• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

No trusted certificate found : when opeing a ssl connection from behind the proxy.

 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey
i m using jakarta common-httpclient to connect to a secure site for some stuff. The problem is that, i m behind the proxy which results in the follwing error. ::
:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)

- >
The same code if i m runnig whithout using a proxy works fine. Can anyone please help me out how to resolve this certification problem , when i m trying to connect to a URL from behind the proxy.

Please find the Code below. :
-------------------------------------------
import java.io.IOException;

import org.apache.commons.httpclient.HostConfiguration;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.PostMethod;

public class HttpsClientTest {

public static void main(String args[]) throws Exception
{
testHttpClient();
}
protected static void testHttpClient() throws IOException
{
HostConfiguration hostConfig = new HostConfiguration();
hostConfig.setProxy("proxy i.p address", port number);
hostConfig.setHost("uri", defualt ssl port number);
HttpClient httpsClient = new HttpClient();
httpsClient.setHostConfiguration(hostConfig);
PostMethod httpsPost = new PostMethod("url");
//HttpConnection httpConnection = new HttpConnection();
httpsPost.setFollowRedirects(true);
httpsClient.executeMethod(httpsPost);

String response = httpsPost.getResponseBodyAsString();

System.out.println("The Reponse is " + response);
}
}

Looking for a quick response
Thanks
 
drifter
Posts: 1364
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The solution will depend on tracking down the real issue. The proxy may be missing a certificate from its trust certificate store or the site you are connecting to may not have been issued by a trusted source.

The handshake error indicates that one of the parties is trying to check the other's certificate and isn't finding that certificate chained to a certificate that is in its own list of trusted certificates.

Trusted Certificate (verisign or other certificate issuer)
|
Site Certificate

Try to take a look at the certificates that the proxy and the site you are connecting to. Do you control the proxy or is that someone else's? One way to have the certificate presented to you when you browse to a site is to type their server name different e.g. https://paypal.com instead of https://www.paypal.com. I'm using Internet Explorer 6.0, may behave differently with other browser or if configured differently. When I use https://paypal.com I get a popup that says there's a problem with the certificate, do I want to proceed. One of the buttons is "View Certificate". Hit that button. Select the "certification path" tab. The certificate at the top of the chain is "VeriSign Class 3 Public Primary CA" a trusted certificate issuer that is included by default in most trust stores (for example the default cacerts included with jre). I've seen development sites that don't have their certificate chained to anything at all.

When we had a problem like this it was because our company had started to issue its own certificates and that corporate trusted certificate was not in the JDK/JRE installation. Our solution was to import the trusted CA cert into the jre's trusted cert store jdk1.x.x_x\jre\lib\security\cacerts using keytool.
[ March 29, 2005: Message edited by: Carol Enderlin ]
 
sandeep verma
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey Carol Enderlin,
thanks a lot for the reply. Can you please explain that do we need to have trusted certificate at both end say at myend and as well as the site i m trying to connect to.
i have passed my proxy settings, so i have now the direct connection so no Proxy. still im getting this error , i m trying to connect to "https//secure.authorize.net". I have checkek there certificate details and they are fine.
but i m still getting the same error...any sort of help will be appreciated...

looking for QUICK response......

Thanks -
 
Carol Enderlin
drifter
Posts: 1364
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ease Up...I don't usually rush to provide an answer when I see statements like "looking for QUICK response......". As a matter of fact, I usually go answer other questions first.

I don't really know what your setup is. My experience was with one-way SSL; a server of ours not running securely needed to connect to a secure server and didn't trust their CA certificate. I had to get their CA certificate installed as a trusted CA cert in our server's cacerts keystore.

Are you running SSL or not? Web App or regular java application or? What java version? How is your SSL configured? Does your certificate have a trusted cert signed by a standard signing authority? Looks like the URL you posted has a cert signed by verisign. At casual glance it looks like one of the usual ones.

Unless your servers are configured differently the standard cert trust store I already pointed you to cacerts:

Java Standard Trust Keystore: JAVA_HOME/jre/lib/security/cacerts
Indicates the use of the Java Standard Trust keystore provided by the JDK. The Java Standard Trust keystore is located in JAVA_HOME/jre/lib/security/cacerts.

 
Carol Enderlin
drifter
Posts: 1364
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not a user of the package you're using, did you try looking at their trouble shooting info?

Troubleshooting httpclient
 
sandeep verma
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey thanks a lot for all your help! It really helped me out. The solution i found is that :
we stored the cerificate of the site for which we were opening the connection on our local machine or say the server through which we were trying to open the connection and make that certificated trusted using the keytool.exe and saved it under jre\lib\security folder named carcets
pls look under
C:\j2sdk1.4.2_01\bin>keytool.exe -import -keystore C:\j2sdk1.4.2_01\jre\lib\security\cacerts -file c:\authorize.net.cer -alias a
Enter keystore password: changeit
Owner: CN=secure.authorize.net, OU=Terms of use at www.verisign.com/RPA (c)01, OU=Authorize.Net, O=InfoSpace, L=Bellevue, ST=Was
Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="
Serial number: 2e12665607c50cd242feebb03e07265e
Valid from: Tue Apr 22 05:30:00 IST 2003 until: Fri Apr 22 05:29:59 IST 2005
Certificate fingerprints:
MD5: 48:33:BB:88:55 2:E2:E2:62:66:4F:7F 8:AA:3D:0A
SHA1: 4D:1C:86:2E:63:ED:66 6:64:95:EB:8C:58:68:97:EE:CC:BB:C6:2E
Trust this certificate? [no]: yes
Certificate was added to keystore

and thats it ...
 
reply
    Bookmark Topic Watch Topic
  • New Topic