Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Problem accepting trusted certificates

2 views
Skip to first unread message

Dirk McCormick

unread,
May 1, 2006, 10:21:14 AM5/1/06
to
Hi,

I am developing an application that needs to pull some information from
an airline's site, https://www.flykingfisher.biz

When I try to connect to the site using an SSL socket it throws an
exception because the certificate has expired, or because the signing
authority is not trusted. This seems to change depending on the time of
day, I think they're still messing around with their certificates.

Anyway I imported the kingfisher certificate, and a verisign test
certificate which is used to sign it using keytool.

ie:
C:\tmp>"C:\j2sdk1.4.2_10\bin\keytool.exe" -import -keystore
"C:\j2sdk1.4.2_10\jre\lib\security\cacerts" -storepass changeit -alias
verisignTestCert -file verisignTest.cer

I am still getting the same problem.

I don't have access to the part of the source code that does the SSL
connection so I can't implement an "accept all" security manager. Is
there some way of adding kingfisher's site to a known hosts file or
something until they sort out their certificate issues?

Thanks,
Dirk

Dirk McCormick

unread,
May 2, 2006, 2:04:27 AM5/2/06
to
Turns out there were two JDKs on my machine and I installed the
certificates in the wrong one.

For posterity, here's how to ignore/bypass an expired/invalid
certificate without changing your java code.

In order to add a certificate from a website to your JVM do the
following:

1. In Internet Explorer, go to the website. It will give you a Security
Alert dialog and say what the problem with the certificate is. Click
"View Certificate". Click the Details tab. Click copy to file and
follow the Certificate Export Wizard. Save using the format "DER
encoded binary X.509 (.CER)".

2. Repeat the process, and this time after clicking "View Certificate"
click the "Certification Path" tab. If there are any other certificates
in the certification path, export these to file as well.

3. Go to the directory where you saved the certificate, and run keytool
to import it:


C:\tmp>"C:\j2sdk1.4.2_10\bin\keytool.exe" -import -keystore
"C:\j2sdk1.4.2_10\jre\lib\security\cacerts" -storepass changeit -alias
verisignTestCert -file verisignTest.cer

where verisignTest.cer is the name of the certificate file you exported
from IE.

4. Repeat this process for each certificate you exported in IE.

Hope this helps someone in future.

To facilitate a newsgroup keyword search:
ignore bypass by pass certificate JVM java JDK expired
CertificateExpiredException InvalidCertificateException SSL
CertificateException CertificateNotYetValidException invalid website
firefox internet explorer

Dirk

0 new messages