Hi, Thanks for the reply. I also got another suggestion on this list to remove the addProvider()-call, but that did not work, either. I am now not able to try out your suggestion since I had to rewrite the code to omit the whole problem (the service I access also supports XML-RPC, so I use that now).
I will, however, try it out later. Thanks for both suggestions! Regards, Lars Ove Claesson Systems Developer Datek Wireless AS -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 11. juni 2003 18:03 To: [EMAIL PROTECTED] Subject: RE: Trusted certificates with Java 1.4.1 I apologize if this has already been answered. I lost a bunch of email today. If you are sure your app is finding the keystore and certificate, your problem might be with the incompatibility between JDK/JRE 1.3 and JDK/JRE 1.4. If you are trying to talk between the two, you might need to set a the following startup flag. If I remember correctly, a 1.3 client needs the 1.4 server to have this set to true. -Dcom.sun.net.ssl.dhKeyExchangeFix=true; -----Original Message----- From: Lars Ove Claesson [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2003 12:59 AM To: '[EMAIL PROTECTED]' Subject: Trusted certificates with Java 1.4.1 Hi. I'm trying to use the SOAP API over HTTPS connections with Java 1.4.1. I must implement a custom trust manager that trusts all certificates. I think this is where things go wrong. I suspect that the SOAP API is maybe using some handling from version Java 1.3, but cannot pinpoint any of that in the api's source code. I start off by initializing the SSL/SSLContext with: java.security.Security.addProvider( new com.sun.net.ssl.internal.ssl.Provider() ); System.setProperty( "java.protocol.handler.pkgs", "javax.net.ssl" ); TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return ( null ) } public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {} public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) {) } }; // The openHostnameVerifier trusts all hostnames HostnameVerifier openHostnameVerifier = new HostnameVerifier() { public boolean verify( String hostname, String session ) { return ( true ); } public boolean verify( String hostname, SSLSession session) { return ( true ); } }; SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init( null, trustAllCerts, new java.security.SecureRandom()); javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory( sslContext.getSocketFactory() ); javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier( openHostnameVerifier ); I do not know if the last two lines have any meaning to the SOAP API. As far as I can see, it creates its own SSL Socket and does not use the HttpsURLConnection...? Then I simply make a SOAP call: soapCall.setTargetObjectURI( address.getContent() ); soapCall.setMethodName( METHOD_NAME ); soapCall.setEncodingStyleURI( Constants.NS_URI_SOAP_ENC) ; Parameter pUsername = new Parameter( PARAMETER_USERNAME, String.class, username.getContent(), null ); . . . Vector parameters = new Vector(); parameters.add( pUsername ); . . . soapCall.setParams( parameters ); try { Response response = soapCall.invoke( new java.net.URL( address.getContent() ), "" ); } catch ( MalformedURLException exp ) { // Handle } catch ( SOAPException exp ) { // Handle } This causes the followin SOAPException: Error opening socket: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Couldn't find trusted certificate Any help with my problem is greatly appreciated! Regards, Lars Ove Claesson
