SSL - certificate expired
hi there,
i need to access to a script over ssl, but the date of the certificate is expired.
is there any ability to to bypass this certificate, which is out of date ?
im using org.apache.commons.httpclient, and the code looks like this:
Code:
PostMethod post = new PostMethod("https://192.168.0.11:443");
post.setRequestEntity(new InputStreamRequestEntity( new FileInputStream(input), input.length()));
post.setRequestHeader("Content-type", "text/xml; charset=ISO-8859-1");
HttpClient httpclient = new HttpClient();
// Execute request
try {
int result = httpclient.executeMethod(post);
System.out.println("Response body: ");
System.out.println(post.getResponseBodyAsString());
} finally {
// Release current connection
post.releaseConnection();
}
with this error message:
Quote:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Fri Dec 19 11:03:00 CET 2003
...
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:393)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
at de.bi.http.PostXmlFile.main(PostXmlFile.java:97)
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Dec 19 11:03:00 CET 2003
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:268)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:524)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275)
... 17 more
Exception in thread "main"
any idea?
-----------------------------------------
Peter
Re: SSL - certificate expired
Take a look at:
http://jakarta.apache.org/commons/ht.../sslguide.html
Important part:
Quote:
The default behaviour of HttpClient is suitable for most uses, however there are some aspects which you may want to configure. The most common requirements for customizing SSL are:
* Ability to accept self-signed or untrusted SSL certificates. This is highlighted by an SSLException with the message Unrecognized SSL handshake (or similar) being thrown when a connection attempt is made.
* You want to use a third party SSL library instead of Sun's default implementation.
Later they discuss the org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory (source found at:
http://cvs.apache.org/viewcvs.cgi/ja...CH&view=markup
And in using this socket factory, you should be able to get to un-trusted SSL sites. Give it a shot.
-Chris
Re: SSL - certificate expired
hi cknoll,
the way you described is exactly what i tried to do.
the biggest problem while customizing my EasyProtocolSocketFactory
was to initialize the context.
In the manual they used context.init(null,new TrustManager[]{...},null),
which wont work. with using the 3rd parameter it runs properly.
Code:
SSLContext context = SSLContext.getInstance("SSL");
context.init(
null,
new TrustManager[] {(TrustManager)new EasyX509TrustManager(null)},
new SecureRandom() );
also its important to keep javax.net.ssl apart from com.sun.net.ssl.
now it works.
thanks for your advice :thumb: !
Peter
Re: SSL - certificate expired
Peter,
Can you post your correct code ? I'm with the same trouble...
Re: SSL - certificate expired
Hi Peter,
I am new member of code guru. Can you post your correct code on this pls? I'm with the same trouble...
Re: SSL - certificate expired