On Wed, 2007-05-02 at 22:22 -0700, RossW wrote:
> ok cool...i fixed the problem. So first of all i had to connect through
> proxy first and then secondly i had to add the certificate to the keystore
> and then add the keystore as a property to code..now working fine. so here
> is the code which made all the difference.
>
> first i had to export the cert from the site...once logged in i just double
> clicked on the lock icon in IE (on the status bar down the bottom of IE when
> logged into the secure site)and then found and copy to file button. I saved
> it as a DER encrypted file to say c:\temp\certfile.cer and then using
> keytool as follows (keytool can be found in the JDK bin folder)
>
> keytool -keystore "C:\Program Files\Java\jdk1.6.0\jre\lib\security\cacerts"
> -import -alias mysecurestore -file C:\temp\certfile.cer -trustcacerts
>
> System.setProperty("javax.net.ssl.trustStore", "C:\\Program
> Files\\Java\\jdk1.6.0\\jre\\lib\\security\\cacerts");
>
> and now is working like a charm. I hope this comes in handy for someone
> else in future cuz this one really sucked.
>
Ross
You may consider using AuthSSLProtocolSocketFactory if you want to avoid
having to modify the cacerts file
http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/
http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup
For details see
http://jakarta.apache.org/commons/httpclient/sslguide.html
Oleg
>
> RossW wrote:
> >
> > ok now i am getting this...the change i made which was causing the prev
> > error was to connect via proxy first. Funny thing was that i was told
> > without any doubt that it was not proxied. Anyways now i am getting SSL
> > cert related errors
> >
> > javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: PKIX path building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> > valid certification path to requested target
> > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> > at
> > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> > Source)
> > at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> > Source)
> > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
> > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
> > Source)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
> > at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> > Source)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown
> > Source)
> > at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
> > at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
> > at java.io.BufferedOutputStream.flush(Unknown Source)
> > at
> > org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Unknown
> > Source)
> > at org.apache.commons.httpclient.HttpMethodBase.writeRequest(Unknown
> > Source)
> > at org.apache.commons.httpclient.HttpMethodBase.execute(Unknown Source)
> > at
> > org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown
> > Source)
> > at
> > org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown
> > Source)
> > at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown
> > Source)
> > at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown
> > Source)
> > at chester_japp.Chester_queue.record_proc(Chester_queue.java:129)
> > at chester_japp.Chester_queue.run(Chester_queue.java:382)
> > at java.lang.Thread.run(Unknown Source)
> > Caused by: sun.security.validator.ValidatorException: PKIX path building
> > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> > to find valid certification path to requested target
> > at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> > at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> > at sun.security.validator.Validator.validate(Unknown Source)
> > at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
> > Source)
> > at
> > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> > Source)
> > at
> > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> > Source)
> > ... 20 more
> > Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> > unable to find valid certification path to requested target
> > at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> > Source)
> > at java.security.cert.CertPathBuilder.build(Unknown Source)
> > ... 26 more
> >
> > olegk wrote:
> >>
> >> On Tue, 2007-04-24 at 04:22 -0700, RossW wrote:
> >>>
> >>> >
> >>> > Ross,
> >>> >
> >>> > This appears to be some kind of connectivity problem. Is this an
> >>> > intranet or internet site? Can you establish a connection to that site
> >>> > using a browser?
> >>> >
> >>> > You do not explicitly set a connect timeout value, so JRE the default
> >>> > one applies. Try explicitly setting the connect timeout value to
> >>> > something like 10 min and see what happens.
> >>> >
> >>> > Oleg
> >>> >
> >>
> >> ...
> >>
> >>>
> >>> Hey thanks for the reply. It is an intranet site but i am able to
> >>> access it
> >>> ok when using my browser and the proxy server does not affect this site.
> >>> I
> >>> think i have tried setting the timeout for both the connection and the
> >>> socket to unlim and it was still failing. I suspect somehow it is
> >>> related
> >>> to the SSL but found it odd that i can connect to some SSL sites. A
> >>> friend
> >>> of mine wrote a similar program that uses HTTPCLIENT (the one written by
> >>> a
> >>> chinese group cant recall there name) and the code is similar and it
> >>> works
> >>> fine. I want to the apache one because i believe it will have more
> >>> ongoing
> >>> support.
> >>>
> >>> Thanks.
> >>
> >> Please note that for some JREs infinite connect timeout (zero value)
> >> effectively means the _default_ value, which may well be a finite
> >> number.
> >>
> >> Are you absolutely sure the browser is hitting the site directly and not
> >> through a proxy?
> >>
> >> Anyways, if this is an internal site, internal infrastructure staff are
> >> your best friends. They should be able to tell why connections time out.
> >>
> >> Oleg
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >>
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
