SSL - certificate expired
CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 6 of 6

Thread: SSL - certificate expired

  1. #1
    Join Date
    Feb 2004
    Location
    Germany
    Posts
    48

    SSL - certificate expired

    hi there,

    i need to access to a script over ssl, but the date of the certificate is expired.
    is there any ability to to bypass this certificate, which is out of date ?

    im using org.apache.commons.httpclient, and the code looks like this:

    Code:
          PostMethod post = new PostMethod("https://192.168.0.11:443");
          
            post.setRequestEntity(new InputStreamRequestEntity( new FileInputStream(input), input.length()));
            
            post.setRequestHeader("Content-type", "text/xml; charset=ISO-8859-1");
            
            HttpClient httpclient = new HttpClient();
            
                // Execute request
                try {
                int result = httpclient.executeMethod(post);
                
                System.out.println("Response body: ");
                System.out.println(post.getResponseBodyAsString());
            } finally {
                
                // Release current connection
                post.releaseConnection();
            }
    with this error message:

    javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Fri Dec 19 11:03:00 CET 2003
    ...
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:393)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
    at de.bi.http.PostXmlFile.main(PostXmlFile.java:97)
    Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Dec 19 11:03:00 CET 2003
    at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:268)
    at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:524)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275)
    at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275)
    ... 17 more
    Exception in thread "main"
    any idea?

    -----------------------------------------
    Peter

  2. #2
    Join Date
    Jul 2004
    Posts
    25

    Re: SSL - certificate expired

    Take a look at:
    http://jakarta.apache.org/commons/ht.../sslguide.html

    Important part:
    The default behaviour of HttpClient is suitable for most uses, however there are some aspects which you may want to configure. The most common requirements for customizing SSL are:

    * Ability to accept self-signed or untrusted SSL certificates. This is highlighted by an SSLException with the message Unrecognized SSL handshake (or similar) being thrown when a connection attempt is made.
    * You want to use a third party SSL library instead of Sun's default implementation.
    Later they discuss the org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory (source found at:
    http://cvs.apache.org/viewcvs.cgi/ja...CH&view=markup

    And in using this socket factory, you should be able to get to un-trusted SSL sites. Give it a shot.

    -Chris

  3. #3
    Join Date
    Feb 2004
    Location
    Germany
    Posts
    48

    Re: SSL - certificate expired

    hi cknoll,

    the way you described is exactly what i tried to do.
    the biggest problem while customizing my EasyProtocolSocketFactory
    was to initialize the context.

    In the manual they used context.init(null,new TrustManager[]{...},null),
    which wont work. with using the 3rd parameter it runs properly.

    Code:
             SSLContext context = SSLContext.getInstance("SSL");
               
                context.init(
                        null,           
                        new TrustManager[] {(TrustManager)new EasyX509TrustManager(null)}, 
                        new SecureRandom() );
    also its important to keep javax.net.ssl apart from com.sun.net.ssl.
    now it works.

    thanks for your advice !

    Peter

  4. #4
    Join Date
    Jan 2006
    Posts
    1

    Re: SSL - certificate expired

    Peter,

    Can you post your correct code ? I'm with the same trouble...

  5. #5
    Join Date
    Dec 2006
    Posts
    1

    Re: SSL - certificate expired

    Hi Peter,

    I am new member of code guru. Can you post your correct code on this pls? I'm with the same trouble...

  6. #6
    Join Date
    May 2010
    Posts
    1

    Re: SSL - certificate expired

    It's nice....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Windows Mobile Development Center


Click Here to Expand Forum to Full Width

This is a CodeGuru survey question.


Featured


HTML5 Development Center