Hey i m using jakarta common-httpclient to connect to a secure site for some stuff. The problem is that, i m behind the proxy which results in the follwing error. :: : javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
- > The same code if i m runnig whithout using a proxy works fine. Can anyone please help me out how to resolve this certification problem , when i m trying to connect to a URL from behind the proxy.
Please find the Code below. : ------------------------------------------- import java.io.IOException;
The solution will depend on tracking down the real issue. The proxy may be missing a certificate from its trust certificate store or the site you are connecting to may not have been issued by a trusted source.
The handshake error indicates that one of the parties is trying to check the other's certificate and isn't finding that certificate chained to a certificate that is in its own list of trusted certificates.
Trusted Certificate (verisign or other certificate issuer) | Site Certificate
Try to take a look at the certificates that the proxy and the site you are connecting to. Do you control the proxy or is that someone else's? One way to have the certificate presented to you when you browse to a site is to type their server name different e.g. https://paypal.com instead of https://www.paypal.com. I'm using Internet Explorer 6.0, may behave differently with other browser or if configured differently. When I use https://paypal.com I get a popup that says there's a problem with the certificate, do I want to proceed. One of the buttons is "View Certificate". Hit that button. Select the "certification path" tab. The certificate at the top of the chain is "VeriSign Class 3 Public Primary CA" a trusted certificate issuer that is included by default in most trust stores (for example the default cacerts included with jre). I've seen development sites that don't have their certificate chained to anything at all.
When we had a problem like this it was because our company had started to issue its own certificates and that corporate trusted certificate was not in the JDK/JRE installation. Our solution was to import the trusted CA cert into the jre's trusted cert store jdk1.x.x_x\jre\lib\security\cacerts using keytool. [ March 29, 2005: Message edited by: Carol Enderlin ]
Joined: Jul 09, 2004
Hey Carol Enderlin, thanks a lot for the reply. Can you please explain that do we need to have trusted certificate at both end say at myend and as well as the site i m trying to connect to. i have passed my proxy settings, so i have now the direct connection so no Proxy. still im getting this error , i m trying to connect to "https//secure.authorize.net". I have checkek there certificate details and they are fine. but i m still getting the same error...any sort of help will be appreciated...
looking for QUICK response......
Joined: Oct 10, 2000
Ease Up...I don't usually rush to provide an answer when I see statements like "looking for QUICK response......". As a matter of fact, I usually go answer other questions first.
I don't really know what your setup is. My experience was with one-way SSL; a server of ours not running securely needed to connect to a secure server and didn't trust their CA certificate. I had to get their CA certificate installed as a trusted CA cert in our server's cacerts keystore.
Are you running SSL or not? Web App or regular java application or? What java version? How is your SSL configured? Does your certificate have a trusted cert signed by a standard signing authority? Looks like the URL you posted has a cert signed by verisign. At casual glance it looks like one of the usual ones.
Unless your servers are configured differently the standard cert trust store I already pointed you to cacerts:
Java Standard Trust Keystore: JAVA_HOME/jre/lib/security/cacerts Indicates the use of the Java Standard Trust keystore provided by the JDK. The Java Standard Trust keystore is located in JAVA_HOME/jre/lib/security/cacerts.
Joined: Oct 10, 2000
I'm not a user of the package you're using, did you try looking at their trouble shooting info?