Hi, Sudip, I'm working on a tool to help diagnose these kinds of problems. Can you try this tool and report back on the output?
http://juliusdavies.ca/commons-ssl/ In particular, download: http://juliusdavies.ca/commons-ssl/commons-ssl.jar And then run: java -jar commons-ssl.jar -t [mydomain.com]:443 (You'll have to replace mydomain.com with the server in particular that you are using.) yours, Julius -----Original Message----- From: sudip shrestha [mailto:[EMAIL PROTECTED] Sent: Fri 5/5/2006 9:20 AM To: [email protected] Cc: Subject: SSLHandshakeException with apache+tomcat httpd server Hi, I have apache httpd 2.0 server working with Tomcat 5.5.7 that server dynamic contents. Only HTTPS requests are allowed by this server. We have a trusted certificate from a CA, comodo. I have written an applet that needs to talk to this server via ssl. I have added the cert from the CA to the jdk keystore with: keytool -import -file mydomain.com.crt. So, when I use this piece of code below to make a connection I get an Exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path buil ding failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source) at java.io.BufferedOutputStream.flushBuffer(Unknown Source) at java.io.BufferedOutputStream.flush(Unknown Source) at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream (HttpConnectio n.java:827) at org.apache.commons.httpclient.HttpMethodBase.writeRequest( HttpMethodBase.java:1975) at org.apache.commons.httpclient.HttpMethodBase.execute( HttpMethodBase.java:993) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry (HttpMethodDirecto r.java:397) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod( HttpMethodDirector.j ava:170) at org.apache.commons.httpclient.HttpClient.executeMethod( HttpClient.java:396) at org.apache.commons.httpclient.HttpClient.executeMethod( HttpClient.java:324) at main.main(main.java:54) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security. provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requ ested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source ) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source ) ... 18 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid ce rtification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 23 more ---------------------------------------------------------------- Test Code: --------------- HttpClient httpclient = new HttpClient(); GetMethod httpget = new GetMethod("https://mydomain.com/";); try { * //Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443); //Protocol.registerProtocol("https", easyhttps);* httpclient.executeMethod(httpget); System.out.println( httpget.getStatusLine() ); } catch(Exception e) { e.printStackTrace(); } finally { httpget.releaseConnection(); } ---------------------------------------------------------------- I have tried this with/without the *EasySSLProtocolSocketFactory and I get the same result. Searched through the archive but could not move forward. In my case, all the SSL requests are handled by apache first, so is there something else that I have to do to make it work?... thanks.... * --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
