'Re: ssl failure'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       httpclient-users
Subject:    Re: ssl failure
From:       "Julius Davies" <juliusdavies () gmail ! com>
Date:       2008-02-29 17:24:24
Message-ID: 598ad5b50802290924m6dad3166t18f8cd2284a567fb () mail ! gmail ! com
[Download RAW message or body]

Hi, G. Garrett Campbell,

The set of root certificate authorities that Java trusts by default
tends to be a little smaller than Firefox and IE.  It's located here:

$JAVA_HOME/jre/lib/security/cacerts

That's a keystore file, so you can use "keytool" to view and modify
it.  The password is "changeit".

Sun Java does not come with any "trustcenter.de" CA certs
pre-installed, so you'll have to go here and add them to your
"cacerts" file:

http://www.trustcenter.de/en/infocenter/root_certificates.htm


Note:  you might have to re-add those root certificates every time you
upgrade your JVM, even to just minor patch version (e.g. 1.6.0_03 to
1.6.0_04).

There are other ways, too....

http://hc.apache.org/httpclient-3.x/sslguide.html

http://juliusdavies.ca/commons-ssl/javadocs/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.html




yours,

Julius



On Thu, Feb 28, 2008 at 3:32 PM, G. Garrett Campbell <g395@comcast.net> wrote:
> I am attempting to connect to a https site.
> 
> I get the following stack trace.
> 
> Visiting the site from IE or FIREFOX lists no problems.
> 
> Is the an httpclient problem or a javax.net.ssl problem???
> 
> I also tried java1.6 and got the same result.
> 
> Thanks for any info
> 
> C:\trackm\air>"c:\program files\java\jdk1.5.0_07\bin\java" AirBerlin \
> g395@comcast.net track123 Campbell debug want
> https://www.airberlin.com/site/topbonus/login_miles.php?LANG=eng
> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: \
> PKIX path building failed: \
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid \
> certification path to requested target at \
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) at \
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518) at \
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) at \
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) at \
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
>  at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
>  at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
>  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
>  at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2124)
>  at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1088)
> at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
>  at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
>  at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at HttpAccount.formGet(HttpAccount.java:495)
> at HttpAccount.formGet(HttpAccount.java:480)
> at HttpAccount.doit(HttpAccount.java:83)
> at HttpAccount.doit(HttpAccount.java:64)
> at AirBerlin.doit(AirBerlin.java:120)
> at HttpAccount.process(HttpAccount.java:44)
> at AirBerlin.main(AirBerlin.java:18)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: \
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid \
> certification path to requested target at \
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) at \
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) at \
> sun.security.validator.Validator.validate(Validator.java:203) at \
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
>  at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
>  at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
>                 
> ... 23 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to \
> find valid certification path to requested target at \
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
>  at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
> ... 28 more
> 



-- 
yours,

Julius Davies
250-592-2284 (Home)
250-893-4579 (Mobile)
http://juliusdavies.ca/

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic