Hi, Sudip, Thanks for your interesting question! I added a "proxy" option to the "commons-ssl.jar" tool.
I realize you've already progressed on your problem, but would you mind testing this option for me? Here's the lastest version: http://juliusdavies.ca/commons-ssl/ In particular: http://juliusdavies.ca/commons-ssl/commons-ssl.jar Please try running: java -jar commons-ssl.jar -t [mydomain.com]:443 -r [myproxy.com]:80 Does it work? yours, Julius ============================================================================== Usage: java -jar commons-ssl.jar [options] Options: (*=required) * -t --target [hostname[:port]] default port=443 -b --bind [hostname[:port]] default port=0 "ANY" -r --proxy [hostname[:port]] default port=80 -c --client-cert [path to client certificate] *.jks or *.pfx -p --password [client cert password] Example: java -jar commons-ssl.jar -t cucbc.com:443 -c ./client.pfx -p `cat ./pass.txt` ============================================================================== On Fri, 2006-05-05 at 15:38 -0500, sudip shrestha wrote: > I am not sure on how to deploy the my.keystore file with the applet? Thanks > for any suggestions. > > ---------- Forwarded message ---------- > From: sudip shrestha <[EMAIL PROTECTED]> > Date: May 5, 2006 2:08 PM > Subject: Re: SSLHandshakeException with apache+tomcat httpd server > To: Julius Davies <[EMAIL PROTECTED]> > > Hi, > OK... This is what I did and fixed my problem: > 1. I first got my keystore from CA-cert: > keytool -import -trustcacerts -keystore my.keystore -file > mydomain.com.crt-alias mydomainkey > 2. Then added a line before creating new Protocol object with > StrictSSLProtocolSocketFactory: > ------------------ > System.setProperty("javax.net.ssl.trustStore", "my.keystore"); > > Protocol stricthttps = new Protocol( "https", new > StrictSSLProtocolSocketFactory(true), 443); > httpclient.getHostConfiguration().setHost("mydomain.com", 443, > stricthttps); > > httpclient.executeMethod( httpget ); > System.out.println( new String( httpget.getResponseBody () ) ); > > System.out.println( httpget.getStatusLine() ); > ------------------ > Then, I was able to get secure urls normally from mydomain.com. But now I > am wondering how do I put my.keystore file in the client machine, as these > urls will be accessed by an Applet. > > > > On 5/5/06, sudip shrestha < [EMAIL PROTECTED]> wrote: > > > > Julius, Thanks for your replay. We have a proxy server to go thru... How > > do I define a proxy server/port in command line with java -jar > > commons-ssl.jar -t [ mydomain.com]:443? > > > > Because, right now, this is all I get: > > java.net.SocketTimeoutException: connect timed out > > at java.net.PlainSocketImpl.socketConnect(Native Method) > > at java.net.PlainSocketImpl.doConnect (Unknown Source) > > at java.net.PlainSocketImpl.connectToAddress(Unknown Source) > > at java.net.PlainSocketImpl.connect(Unknown Source) > > at java.net.SocksSocketImpl.connect(Unknown Source) > > at java.net.Socket.connect(Unknown Source) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(Unknown > > Source) > > at org.apache.commons.ssl.SSLClient.createSocket(SSLClient.java > > :189) > > at org.apache.commons.ssl.SSLClient.createSocket (SSLClient.java > > :157) > > at org.apache.commons.ssl.SSLClient.createSocket(SSLClient.java > > :149) > > at org.apache.commons.ssl.Ping.main(Ping.java:136) > > > > > > On 5/5/06, Julius Davies <[EMAIL PROTECTED]> wrote: > > > > > > Hi, Sudip, > > > > > > I'm working on a tool to help diagnose these kinds of problems. Can you > > > try this tool and report back on the output? > > > > > > http://juliusdavies.ca/commons-ssl/ > > > > > > In particular, download: > > > > > > http://juliusdavies.ca/commons-ssl/commons-ssl.jar > > > > > > And then run: > > > > > > java -jar commons-ssl.jar -t [ mydomain.com]:443 > > > > > > (You'll have to replace mydomain.com with the server in particular that > > > you are using.) > > > > > > yours, > > > > > > Julius > > > > > > > > > > > > -----Original Message----- > > > From: sudip shrestha [mailto:[EMAIL PROTECTED] > > > Sent: Fri 5/5/2006 9:20 AM > > > To: [email protected] > > > Cc: > > > Subject: SSLHandshakeException with apache+tomcat httpd server > > > > > > Hi, > > > I have apache httpd 2.0 server working with Tomcat 5.5.7 that server > > > dynamic > > > contents. Only HTTPS requests are allowed by this server. We have a > > > trusted certificate from a CA, comodo. I have written an applet that > > > needs > > > to talk to this server via ssl. > > > I have added the cert from the CA to the jdk keystore with: keytool > > > -import > > > -file mydomain.com.crt. > > > > > > So, when I use this piece of code below to make a connection I get an > > > Exception: > > > > > > javax.net.ssl.SSLHandshakeException: > > > sun.security.validator.ValidatorException: PKIX path buil > > > ding failed: sun.security.provider.certpath.SunCertPathBuilderException: > > > unable to find valid > > > certification path to requested target > > > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown > > > Source) > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown > > > Source) > > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown > > > Source) > > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown > > > Source) > > > at > > > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate (Unknown > > > Source) > > > at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage > > > (Unknown > > > Source) > > > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown > > > Source) > > > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown > > > Source) > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown > > > Source) > > > at > > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake > > > (Unknown > > > Source) > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord > > > (Unknown > > > Source) > > > at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown > > > Source) > > > at java.io.BufferedOutputStream.flushBuffer(Unknown Source) > > > at java.io.BufferedOutputStream.flush(Unknown Source) > > > at > > > org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream > > > (HttpConnectio > > > n.java:827) > > > at org.apache.commons.httpclient.HttpMethodBase.writeRequest ( > > > HttpMethodBase.java:1975) > > > > > > at org.apache.commons.httpclient.HttpMethodBase.execute( > > > HttpMethodBase.java:993) > > > at > > > org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry > > > (HttpMethodDirecto > > > r.java:397) > > > at > > > org.apache.commons.httpclient.HttpMethodDirector.executeMethod( > > > HttpMethodDirector.j > > > ava:170) > > > at org.apache.commons.httpclient.HttpClient.executeMethod( > > > HttpClient.java:396) > > > at org.apache.commons.httpclient.HttpClient.executeMethod( > > > HttpClient.java:324) > > > at main.main(main.java:54) > > > Caused by: sun.security.validator.ValidatorException: PKIX path building > > > failed: sun.security . > > > provider.certpath.SunCertPathBuilderException: unable to find valid > > > certification path to requ > > > ested target > > > at sun.security.validator.PKIXValidator.doBuild(Unknown Source) > > > at sun.security.validator.PKIXValidator.engineValidate (Unknown > > > Source) > > > at sun.security.validator.Validator.validate(Unknown Source) > > > at > > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted > > > (Unknown > > > Source > > > ) > > > at > > > com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown > > > Source > > > ) > > > ... 18 more > > > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > > > unable to find valid ce > > > rtification path to requested target > > > at > > > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown > > > Source) > > > at java.security.cert.CertPathBuilder.build(Unknown Source) > > > ... 23 more > > > ---------------------------------------------------------------- > > > Test Code: > > > --------------- > > > HttpClient httpclient = new HttpClient(); > > > GetMethod httpget = new GetMethod("https://mydomain.com/";); > > > try { > > > > > > * //Protocol easyhttps = new Protocol("https", new > > > EasySSLProtocolSocketFactory(), 443); > > > //Protocol.registerProtocol("https", easyhttps);* > > > > > > httpclient.executeMethod(httpget); > > > > > > System.out.println( httpget.getStatusLine() ); > > > > > > } catch(Exception e) { > > > e.printStackTrace (); > > > } finally { > > > httpget.releaseConnection(); > > > } > > > ---------------------------------------------------------------- > > > > > > I have tried this with/without the *EasySSLProtocolSocketFactory and I > > > get > > > the same result. Searched through the archive but could not move > > > forward. > > > > > > In my case, all the SSL requests are handled by apache first, so is > > > there > > > something else that I have to do to make it work?... thanks.... > > > * > > > > > > > > > > > > > > > > > -- Julius Davies Senior Application Developer, Technology Services Credit Union Central of British Columbia http://www.cucbc.com/ Tel: 604-730-6385 Cel: 604-868-7571 Fax: 604-737-5910 1441 Creekside Drive Vancouver, BC Canada V6J 4S7 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
