[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jessie-discuss] Re: please help me.
|
From: |
Martin Egholm Nielsen |
|
Subject: |
Re: [Jessie-discuss] Re: please help me. |
|
Date: |
Wed, 20 Sep 2006 08:43:42 +0200 |
|
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050319 |
Hi,
Haoyang Lin wrote:
> *got the errors at the testclient:*
>
> javax.net.ssl.SSLPeerUnverifiedException: could not verify peer
> certificate:
> C=US,ST=CA,L=City,CN=localhost,address@hidden
> <mailto:address@hidden>
You need to set up a trusted key store that contains the certificate
that signed the server certificate you are using.
Alternatively, you can set the security property
"jessie.certificate.handler" to
"org.metastatic.jessie.ConsoleCertificateHandler". That will make
jessie ask you if it is OK to connect to a sever that presented an
unverifiable certificate.
What about registering a new trust-manager (at least that is what I do):
HostnameVerifier hv = new HostnameVerifier()
{
public boolean verify(String urlHostName, SSLSession session)
{
// System.out.println("Warning: URL Host: " + urlHostName + " vs. "
// + session.getPeerHost());
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
TrustManager[] trustAll = new javax.net.ssl.TrustManager[] { new
javax.net.ssl.X509TrustManager()
{
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType)
{
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType)
{
}
} };
try
{
javax.net.ssl.SSLContext sc =
javax.net.ssl.SSLContext.getInstance("SSL");
sc.init(null, trustAll, new java.security.SecureRandom());
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc
.getSocketFactory());
}
catch (Exception e)
{
// HACK - handle if this happens!
e.printStackTrace();
}