I am not sure on how to deploy the my.keystore file with the applet? Thanks
for any suggestions.
---------- Forwarded message ----------
From: sudip shrestha <[EMAIL PROTECTED]>
Date: May 5, 2006 2:08 PM
Subject: Re: SSLHandshakeException with apache+tomcat httpd server
To: Julius Davies <[EMAIL PROTECTED]>
Hi,
OK... This is what I did and fixed my problem:
1. I first got my keystore from CA-cert:
keytool -import -trustcacerts -keystore my.keystore -file
mydomain.com.crt-alias mydomainkey
2. Then added a line before creating new Protocol object with
StrictSSLProtocolSocketFactory:
------------------
System.setProperty("javax.net.ssl.trustStore", "my.keystore");
Protocol stricthttps = new Protocol( "https", new
StrictSSLProtocolSocketFactory(true), 443);
httpclient.getHostConfiguration().setHost("mydomain.com", 443,
stricthttps);
httpclient.executeMethod( httpget );
System.out.println( new String( httpget.getResponseBody () ) );
System.out.println( httpget.getStatusLine() );
------------------
Then, I was able to get secure urls normally from mydomain.com. But now I
am wondering how do I put my.keystore file in the client machine, as these
urls will be accessed by an Applet.
On 5/5/06, sudip shrestha < [EMAIL PROTECTED]> wrote:
Julius, Thanks for your replay. We have a proxy server to go thru... How
do I define a proxy server/port in command line with java -jar
commons-ssl.jar -t [ mydomain.com]:443?
Because, right now, this is all I get:
java.net.SocketTimeoutException: connect timed out
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect (Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(Unknown
Source)
at org.apache.commons.ssl.SSLClient.createSocket(SSLClient.java
:189)
at org.apache.commons.ssl.SSLClient.createSocket (SSLClient.java
:157)
at org.apache.commons.ssl.SSLClient.createSocket(SSLClient.java
:149)
at org.apache.commons.ssl.Ping.main(Ping.java:136)
On 5/5/06, Julius Davies <[EMAIL PROTECTED]> wrote:
>
> Hi, Sudip,
>
> I'm working on a tool to help diagnose these kinds of problems. Can you
> try this tool and report back on the output?
>
> http://juliusdavies.ca/commons-ssl/
>
> In particular, download:
>
> http://juliusdavies.ca/commons-ssl/commons-ssl.jar
>
> And then run:
>
> java -jar commons-ssl.jar -t [ mydomain.com]:443
>
> (You'll have to replace mydomain.com with the server in particular that
> you are using.)
>
> yours,
>
> Julius
>
>
>
> -----Original Message-----
> From: sudip shrestha [mailto:[EMAIL PROTECTED]
> Sent: Fri 5/5/2006 9:20 AM
> To: [email protected]
> Cc:
> Subject: SSLHandshakeException with apache+tomcat httpd server
>
> Hi,
> I have apache httpd 2.0 server working with Tomcat 5.5.7 that server
> dynamic
> contents. Only HTTPS requests are allowed by this server. We have a
> trusted certificate from a CA, comodo. I have written an applet that
> needs
> to talk to this server via ssl.
> I have added the cert from the CA to the jdk keystore with: keytool
> -import
> -file mydomain.com.crt.
>
> So, when I use this piece of code below to make a connection I get an
> Exception:
>
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path buil
> ding failed: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid
> certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate (Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage
> (Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake
> (Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord
> (Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown
> Source)
> at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
> at java.io.BufferedOutputStream.flush(Unknown Source)
> at
> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream
> (HttpConnectio
> n.java:827)
> at org.apache.commons.httpclient.HttpMethodBase.writeRequest (
> HttpMethodBase.java:1975)
>
> at org.apache.commons.httpclient.HttpMethodBase.execute(
> HttpMethodBase.java:993)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry
> (HttpMethodDirecto
> r.java:397)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(
> HttpMethodDirector.j
> ava:170)
> at org.apache.commons.httpclient.HttpClient.executeMethod(
> HttpClient.java:396)
> at org.apache.commons.httpclient.HttpClient.executeMethod(
> HttpClient.java:324)
> at main.main(main.java:54)
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security .
> provider.certpath.SunCertPathBuilderException: unable to find valid
> certification path to requ
> ested target
> at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> at sun.security.validator.PKIXValidator.engineValidate (Unknown
> Source)
> at sun.security.validator.Validator.validate(Unknown Source)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted
> (Unknown
> Source
> )
> at
> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown
> Source
> )
> ... 18 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid ce
> rtification path to requested target
> at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> Source)
> at java.security.cert.CertPathBuilder.build(Unknown Source)
> ... 23 more
> ----------------------------------------------------------------
> Test Code:
> ---------------
> HttpClient httpclient = new HttpClient();
> GetMethod httpget = new GetMethod("https://mydomain.com/";);
> try {
>
> * //Protocol easyhttps = new Protocol("https", new
> EasySSLProtocolSocketFactory(), 443);
> //Protocol.registerProtocol("https", easyhttps);*
>
> httpclient.executeMethod(httpget);
>
> System.out.println( httpget.getStatusLine() );
>
> } catch(Exception e) {
> e.printStackTrace ();
> } finally {
> httpget.releaseConnection();
> }
> ----------------------------------------------------------------
>
> I have tried this with/without the *EasySSLProtocolSocketFactory and I
> get
> the same result. Searched through the archive but could not move
> forward.
>
> In my case, all the SSL requests are handled by apache first, so is
> there
> something else that I have to do to make it work?... thanks....
> *
>
>
>
>
>
