SSLHandshakeException
Recently at work I have been having to use Java and HTTPS for a portlet project that we are working on. For obvious reasons, we want the portals to use HTTPS as a means of communication for private data to prevent people from being able to intercept the data.
A big problem that has caught a couple of us out has been how java manages the certificates and the SSL handshake. It took me ages to find out what the problem was, and many Google searches. Eventually I found out, and I am going to try and help other out there by saying how to get rid of this exception.
The problem I had was that the CA (Certificate Authority) certificate was missing from my java cacerts file. For those who dont know, the CA are companies which certify who the certificate holder is who they say they are. The idea being that you trust the CA, so therefore you trust the holder. To make sure that the certificate is valid, the client and server will use both certs to verify a connection.
Unlike browsers, which cleverly download the SA cert if it is not present to do the authentication, java needs the CA cert to be already installed in the cacerts truststore. Use the instructions below to install the CA certificate (on a windows PC).
- Save a copy of the CA certificate to your computer. I’ll let you work out how to do this.
- Open up a DOS command prompt.
- You now need to run the keytool program shipped with java. The syntax is
keytool -import -trustcacerts -alias [name of CA] -file [path to the CA certificat you just saved] -keystore [path to the cacerts file] - change the bits above in the [] to the correct paths. The ususal path for the cacerts is %JAVA_INSTALL_DIR%/jre/lib/security
- If you get prompted for a password, it is changeit
You will then need to restart your java app, and then hopefully it should work.
Oh, and on a different note, Google follow this please -> Therapy: Hair, Body, Nails
May 2nd, 2008 at 3:19 pm
Wow, certificates are easy, if you know the Ghosty way of doing them
woot!