aspose file tools*
The moose likes Other Open Source Projects and the fly likes No trusted certificate found : when opeing a ssl connection from behind the proxy. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Other Open Source Projects
Bookmark "No trusted certificate found : when opeing a ssl connection from behind the proxy." Watch "No trusted certificate found : when opeing a ssl connection from behind the proxy." New topic
Author

No trusted certificate found : when opeing a ssl connection from behind the proxy.

sandeep verma
Greenhorn

Joined: Jul 09, 2004
Posts: 8
Hey
i m using jakarta common-httpclient to connect to a secure site for some stuff. The problem is that, i m behind the proxy which results in the follwing error. ::
:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)

- >
The same code if i m runnig whithout using a proxy works fine. Can anyone please help me out how to resolve this certification problem , when i m trying to connect to a URL from behind the proxy.

Please find the Code below. :
-------------------------------------------
import java.io.IOException;

import org.apache.commons.httpclient.HostConfiguration;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.PostMethod;

public class HttpsClientTest {

public static void main(String args[]) throws Exception
{
testHttpClient();
}
protected static void testHttpClient() throws IOException
{
HostConfiguration hostConfig = new HostConfiguration();
hostConfig.setProxy("proxy i.p address", port number);
hostConfig.setHost("uri", defualt ssl port number);
HttpClient httpsClient = new HttpClient();
httpsClient.setHostConfiguration(hostConfig);
PostMethod httpsPost = new PostMethod("url");
//HttpConnection httpConnection = new HttpConnection();
httpsPost.setFollowRedirects(true);
httpsClient.executeMethod(httpsPost);

String response = httpsPost.getResponseBodyAsString();

System.out.println("The Reponse is " + response);
}
}

Looking for a quick response
Thanks
Carol Enderlin
drifter
Ranch Hand

Joined: Oct 10, 2000
Posts: 1364
The solution will depend on tracking down the real issue. The proxy may be missing a certificate from its trust certificate store or the site you are connecting to may not have been issued by a trusted source.

The handshake error indicates that one of the parties is trying to check the other's certificate and isn't finding that certificate chained to a certificate that is in its own list of trusted certificates.

Trusted Certificate (verisign or other certificate issuer)
|
Site Certificate

Try to take a look at the certificates that the proxy and the site you are connecting to. Do you control the proxy or is that someone else's? One way to have the certificate presented to you when you browse to a site is to type their server name different e.g. https://paypal.com instead of https://www.paypal.com. I'm using Internet Explorer 6.0, may behave differently with other browser or if configured differently. When I use https://paypal.com I get a popup that says there's a problem with the certificate, do I want to proceed. One of the buttons is "View Certificate". Hit that button. Select the "certification path" tab. The certificate at the top of the chain is "VeriSign Class 3 Public Primary CA" a trusted certificate issuer that is included by default in most trust stores (for example the default cacerts included with jre). I've seen development sites that don't have their certificate chained to anything at all.

When we had a problem like this it was because our company had started to issue its own certificates and that corporate trusted certificate was not in the JDK/JRE installation. Our solution was to import the trusted CA cert into the jre's trusted cert store jdk1.x.x_x\jre\lib\security\cacerts using keytool.
[ March 29, 2005: Message edited by: Carol Enderlin ]
sandeep verma
Greenhorn

Joined: Jul 09, 2004
Posts: 8
Hey Carol Enderlin,
thanks a lot for the reply. Can you please explain that do we need to have trusted certificate at both end say at myend and as well as the site i m trying to connect to.
i have passed my proxy settings, so i have now the direct connection so no Proxy. still im getting this error , i m trying to connect to "https//secure.authorize.net". I have checkek there certificate details and they are fine.
but i m still getting the same error...any sort of help will be appreciated...

looking for QUICK response......

Thanks -
Carol Enderlin
drifter
Ranch Hand

Joined: Oct 10, 2000
Posts: 1364
Ease Up...I don't usually rush to provide an answer when I see statements like "looking for QUICK response......". As a matter of fact, I usually go answer other questions first.

I don't really know what your setup is. My experience was with one-way SSL; a server of ours not running securely needed to connect to a secure server and didn't trust their CA certificate. I had to get their CA certificate installed as a trusted CA cert in our server's cacerts keystore.

Are you running SSL or not? Web App or regular java application or? What java version? How is your SSL configured? Does your certificate have a trusted cert signed by a standard signing authority? Looks like the URL you posted has a cert signed by verisign. At casual glance it looks like one of the usual ones.

Unless your servers are configured differently the standard cert trust store I already pointed you to cacerts:

Java Standard Trust Keystore: JAVA_HOME/jre/lib/security/cacerts
Indicates the use of the Java Standard Trust keystore provided by the JDK. The Java Standard Trust keystore is located in JAVA_HOME/jre/lib/security/cacerts.

Carol Enderlin
drifter
Ranch Hand

Joined: Oct 10, 2000
Posts: 1364
I'm not a user of the package you're using, did you try looking at their trouble shooting info?

Troubleshooting httpclient
sandeep verma
Greenhorn

Joined: Jul 09, 2004
Posts: 8
Hey thanks a lot for all your help! It really helped me out. The solution i found is that :
we stored the cerificate of the site for which we were opening the connection on our local machine or say the server through which we were trying to open the connection and make that certificated trusted using the keytool.exe and saved it under jre\lib\security folder named carcets
pls look under
C:\j2sdk1.4.2_01\bin>keytool.exe -import -keystore C:\j2sdk1.4.2_01\jre\lib\security\cacerts -file c:\authorize.net.cer -alias a
Enter keystore password: changeit
Owner: CN=secure.authorize.net, OU=Terms of use at www.verisign.com/RPA (c)01, OU=Authorize.Net, O=InfoSpace, L=Bellevue, ST=Was
Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="
Serial number: 2e12665607c50cd242feebb03e07265e
Valid from: Tue Apr 22 05:30:00 IST 2003 until: Fri Apr 22 05:29:59 IST 2005
Certificate fingerprints:
MD5: 48:33:BB:88:55 2:E2:E2:62:66:4F:7F 8:AA:3D:0A
SHA1: 4D:1C:86:2E:63:ED:66 6:64:95:EB:8C:58:68:97:EE:CC:BB:C6:2E
Trust this certificate? [no]: yes
Certificate was added to keystore

and thats it ...
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: No trusted certificate found : when opeing a ssl connection from behind the proxy.