Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Java Essentials >> Java Programming

https connection -- connection problems

I had the following code to connect to a site on a server. It worked fine, now the server is using https, which causes the error

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Couldn't find trusted certificate

java.util.Properties propSy = System.getProperties();

propSy.put("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");

System.setProperties(propSy);

java.security.Security.insertProviderAt(new sun.security.provider.Sun(),2);

java.security.Security.addProvider(new sun.security.provider.Sun());

java.security.Security.insertProviderAt(new com.sun.net.ssl.internal.ssl.Provider(),1);

System.setProperty("javax.net.ssl.trustStore","keystore_filename");

java.security.Provider myprov = java.security.Security.getProvider("SunJSSE");

HttpsURLConnection c;

try{

URL url =new URL ( rptUrl );

c = (HttpsURLConnection)url.openConnection();

//set cache and request method settings

c.setUseCaches(false);

//set other headers

c.setRequestProperty ("Content-Type","application/pdf");

//connect to the server..

c.connect();

}

I have saved the certificate for reference and I assume to I need to tell the program to look at that but this will happen every time there is a new certificate (the program needs to look at different servers), so is there a way to trust-all sites or something to get this to work? I've looked on other forums and they mention this but I'm not clear how to do it exactly.

Changing the HttpURLConnection object to HttpsURLConnection throws up a 'java.lang.ClassCastException' error coz its an abstract class.. Any ideas? Thanks a lot

[2276 byte] By [uninvitedma] at [2007-11-27 6:26:13]
«« getting a fatal relocation error while using a sudo command.
»» is there any chance to install sunstudio 12 on slackware 11?
# 1

> propSy.put("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");

>

>System.setProperties(propSy);

> java.security.Security.insertProviderAt(new sun.security.provider.Sun(),2);

> java.security.Security.addProvider(new sun.security.provider.Sun());

> java.security.Security.insertProviderAt(new com.sun.net.ssl.internal.ssl.Provider(),1);

Get rid of all that, it's been obsolete for years. Unless you are still running 1.3?

> java.security.Provider myprov =

> java.security.Security.getProvider("SunJSSE");

Get rid of that too, what's the point?

> I have saved the certificate for reference and I

> assume to I need to tell the program to look at that

> but this will happen every time there is a new

> certificate (the program needs to look at different

> servers), so is there a way to trust-all sites or

> something to get this to work?

There is, but there is no point in using SSL if you are prepared to trust all sites. Your client has to trust your server, which means the client's truststore has to trust the server's certificate, i.e. it has to contain the certificate of one of the signers of the server's certificate chain. If the server is using a self-signed certificate you will have to import it into the client's trustire yourself, if you trust that server. A server isn't supposed to do that, it's supposed to use a certificate signed by a trusted CA, which will work out of the box.

> Changing the HttpURLConnection object to

> HttpsURLConnection throws up a

> 'java.lang.ClassCastException' error coz its an

> abstract class.

No it doesn't. It throws a ClassCastException because you are casting to the wrong type. If you're using 1.4 or later make sure you are importing javax.net.ssl.HttpsURLConnection, not the old 1.3/JSSE one.

ejpa at 2007-7-12 17:46:50 > top of Java-index,Java Essentials,Java Programming...
# 2

> so is there a way to trust-all sites

I had a similar problem a few months ago when I had to connect to a https site using a faulty certificate. This is a dirty and potentially dangerous hack which works for me:

/* packages you'll need:

- java.security

- java.security.cert

- javax.net.ssl

*/

// dummy trust manager

public class TrustEmAll implements X509TrustManager {

public X509Certificate[] getAcceptedIssuers() {

return new X509Certificate[0];

}

public void checkClientTrusted(X509Certificate[] certs, String authType) {}

public void checkServerTrusted(X509Certificate[] certs, String authType) {}

}

/* in your connecting class: */

SSLSocketFactory oldFactory = HttpsURLConnection.getDefaultSSLSocketFactory();

SSLContext sslContext = SSLContext.getInstance("SSL");

sslContext.init(null, new TrustManager[] {new TrustEmAll()}, new SecureRandom());

HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());

/* connect and do stuff here */

// set back to the original socket factory (perferable in a finally clause)

HttpsURLConnection.setDefaultSSLSocketFactory(oldFactory);

quittea at 2007-7-12 17:46:50 > top of Java-index,Java Essentials,Java Programming...
# 3

Hi, thanks for the replies. Well I'm still getting the class cast exception so I haven't tried your suggestion yet, quitte. Well I have but the connection part is throwing that error!

I have 'import javax.net.ssl.HttpsURLConnection' and I am using Jdk1.4. Any suggestions on how to get round this? Thanks a lot

uninvitedma at 2007-7-12 17:46:50 > top of Java-index,Java Essentials,Java Programming...
Java Essentials
Java Programming

Java Essentials New Topic

Java Essentials Hot Topic

Java Essentials

All Classified