[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SSL Problems

To: ajug-members@ajug.org
Subject: RE: SSL Problems
From: cfowler <cfowler@outpostsentinel.com>
Date: 03 Feb 2003 11:52:25 -0500
In-Reply-To: <003d01c2cba3$e8745100$0700a8c0@woodstock>
References: <003d01c2cba3$e8745100$0700a8c0@woodstock>

Some people have legitimate reasons to not sign their certs.
In some cases the network the app is running on is private but still
requires encryption and not certificate verification.  In my case I
could care less if the remote had a cert or not I just want 128bit
encryption of my data.




On Mon, 2003-02-03 at 11:47, Ty Connell wrote:
> >From what I remember...
> 
> I don't think it's easy, or even desirable to get around this error.
> Understand that the following is posted from the cobwebs of several
> years ago.
> 
> It should be possible to generate a "fake" certificate and use that
> instead.  Typically, a real certificate is generated by someone like
> VeriSign, and the certificate is digitally signed by them.  Since they
> are a root Certifying Authority, the certificate is trusted as being
> valid as long as it is associated with the correct URL.  
> 
> I forget how to generate the fake one exactly, but I would check the
> keystore documentation that comes with the jdk, and if that fails go to
> the ssl api doc.  Once the certificate is generated by you, I *think*
> you just need to import it into the keystore.  At that point, you have
> certified that you trust it, and it should get used.  
> 
> Be careful that you import it into the right keystore.  I seem to
> remember that there are more than one of them lying around in the
> install(s), and I was never fully sure which one was used.
> 
> Hope this is of some use.
> 
> -ty
> 
> -----Original Message-----
> From: cfowler [mailto:cfowler@outpostsentinel.com] 
> Sent: Monday, February 03, 2003 11:29 AM
> To: Jefferson Silva
> Cc: ajug-members@ajug.org
> Subject: Re: SSL Problems
> 
> I'll forward this to the list for more reponses.
> 
> A while back I did get a response and sample code.  But that code
> overrode deprecated methods.  And that did not work.
> 
> 
> 
> On Mon, 2003-02-03 at 11:13, Jefferson Silva wrote:
> > Hi, 
> > 
> > I'm trying to create a client to access my server, and I got the same
> > problem
> > you got some time. I saw your post to the forum. Have you got a
> solution
> > for your problem ? If so, could you help me ?
> > 
> > I'm trying to do almost the same you've tried.
> > 
> > Thanks a lot
> > Regards,
> > Jefferson
> > 
> > 
> > SSL Refusal
> > 
> > *	To: ajug-members@ajug.org <mailto:ajug-members@ajug.org> 
> > *	Subject: SSL Refusal 
> > *	From: "Christopher Fowler" <cfowler@outpostsentinel.com
> > <mailto:cfowler@outpostsentinel.com>> 
> > *	Date: Tue, 08 Oct 2002 17:47:46 -0400 
> > *	Reply-To: cfowler@outpostsentinel.com
> > <mailto:cfowler@outpostsentinel.com> 
> > 
> > I use https on my server but do not have a trusted certificate.  I use
> 
> > it strictly for the encryption capabilites.  Do I need to enable a 
> > switch in the URL connection to be able to get past this error:
> > 
> > 
> > javax.net.ssl.SSLHandshakeException: 
> > java.security.cert.CertificateException: Couldn't find trusted 
> > certificate
> >         at
> com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> >         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> >         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> >         at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> >         at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> >         at com.sun.net.ssl.int
> > 
> > 
> 
> 
>

Follow-Ups:
- RE: SSL Problems
  - From: "Ty Connell" <tconnell@tda-i.com>

References:
- RE: SSL Problems
  - From: "Ty Connell" <tconnell@tda-i.com>

Prev by Date: RE: SSL Problems
Next by Date: RE: SSL Problems
Prev by thread: RE: SSL Problems
Next by thread: RE: SSL Problems
Index(es):
- Date
- Thread