× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. JAVA400-L
  3. December 2006

RE: Java and HTTPS

That java program you're using seems fine.  I use a similar one all the time
without problems.

You do not need a client certificate on your side so setting up your own CA
and generating a certificate from that doesn't really help this problem.  It
seems that validating the certificate from the remote site is the problem.

Make sure that you have a *SYSTEM certificate store set up.  When you go
into the Digital Certificate Manager, you should see a "Select a Certificate
Store" button on the left.  Click that and you should see *SYSTEM as one of
your options.  If this isn't set up, you need to set up the *SYSTEM
certificate store.  This is easy to do and is shown in the InfoCenter.  I
suspect this is already set up because I think it's set up automatically
when you created your Local CA.

After you've signed in to the *SYSTEM certificate store, click on the left
on Manage Certificates and then View Certificate and then Cerificate
Authority.  You should see the CA certificate for Entrust in there.  I just
checked my system, which is pretty vanilla and it does not seem to be
supplied by IBM so you'll have to import it.

The easiest way to import the correct certificate is to look at the cert in
your web browser Certificate viewer.  In IE anyway, click on the
certification path tab, highlight the topmost certificate, click "View
Certificate", click on the "Details" tab then click "Copy to file...".  Copy
the file to an IFS directory on your 400.  If you FTP it, be sure you do so
in binary mode.  In DCM, click on Manage Certificates -> Import Certificate
-> Certificate Authority.  Then click Continue and go from there.

If you're still having problems, there is a way to turn on tracing but I'd
have to look it up and I'm rushing at the moment.

HTH,
Gary


-----Original Message-----
From: java400-l-bounces@xxxxxxxxxxxx 
[mailto:java400-l-bounces@xxxxxxxxxxxx] On Behalf Of Clapham, Paul
Sent: Wednesday, December 13, 2006 1:42 PM
To: Java Programming on and around the iSeries / AS400
Subject: RE: Java and HTTPS

Hi, Gary, your name was on some of the archive entries I 
already read. Here's what I am trying to do: I am trying to 
send a file to an HTTPS URL. I'm using Apache HttpClient to 
do this, and here's the Java code I wrote to do that:


HttpClient client = new HttpClient();
client.getHostConfiguration().setProxy(
                              System.getProperty("http.proxyHost"),
                              
Integer.parseInt(System.getProperty("http.proxyPort")));
PostMethod method = new PostMethod("https://xxxxxxxxxxxxxxxxx";);
int status = client.executeMethod(method);
InputStream response = method.getResponseBodyAsStream();


This is just code to test that the connection is being made, 
normally I would be attaching a file. I also have jcert.jar, 
jnet.jar, and jsse.jar in my classpath. (I get the same 
results if they aren't, but they are in the classpath for the 
production application.)

The client's certificate was issued by "Entrust.net Secure 
Server Certification Authority" and it hasn't expired yet.

I did a little more testing. On the machine where I set up a 
certificate authority I get the message "Certificate is not 
signed by a trusted certificate authority". On another 
machine where there is no certificate authority set up, I get 
the message "javax.net.ssl.SSLException: The value specified 
for the argument is not correct". (It doesn't say what 
argument.) The errors occur at the call to executeMethod().

Obviously I'm confused too. And obviously I'm not 
understanding this SSL business properly. I wouldn't have 
expected to have to do any setup on the client at all just to 
communicate to an HTTPS server, but initially when I tried I 
was getting errors that suggested to me that I needed some 
kind of certificate. (That was a month ago before another 
project took priority, and now I don't have my notes on what 
happened back then.)

Regards
PC2

-----Original Message-----
From: java400-l-bounces@xxxxxxxxxxxx 
[mailto:java400-l-bounces@xxxxxxxxxxxx] On Behalf Of Gary L Peskin
Sent: December 13, 2006 11:51
To: 'Java Programming on and around the iSeries / AS400'
Subject: RE: Java and HTTPS

I'm very confused here.  If you are sending a file to a 
business partner using HTTPS, normally your business partner 
will not require a client side certificate which is what you 
created.  In other words, you would connect to the HTTPS 
server, it would present its certificate, you would validate 
that and go from there.

Can you tell us exactly what you're trying to do?  How are 
you sending the file?  Is this via a homegrown java program 
or what?  Can you access the client via a web browser?  If 
so, you can examine the certificate presented by the server 
and see who his CA is and diagnose from there.

Gary

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.