeMethod(
HttpClient.java:396)
at org.apache.commons.httpclient.HttpClient.executeMethod(
HttpClient.java:324)
at main.main(main.java:54)
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.
provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requ
ested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown
Source)
at sun.security.validator.Validator.validate(Unknown Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source
)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown
Source
)
... 18 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid ce
rtification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 23 more
----------------------------------------------------------------
Test Code:
---------------
HttpClient httpclient = new HttpClient();
GetMethod httpget = new GetMethod("https://mydomain.com/";);
try {
* //Protocol easyhttps = new Protocol("https", new
EasySSLProtocolSocketFactory(), 443);
//Protocol.registerProtocol("https", easyhttps);*
httpclient.executeMethod(httpget);
System.out.println( httpget.getStatusLine() );
} catch(Exception e) {
e.printStackTrace();
} finally {
httpget.releaseConnection();
}
----------------------------------------------------------------
I have tried this with/without the *EasySSLProtocolSocketFactory and I get
the same result. Searched through the archive but could not move forward.
In my case, all the SSL requests are handled by apache first, so is there
something else that I have to do to make it work?... thanks....
*
