[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL Problems

To: cfowler@outpostsentinel.com, Jefferson.Silva@eldorado.org.br
Subject: Re: SSL Problems
From: "Brian Lee" <brian_a_lee@hotmail.com>
Date: Mon, 03 Feb 2003 12:57:38 -0500
Cc: ajug-members@ajug.org

You have to import the certificate authority (ca) cert that signed the 
current ssl session's cert to your trusted certs directory.

I believe you can do this by modifying the jre/lib/security/cacerts file 
with your ca cert. You can use sun's keytool for this.
http://java.sun.com/docs/books/tutorial/security1.2/summary/tools.html

In order to create your own certificate you must create a certificate 
authority cert that you use to sign your custom certs. I always used 
Microsoft's Certificate Server from the NT4 Option Pack, but there's tons of 
other certs softwares out there.

The idea behind the certificate authority is that they are supposed to 
verify that you own the domain the certificate is assigned to. This prevents 
bad hackers from pretending to be your domain with their own certificate. 
The reality is that VeriSign costs anywhere from $400 up for one cert and 
sometimes you just need encryption on your own apps or for your own 
application (a la hushmail).

BAL

>From: cfowler <cfowler@outpostsentinel.com>
>To: Jefferson Silva <Jefferson.Silva@eldorado.org.br>
>CC: ajug-members@ajug.org
>Subject: Re: SSL Problems
>Date: 03 Feb 2003 11:28:58 -0500
>
>I'll forward this to the list for more reponses.
>
>A while back I did get a response and sample code.  But that code
>overrode deprecated methods.  And that did not work.
>
>
>
>On Mon, 2003-02-03 at 11:13, Jefferson Silva wrote:
> > Hi,
> >
> > I'm trying to create a client to access my server, and I got the same
> > problem
> > you got some time. I saw your post to the forum. Have you got a solution
> > for your problem ? If so, could you help me ?
> >
> > I'm trying to do almost the same you've tried.
> >
> > Thanks a lot
> > Regards,
> > Jefferson
> >
> >
> > SSL Refusal
> >
> > *	To: ajug-members@ajug.org <mailto:ajug-members@ajug.org>
> > *	Subject: SSL Refusal
> > *	From: "Christopher Fowler" <cfowler@outpostsentinel.com
> > <mailto:cfowler@outpostsentinel.com>>
> > *	Date: Tue, 08 Oct 2002 17:47:46 -0400
> > *	Reply-To: cfowler@outpostsentinel.com
> > <mailto:cfowler@outpostsentinel.com>
> >
> > I use https on my server but do not have a trusted certificate.  I use
> > it strictly for the encryption capabilites.  Do I need to enable a
> > switch in the URL connection to be able to get past this error:
> >
> >
> > javax.net.ssl.SSLHandshakeException:
> > java.security.cert.CertificateException: Couldn't find trusted
> > certificate
> >         at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> >         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> >         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> >         at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> >         at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> >         at com.sun.net.ssl.int
> >
> >

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail

Follow-Ups:
- Re: SSL Problems
  - From: James Picklesimer <ilogicdot@yahoo.com>

Prev by Date: RE: SSL Problems
Next by Date: J2EE Study Group
Prev by thread: RE: SSL Problems
Next by thread: Re: SSL Problems
Index(es):
- Date
- Thread