Re: SSLHandshakeException: could not find trusted certificate
Sep 2, 2002 6:40 AM (reply 1 of 12)
if you work in windows in control panel you have java plugin -
there is column certificates then you click on secure site and import public key.
in unix execute ControlPanel from your java direcotry and makes the same.
it could help.
l33t0n3
Posts:5
Registered: 9/3/02 Re: SSLHandshakeException: could not find trusted certificate
Sep 3, 2002 9:31 AM (reply 2 of 12)
There are two ways to fix your problem. The first is add the certificate(s) of the target site to your TrustStore.
In the JSSE, the TrustStore object is a Keystore file which contains the public key(s) and any Root keys for a server certificate. You can add the key to your truststore by using keytool. (read JSSE documentation http://java.sun.com/products/jsse/doc/guide/API_users_guide.html to learn more about keytool):
In order to do this you will need to get the servers public (not private) key and any root certificates and then use the keytool.
Unfortunately, most of the time this is way too much of a pain in the butt to do for every ssl connection. For this reason, you can actually create your own TrustManager implementaiton and assign it to the SSLSocketFactory. The SSLSocketFactory can either be used by you directly, or you can let the java.net.URL connection factory handle the fetching and reading of sockets for you. I highly recommend using java.net.URL because it will load the https handler and you won't have to worry about writing the http requests properly.
First, you must create an implementation of the TrustManager factory. I recommend that for your first go you just trust everything (i.e. the isServerTrusted(X509Certificate[] Servers) method should always return true).
Make sure you have specified your provider (system property or dynamically as shown (this is jdk1.3 w/ JSSE 1.0.3, with jdk 1.4 it s bit different)...
java.security.Security.addProvider(
new com.sun.net.ssl.internal.ssl.Provider());
get your ssl context...
ctx = SSLContext.getInstance("TLS");
create an array of 1 object containing your TrustManager...
TrustManager[] _trustm = {new your.BogusX509TrustManager()};
And then tell the context to init using your trust manager...
ctx.init(null, _trustm, null);
make that your default socket factory for ssl connections...
HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
Now your SocketFactory (and TrustManager) will be used for any new https connection you open in this instance. Since you set isServerTrusted to always return true, you will trust all certificates. You can also go a bit farther and validate certificates and store certificates in your TrustStore...
No comments:
Post a Comment