tags:

views:

599

answers:

2
+1  Q: 

HttpClient+SSL+ Trusted Certificate.

Hi All,

I'm using Commons HttpClient API to connect to one of our Servers.

This server uses SSL and also it uses valid Certificate (issued by Verisign Trust Network).

My Browser never complains as i connect to the server. But my java program throws

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found Exception.

I still have the same issue, even if this valid certificate is imported to my java truststore.

I used the following simple code to connect to the server..

HttpClient httpclient = new HttpClient();
  GetMethod httpget = new GetMethod("https://www.ourserver.com/"); 
  try { 
    httpclient.executeMethod(httpget);
    System.out.println(httpget.getStatusLine());
  } finally {
    httpget.releaseConnection();
  }

Note: I'm very sure that our server is using Trusted certificate as my browser never complained.

Thank you.

A: 

Have you added the Verisign Root CA to your truststore? It's possible that the error is because the CA that issued your certificate isn't trusted.

I'm not sure that Java's truststore is automatically configured to trust "default" root CAs (Verisign, Thawte, etc.) like most web browsers are. You might have to manually enable trust for each using keytool, which I assume you know since you mentioned importing into your truststore.

Peter  2010-03-04 11:57:28
java does trust a lot of CA certificates. But of older java versions, not al recent CA's are trusted
Salandur  2010-03-04 12:24:11
I have just imported this certificate alone in to java's truststore.I don't know how to do this for the Verisign Root CA. I don't have this root certificate with me.One more question My program works fine if i tested on publicly available Https site.
Sathish Gopal  2010-03-04 12:36:55
+1  A: 

if you are using an older version of java, i.e. 1.4, it is possible that the verisign root CA isn't trusted. In that case you must configure a truststore with the certificate in it. This can be done with de 'javax.net.ssl.trustStore' system property, but isn't advisible to do.

You can implement the 'org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory' to provide a custom SocketFactory with the given truststore.

Salandur  2010-03-04 12:19:04

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java