| update manager isn't working through https [message #38497] |
Mon, 19 May 2003 14:51  |
Eclipse User |
|
|
|
Originally posted by: cmbrandt.us.InternationalBusinessMachines.com
Hi,
I'm having a problem accessing an eclipse plugin download site through
https. I'm getting the following errors:
Unable to access "https://<site-removed>/<path-removed>/".
Unable to access Site stream: https://<site-removed>/<path-removed>/"
[Could not find trusted certificate]
Unable to access Site stream:
https://<site-removed>/<path-removed>/site.xml"
[Could not find trusted certificate]
Is there some initial setup in eclipse I need to do in order to work
through https? I can access the site through a web browser without problem.
Thanks!
-Chris
|
|
|
|
|
| Re: update manager isn't working through https [message #40976 is a reply to message #40664] |
Tue, 20 May 2003 18:03  |
| Eclipse User |
|
|
|
Originally posted by: birsan.nospam.ca.ibm.com
Chris,
I searched the newsgroups a bit and found this posting that may help you:
------ begin newsgroup quote ------------------------------
That's normal for self-signed certificates. You don't want your code to
automatically trust a certificate and establish encryption with it if you
don't really know where it came from. If you want to test with a
self-signed certificate, you can add it to the list of "cacerts" that the
JSSE implementation trusts. Here are a relevant few paragraphs from Sun's
JSSE 1.0.2 Guide:
------------------------------------------------------------ ----------------
-
When running the sample programs that create a secure socket connection
between a client and a server, you will need to make the appropriate
certificates file (truststore) available. For both the client and the server
programs, you should use the certificates file samplecacerts, located in the
directory <ExtractDir>/samples. Using this certificates file will allow the
client to authenticate the server. The file contains all the common
Certification Authority certificates shipped with J2SDK (in the cacerts
file), plus a certificate for "duke" needed by the client to authenticate
"duke" when communicating with the sample server ClassFileServer.
(ClassFileServer uses a keystore containing the private key for "duke" which
corresponds to the public key in samplecacerts. )
To make the samplecacerts file available to both the client and the server,
you can either copy it to the file <java-home>/lib/security/jssecacerts,
rename it cacerts and use it to replace the <java-home>/lib/security/cacerts
file, or add the following option to the command line when running the java
command for both the client and the server:
-Djavax.net.ssl.trustStore=path_to_samplecacerts_file
The password for the samplecacerts truststore is changeit. You can
substitute your own certificates in the samples, using keytool.
----------- end newsgroup quote --------------------
"Chris Mildebrandt" <cmbrandt@us.InternationalBusinessMachines.com> wrote in
message news:badod2$n82$1@rogue.oti.com...
> Hi,
>
> I'm using JDK1.4.0_01-b03, and it seems to have support for https
> through the jsse.jar. Here's the stack trace I just found a few minutes
ago:
>
>
> !SUBENTRY 1 org.eclipse.update.core 4 42 May 20, 2003 13:12:08.144
> !MESSAGE Unable to access Site stream:
> "https://<site-removed>/<path-removed>/site.xml" [Could not find trusted
> certificate]
> !STACK 0
> javax.net.ssl.SSLHandshakeException: Could not find trusted certificate
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275)
> at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage (DashoA6275)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Dasho A6275)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA627 5)
> at java.io.OutputStream.write(OutputStream.java:58)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Da shoA6275)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA62 75)
> at
>
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnectio n.connect(DashoA
6275)
> at
>
sun.net.www.protocol.http.HttpURLConnection.getInputStream(H ttpURLConnection
..java:562)
> at
>
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputSt ream(DashoA6275)
> at
>
org.eclipse.update.internal.core.ConnectionThreadManager$Str eamRunnable.run(
ConnectionThreadManager.java:76)
> at java.lang.Thread.run(Thread.java:536)
>
>
> Thanks for any help you can give!
> -Chris
>
>
> dorian birsan wrote:
> > Https support is automatically picked up by the update manager from the
JDK.
> > Depending on the JDK version you are using, the https support may or may
not
> > be part of your JDK.
> > I think 1.4 has built-in support, but for 1.3.1 you will need to install
the
> > https extension.
> >
> > -Dorian
> >
> > "Chris Mildebrandt" <cmbrandt@us.InternationalBusinessMachines.com>
wrote in
> > message news:bab92s$m02$1@rogue.oti.com...
> >
> >>Hi,
> >>
> >>I'm having a problem accessing an eclipse plugin download site through
> >>https. I'm getting the following errors:
> >>
> >>Unable to access "https://<site-removed>/<path-removed>/".
> >>
> >>Unable to access Site stream: https://<site-removed>/<path-removed>/"
> >>[Could not find trusted certificate]
> >>
> >>Unable to access Site stream:
> >>https://<site-removed>/<path-removed>/site.xml"
> >>[Could not find trusted certificate]
> >>
> >>
> >>Is there some initial setup in eclipse I need to do in order to work
> >>through https? I can access the site through a web browser without
> >
> > problem.
> >
> >>Thanks!
> >>-Chris
> >>
> >
> >
> >
>
|
|
|
| Re: update manager isn't working through https [message #43923 is a reply to message #40976] |
Thu, 22 May 2003 11:39 |
| Eclipse User |
|
|
|
Originally posted by: cmbrandt.us.InternationalBusinessMachines.com
Dorian,
Thanks for your help! that did the trick. I'm still a little surprised
eclipse wouldn't just grab the cert and ask permission to install it.
Thanks again!!
-Chris
dorian birsan wrote:
> Chris,
>
> I searched the newsgroups a bit and found this posting that may help you:
>
> ------ begin newsgroup quote ------------------------------
>
> That's normal for self-signed certificates. You don't want your code to
> automatically trust a certificate and establish encryption with it if you
> don't really know where it came from. If you want to test with a
> self-signed certificate, you can add it to the list of "cacerts" that the
> JSSE implementation trusts. Here are a relevant few paragraphs from Sun's
> JSSE 1.0.2 Guide:
>
> ------------------------------------------------------------ ----------------
> -
> When running the sample programs that create a secure socket connection
> between a client and a server, you will need to make the appropriate
> certificates file (truststore) available. For both the client and the server
> programs, you should use the certificates file samplecacerts, located in the
> directory <ExtractDir>/samples. Using this certificates file will allow the
> client to authenticate the server. The file contains all the common
> Certification Authority certificates shipped with J2SDK (in the cacerts
> file), plus a certificate for "duke" needed by the client to authenticate
> "duke" when communicating with the sample server ClassFileServer.
> (ClassFileServer uses a keystore containing the private key for "duke" which
> corresponds to the public key in samplecacerts. )
>
> To make the samplecacerts file available to both the client and the server,
> you can either copy it to the file <java-home>/lib/security/jssecacerts,
> rename it cacerts and use it to replace the <java-home>/lib/security/cacerts
> file, or add the following option to the command line when running the java
> command for both the client and the server:
>
> -Djavax.net.ssl.trustStore=path_to_samplecacerts_file
> The password for the samplecacerts truststore is changeit. You can
> substitute your own certificates in the samples, using keytool.
>
|
|
|
Powered by
FUDForum. Page generated in 0.25921 seconds
Home