Hi, Yes, you were right, the keystore didin't have the server's public certificate.
Thanks, Joan. -----Mensaje original----- De: Hassan Khan [mailto:hassankhan...@gmail.com] Enviado el: jueves, 18 de mayo de 2017 21:08 Para: HttpClient User Discussion Asunto: Re: Async client with self signed certificate Hi, This is a issue with the CA certs... SSL handshake is failing... if java turn on ssl debug... you will see the error in detail... But if you have added the cacert to the java cacert files.. then java should recognize the self signed cert.. This is not a code issue.. it more to do with cert that is the point i am trying to make... May be the file Store does not have the self signed certificate added to it... Hope it helps Thanks Hassan On Thu, May 18, 2017 at 2:48 PM, Joan Balagueró < joan.balagu...@grupoventus.com> wrote: > Hello, > > > > I’ve been using SSL with client authentication with signed > certificates in async http client 4.1, with no problem. > > > > My code is: > > > > FileInputStream fKeyStore = new FileInputStream(new > File(keyStoreLocation)); > > KeyStore keyStore = KeyStore.getInstance(keyStoreType); > > keyStore.load(fKeyStore, keyStorePassword.toCharArray()); > > > > KeyManagerFactory kmfactory = > KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()) > ; > > kmfactory.init(keyStore, keyStorePassword.toCharArray()); > > KeyManager[] keyManagers = kmfactory.getKeyManagers(); > > > > TrustManagerFactory tmf = > TrustManagerFactory.getInstance(TrustManagerFactory. > getDefaultAlgorithm()); > > tmf.init(keyStore); > > > > SSLContext sslContext = SSLContexts.custom().build(); > > sslContext.init(keyManagers, tmf.getTrustManagers(), null); > > > > return (new SSLIOSessionStrategy(sslContext, new String[] { "TLSv1" }, > null, SSLIOSessionStrategy.getDefaultHostnameVerifier())); > > > > > > But now I have an installation with ssl and client authentication but > with a self-signed certificate. Using the previous code I get the > following error (I suppose because it doesn’t find the CA > certificate): > > Caused by: sun.security.validator.ValidatorException: PKIX path > building > failed: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > > > > Can anyone help me with this? How should I modify the previous code to > have this working? I’ve tried some alternatives but none of them worked. > > > > Thanks in advance. > > > > Joan. > > > > > > > > > > -- Hassan Khan --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
