• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Using existing server without installed certificates

 
Ranch Hand
Posts: 479
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am writing a Java desktop application that will communicate with our existing server. The server uses an SSL socket with no certificate installation required on its clients. The application has thousands of users, and our Network People decided some time ago to drop the requirement that users install our certificate on their machines. I was told that the communications are still encrypted with a certificate that is negotiated during the SSL handshake, but I don't know the details because the people who explained it to me were a little hazy on the details.

I am sure that the current application, written in VB6, communicates with the server just fine, using SSL, and without having any certificates installed. We have test machines which I re-image back to barebones XP several times a week during a testing cycle, and they work fine. So do hundreds of our users who installed their systems and our program after this decision was made, and we've quit getting any support calls saying they're getting SSL errors.

I am writing a Java program to do the same communication with the server; when it does its first read, I get:

exception reading: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

All of the web solutions to this that I've found, save one, say the solution is to install the self-signed certificate for the server. But that solution does not work for me, because my users are not going to be able to do that. I am trusting that my Network People knew what they were doing when they quit requiring the certificate to be installed, and that we'll continue to be able to use SSL without requiring that.

Can anyone direct me to instructions or examples on how to do this, or at least what to look at? The one exception I found was to put in the line to eliminate the certificate checking, but it has no effect.

Anyone have any ideas?

rc
 
reply
    Bookmark Topic Watch Topic
  • New Topic