On Thu, 2013-02-21 at 17:31 +0000, Gordon Ross wrote:
> On 21 Feb 2013, at 17:25, Eduardo Martins <[email protected]>
> wrote:
>
> > Perhaps cacerts is not really where you point to? It should be at
> > $JAVA_HOME/lib/security/cacerts , where $JAVA_HOME can be obtained from
> > /usr/libexec/java_home -v 1.6. In my case it is
> > /Library/Java/JavaVirtualMachines/1.6.0_37-b06-434.jdk/Contents/Home
>
>
> $ java -version
> java version "1.6.0_37"
> $ /usr/libexec/java_home -v 1.6
> /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home
> $ ls -l
> /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/cacerts
> […]/cacerts ->
> /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts
> $ keytool -list -keystore
> /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts
> |grep -i my_ca
> my_ca, Feb 21, 2013, trustedCertEntry,
>
> GTG
Gordon
The best thing you can do is to explicitly set up the expected SSL
context using one of the SSLSocketFactory constructors. This would also
enable you to limit the set of trusted CAs to just those you need.
---
KeyStore truststore = KeyStore.getInstance("JKS");
FileInputStream instream = new FileInputStream(new File("mycacerts"));
try {
truststore.load(instream, "mypassword".toCharArray());
} finally {
instream.close();
}
SSLSocketFactory sf = new SSLSocketFactory(truststore);
PoolingClientConnectionManager cm = new
PoolingClientConnectionManager();
cm.getSchemeRegistry().register(new Scheme("https", 443, sf));
DefaultHttpClient client = new DefaultHttpClient(cm);
---
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
