You need to install the server certificate in your local truststore. This can be done programmatically or manually using the keytool command. The API's changed from 1.3.x to 1.4, but here is a 1.4 client tool that I've used in the past that shows how to hook into the trust manager.
Usage: installCert server_address keystore_password certificate_alias.
BTW, I've found that a good runtime flag to use is "-Djavax.net.debug=ssl". It dumps a ton of useful information to help debug ssl communications.
Good luck...
-Joe
-----Original Message-----
From: Ladwig, Mike [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 18, 2002 1:02 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Problems with HTTPS + Proxy + Authentication
Replaced the previous code block to set https.proxyAuth with this:
try { System.setProperty( "https.proxyAuth", "Basic " + HTTPUtils.encodeAuth(proxyUserName, proxyPassword) ); }
catch( Exception exx ) { System.err.println("encodeAuth exception: "
+ exx); System.exit(1); }
Now I'm getting a different result!
Caused by: javax.net.ssl.SSLHandshakeException: Couldn't find trusted certificate
I think this means I'm getting through the proxy (good) but something else is wrong (bad). If so, I guess I need to start a new thread!
I don't have clientAuth turned on in the server (yet) so for some reason the client doesn't like the certificate the server is presenting me. This I don't understand because my konqueror browser is able to connect to the soap admin client fine. AFAIK, JDK141 comes with all the appropriate cacerts I need...
mike.
-----Original Message-----
From: Scott Nichol [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 18, 2002 3:45 PM
To: [EMAIL PROTECTED]
Subject: Re: Problems with HTTPS + Proxy + Authentication
> Before, I tried it both ways, neither worked. I just now added in the
> following code:
>
> String password = " " + proxyUserName + ":" + " " +
proxyPassword;
> BASE64Encoder B64Encoder = new BASE64Encoder ();
> String encodedPassword = B64Encoder.encode( password.getBytes
());
> System.setProperty( "https.proxyAuth", "Basic " +
encodedPassword );
>
> and I still get the same SOAPException. So, unless my code above is
wrong
> there's some other problem.
I wonder if the extra spaces when you create password are a problem. As an alternative, try calling this method in HTTPUtils to generate the part after "Basic ":
public static String encodeAuth(String userName, String password)
> As for the API I would prefer...IMO it would be best if the
> host/port/username/password parameters are set the same way,
regardless of
> whether the target is http or https.
Yeh, I think I will do that, since I think it is less confusing. I get the feeling that the SSL proxy code was added by someone who needed it, but it has not really been used widely.
Scott Nichol
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
installCert.java
Description: Binary data
-- To unsubscribe, e-mail: <mailto:soap-user-unsubscribe@;xml.apache.org> For additional commands, e-mail: <mailto:soap-user-help@;xml.apache.org>
