[prev in list] [next in list] [prev in thread] [next in thread] 

List:       httpclient-users
Subject:    Re: Using a self-signed CA
From:       Oleg Kalnichevski <olegk () apache ! org>
Date:       2013-02-21 21:45:09
Message-ID: 1361483109.2881.7.camel () ubuntu
[Download RAW message or body]

On Thu, 2013-02-21 at 17:31 +0000, Gordon Ross wrote:
> On 21 Feb 2013, at 17:25, Eduardo Martins <emmartins@gmail.com>
> wrote:
> 
> > Perhaps cacerts is not really where you point to? It should be at \
> > $JAVA_HOME/lib/security/cacerts , where $JAVA_HOME can be obtained from \
> > /usr/libexec/java_home -v 1.6. In my case it is \
> > /Library/Java/JavaVirtualMachines/1.6.0_37-b06-434.jdk/Contents/Home 
> 
> 
> $ java -version
> java version "1.6.0_37"
> $ /usr/libexec/java_home -v 1.6
> /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home
> $ ls -l /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/cacerts
>  […]/cacerts -> /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts
>  $ keytool -list -keystore \
> /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts \
> |grep -i my_ca my_ca, Feb 21, 2013, trustedCertEntry,
> 
> GTG

Gordon

The best thing you can do is to explicitly set up the expected SSL
context using one of the SSLSocketFactory constructors. This would also
enable you to limit the set of trusted CAs to just those you need.

---
KeyStore truststore = KeyStore.getInstance("JKS");
FileInputStream instream = new FileInputStream(new File("mycacerts"));
try {
    truststore.load(instream, "mypassword".toCharArray());
} finally {
    instream.close();
}
SSLSocketFactory sf = new SSLSocketFactory(truststore);
PoolingClientConnectionManager cm = new
PoolingClientConnectionManager();
cm.getSchemeRegistry().register(new Scheme("https", 443, sf));
DefaultHttpClient client = new DefaultHttpClient(cm);
---

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]