|
I have seen this sort of issue before and the fix is fairly simple.Contrary to what another poster said, you can use the *SYSTEM certificate store on your iSeries system.
All you need to do is go to the Entrust web site and get their root certificate.
After that you import it using the digital certificate manager.Select the *SYSTEM certificate store, enter the password and then manage certificates -> import certificate. Select certificate authority (CA) and then specify the location in the IFS where you saved the root CA file.
When finished you will see the new Entrust CA it will be recognized and the error should go away.
Thanks, Todd At 04:42 PM 12/13/2006, you wrote:
Hi, Gary, your name was on some of the archive entries I already read. Here's what I am trying to do: I am trying to send a file to an HTTPS URL. I'm using Apache HttpClient to do this, and here's the Java code I wrote to do that:HttpClient client = new HttpClient(); client.getHostConfiguration().setProxy( System.getProperty("http.proxyHost"), Integer.parseInt(System.getProperty("http.proxyPort"))); PostMethod method = new PostMethod("https://xxxxxxxxxxxxxxxxx";); int status = client.executeMethod(method); InputStream response = method.getResponseBodyAsStream();This is just code to test that the connection is being made, normally I would be attaching a file. I also have jcert.jar, jnet.jar, and jsse.jar in my classpath. (I get the same results if they aren't, but they are in the classpath for the production application.)The client's certificate was issued by "Entrust.net Secure Server Certification Authority" and it hasn't expired yet.I did a little more testing. On the machine where I set up a certificate authority I get the message "Certificate is not signed by a trusted certificate authority". On another machine where there is no certificate authority set up, I get the message "javax.net.ssl.SSLException: The value specified for the argument is not correct". (It doesn't say what argument.) The errors occur at the call to executeMethod().Obviously I'm confused too. And obviously I'm not understanding this SSL business properly. I wouldn't have expected to have to do any setup on the client at all just to communicate to an HTTPS server, but initially when I tried I was getting errors that suggested to me that I needed some kind of certificate. (That was a month ago before another project took priority, and now I don't have my notes on what happened back then.)Regards PC2 -----Original Message-----From: java400-l-bounces@xxxxxxxxxxxx [mailto:java400-l-bounces@xxxxxxxxxxxx] On Behalf Of Gary L PeskinSent: December 13, 2006 11:51 To: 'Java Programming on and around the iSeries / AS400' Subject: RE: Java and HTTPSI'm very confused here. If you are sending a file to a business partner using HTTPS, normally your business partner will not require a client side certificate which is what you created. In other words, you would connect to the HTTPS server, it would present its certificate, you would validate that and go from there.Can you tell us exactly what you're trying to do? How are you sending the file? Is this via a homegrown java program or what? Can you access the client via a web browser? If so, you can examine the certificate presented by the server and see who his CA is and diagnose from there.Gary
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
