Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Archived Forums >> Socket Programming

How to use HTTPS with JSSE URLConnection in servlet

Hi, I have a servlet that calls another servlet using the URLConnection class. This seems to work very well if I am using http. However when trying to call it using https using JSSE I get the following error:

"javax.net.ssl.SSLHandshakeException: untrusted server cert chain."

The following is the code that I am using in the servlet:

java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

System.getProperties().put("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");

this.servlet = new URL(servletURL);

URLConnection conServlet = servlet.openConnection();

Both of these servlets are under IIS on my machine. I am able to execute each of the servlets from the browser using https directly. Does this sounds like an SSL certifcate problem or is that something in the Java code? Any ideas greatly appreciated.

[919 byte] By [gaburdeineh] at [2007-9-26 1:43:36]
«« JTable InputMap is null!
»» picking problem
# 1

Hi,

Perhaps you can create your own trust manager. I've found this example in another newsgroup: (please note that this example trusts everyone, but you can modify the trust manager as you wish)

if (putUrl.startsWith("https"))

{

//set up to handle SSL if necessary

System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");

System.setProperty("javax.net.debug", "ssl,handshake,data,trustmanager");

Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

//use our own trust manager so we can always trust

//the URL entered in the configuration.

X509TrustManager tm = new MyX509TrustManager();

KeyManager []km = null;

TrustManager []tma = {tm};

SSLContext sc = SSLContext.getInstance("ssl");

sc.init(km,tma,new java.security.SecureRandom());

SSLSocketFactory sf1 = sc.getSocketFactory();

HttpsURLConnection.setDefaultSSLSocketFactory (sf1);

}

m_url = new URL (putUrl);

....

class MyX509TrustManager implements X509TrustManager {

public boolean isClientTrusted(X509Certificate[] chain) {

return true;

}

public boolean isServerTrusted(X509Certificate[] chain) {

return true;

}

public X509Certificate[] getAcceptedIssuers() {

return null;

}

}

Hope this helps,

Kurt.

leukbr at 2007-6-29 2:37:54 > top of Java-index,Archived Forums,Socket Programming...
Archived Forums
Socket Programming

Archived Forums New Topic

Archived Forums Hot Topic

Archived Forums

All Classified