Databases
StackOverflow2013
Postsdbo
POJava client certificates over HTTPS/SSL
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POJava client certificates over HTTPS/SSL
    text
    copied!<p>I am using Java 6 and am trying to create an <code>HttpsURLConnection</code> against a remote server, using a client certificate.<br> The server is using an selfsigned root certificate, and requires that a password-protected client certificate is presented. I've added the server root certificate and the client certificate to a default java keystore which I found in <code>/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/security/cacerts</code> (OSX 10.5). The name of the keystore file seems to suggest that the client certificate is not supposed to go in there?</p> <p>Anyway, adding the root certificate to this store solved the infamous <code>javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed' problem.</code></p> <p>However, I'm now stuck on how to use the client certificate. I've tried two approaches and neither gets me anywhere.<br> First, and preferred, try:</p> <pre><code>SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); URL url = new URL("https://somehost.dk:3049"); HttpsURLConnection conn = (HttpsURLConnection)url.openConnection(); conn.setSSLSocketFactory(sslsocketfactory); InputStream inputstream = conn.getInputStream(); // The last line fails, and gives: // javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure </code></pre> <p>I've tried skipping the HttpsURLConnection class (not ideal since I want to talk HTTP with the server), and do this instead:</p> <pre><code>SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket("somehost.dk", 3049); InputStream inputstream = sslsocket.getInputStream(); // do anything with the inputstream results in: // java.net.SocketTimeoutException: Read timed out </code></pre> <p>I am not even sure that the client certificate is the problem here.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload