Help requested with Importing a website's CA certificate into my Java App

Hello everyone,
First of all, I'm not sure if this is the right category for my question, so if not please move it appropriately.
I'm creating a desktop application that will update your IPv4 address to Tunnelbroker (Hurricane Electric's IPv6 tunnel service). Right now it's about 76% complete, and I'm testing it out. My problem is this: Tunnelbroker uses their own CA Certificate (SSL) for their https:// connection, and it's not valid in Java/Netbeans. So, whenever I try to update the IPv4 address, I get the following Can't read from the Internet: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net foundThe website is https://ipv4.tunnelbroker.net (so you can verify that it's a valid site/certificate).
I've found workarounds for importing my OWN CA Certificate into the application (or Netbeans), but nothing about importing a valid third-party CA Certificate into the application (or Netbeans). I've posted this question to the Netbeans forums--but have yet to receive anything from them. Also, I've found workarounds for trusting all certificates (although I'm not sure how to implement that into my application).
What I'm looking for is either a) how to import the certificate into my application, so the user won't have to deal with it b) a workaround to bypass the security check c) any other method of getting over this hurdle.
I'd say I'm an intermediate developer, so pointing me to something like "Adding a Certificate Exception" is fine, except that I need to know whether I can take everything inside of the main method and put it as it's own method somewhere (or do I need to create an entire class for that portion).
Also, I don't necessarily want to use the "Trust All Certificates" method. Even though the end-user won't be able to change the site, I don't want to create that much of a security hole.
Thank you for any assistance in this. (As an aside note, this will enable me to finally mark another "open" question as answered, as I haven't been able to test it yet because of this issue).
Have a great day:)
Patrick.

EJP wrote:
1. It should be in the directory of the JRE, not the JDK. The end user won't have one.
2. Dunno, I would think so.
3. This is a step for the end user to perform, not you. You don't want to be telling the end user who to trust, for all kinds of legal liability reasons. You want him to decide.Hello again.
I have an update to this. I found out that the domain tunnelbroker.net is in my cacerts (at least if I run a small program to test the SSL Certificate for the site), however since it doesn't list ipv4.tunnelbroker.net as an alternative (that I can see), this is why I'm getting the SSL HandshakeException error.
Here is the script that I ran (compiled and then used java -Djavax.net.debug=all TestSSL https://ipv4.tunnelbroker.net to run it.
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLConnection;
* @author Daryl Banttari
public class TestSSL {
    public static void main(String[] args) {
        // default url:
        String urlString = "https://www.paypal.com/";
        // if any url specified, use that instead:
        if(args.length > 0) {
            urlString = args[0];
        System.out.println("Connecting to " + urlString + "...");
        try {
            // convert user string to URL object
            URL url = new URL(urlString);
            // connect!
            URLConnection cnx = url.openConnection();
            cnx.connect();
            // read the page returned
            InputStream ins = cnx.getInputStream();
            BufferedReader in = new BufferedReader(new InputStreamReader(ins));
            String curline;
            while( (curline = in.readLine()) != null ) {
                System.out.println(curline);
            // close the connection
            ins.close();
        catch(Throwable t) {
            t.printStackTrace();
}And here are the results of the complete debugging ***** WARNING there's a lot here ****
>
Connecting to https://ipv4.tunnelbroker.net...
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: /usr/lib/jvm/java-6-openjdk/jre/lib/security/jssecacerts
trustStore type is : jks
trustStore provider is :
init truststore
< ... Snipped to conserve space... >
adding as trusted cert:
Subject: OU=RSA Security 1024 V3, O=RSA Security Inc
Issuer: OU=RSA Security 1024 V3, O=RSA Security Inc
Algorithm: RSA; Serial number: 0xa0101010000027c0000000b00000002
Valid from Thu Feb 22 15:01:49 CST 2001 until Sun Feb 22 14:01:49 CST 2026
adding as trusted cert:
Subject: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
Issuer: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
Algorithm: RSA; Serial number: 0xbc201a57ebb49897
Valid from Tue Jul 10 20:35:31 CDT 2007 until Fri Jul 07 20:35:31 CDT 2017
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Thu Sep 30 19:00:00 CDT 1999 until Wed Jul 16 18:59:59 CDT 2036
adding as trusted cert:
Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 05:38:31 CDT 2000 until Sat May 30 05:38:31 CDT 2020
adding as trusted cert:
Subject: CN=CC Signet - PCA Klasa 2, OU=Centrum Certyfikacji Signet, O=TP Internet Sp. z o.o., C=PL
Issuer: CN=CC Signet - RootCA, OU=Centrum Certyfikacji Signet, O=TP Internet Sp. z o.o., C=PL
Algorithm: RSA; Serial number: 0x3cbede10
Valid from Thu Apr 18 09:54:08 CDT 2002 until Mon Sep 21 10:42:19 CDT 2026
< ... Snipped to conserve space... >
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1286668278 bytes = { 67, 34, 247, 171, 23, 198, 239, 55, 170, 174, 198, 240, 212, 155, 66, 209, 111, 146, 87, 177, 42, 3, 70, 62, 239, 10, 223, 89 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
[write] MD5 and SHA1 hashes: len = 177
0000: 01 00 00 AD 03 01 4D B1 00 F6 43 22 F7 AB 17 C6 ......M...C"....
0010: EF 37 AA AE C6 F0 D4 9B 42 D1 6F 92 57 B1 2A 03 .7......B.o.W.*.
0020: 46 3E EF 0A DF 59 00 00 46 00 04 00 05 00 2F 00 F>...Y..F...../.
0030: 35 C0 02 C0 04 C0 05 C0 0C C0 0E C0 0F C0 07 C0 5...............
0040: 09 C0 0A C0 11 C0 13 C0 14 00 33 00 39 00 32 00 ..........3.9.2.
0050: 38 00 0A C0 03 C0 0D C0 08 C0 12 00 16 00 13 00 8...............
0060: 09 00 15 00 12 00 03 00 08 00 14 00 11 00 FF 01 ................
0070: 00 00 3E 00 0A 00 34 00 32 00 17 00 01 00 03 00 ..>...4.2.......
0080: 13 00 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 ................
0090: 0C 00 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 ................
00A0: 12 00 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 ................
00B0: 00 .
main, WRITE: TLSv1 Handshake, length = 177
[write] MD5 and SHA1 hashes: len = 173
0000: 01 03 01 00 84 00 00 00 20 00 00 04 01 00 80 00 ........ .......
0010: 00 05 00 00 2F 00 00 35 00 C0 02 00 C0 04 01 00 ..../..5........
0020: 80 00 C0 05 00 C0 0C 00 C0 0E 00 C0 0F 00 C0 07 ................
0030: 05 00 80 00 C0 09 06 00 40 00 C0 0A 07 00 C0 00 ........@.......
0040: C0 11 00 C0 13 00 C0 14 00 00 33 00 00 39 00 00 ..........3..9..
0050: 32 00 00 38 00 00 0A 07 00 C0 00 C0 03 02 00 80 2..8............
0060: 00 C0 0D 00 C0 08 00 C0 12 00 00 16 00 00 13 00 ................
0070: 00 09 06 00 40 00 00 15 00 00 12 00 00 03 02 00 ....@...........
0080: 80 00 00 08 00 00 14 00 00 11 00 00 FF 4D B1 00 .............M..
0090: F6 43 22 F7 AB 17 C6 EF 37 AA AE C6 F0 D4 9B 42 .C".....7......B
00A0: D1 6F 92 57 B1 2A 03 46 3E EF 0A DF 59 .o.W.*.F>...Y
main, WRITE: SSLv2 client hello message, length = 173
[Raw write]: length = 175
0000: 80 AD 01 03 01 00 84 00 00 00 20 00 00 04 01 00 .......... .....
0010: 80 00 00 05 00 00 2F 00 00 35 00 C0 02 00 C0 04 ....../..5......
0020: 01 00 80 00 C0 05 00 C0 0C 00 C0 0E 00 C0 0F 00 ................
0030: C0 07 05 00 80 00 C0 09 06 00 40 00 C0 0A 07 00 ..........@.....
0040: C0 00 C0 11 00 C0 13 00 C0 14 00 00 33 00 00 39 ............3..9
0050: 00 00 32 00 00 38 00 00 0A 07 00 C0 00 C0 03 02 ..2..8..........
0060: 00 80 00 C0 0D 00 C0 08 00 C0 12 00 00 16 00 00 ................
0070: 13 00 00 09 06 00 40 00 00 15 00 00 12 00 00 03 ......@.........
0080: 02 00 80 00 00 08 00 00 14 00 00 11 00 00 FF 4D ...............M
0090: B1 00 F6 43 22 F7 AB 17 C6 EF 37 AA AE C6 F0 D4 ...C".....7.....
00A0: 9B 42 D1 6F 92 57 B1 2A 03 46 3E EF 0A DF 59 .B.o.W.*.F>...Y
[Raw read]: length = 5
0000: 16 03 01 00 4A ....J
[Raw read]: length = 74
0000: 02 00 00 46 03 01 4D B1 00 F7 8B D6 E1 5A 42 BB ...F..M......ZB.
0010: D1 66 3D CE D6 7F 41 55 27 58 A2 01 35 FF D0 EA .f=...AU'X..5...
0020: CF 1A 4A 04 B1 D5 20 59 F2 13 A1 03 B2 1F 39 58 ..J... Y......9X
0030: 54 BB DA C2 4C F4 BB 17 54 F0 D7 13 5D B0 23 ED T...L...T...].#.
0040: 3F 31 7D E8 BA 59 62 00 04 00 ?1...Yb...
main, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1286668279 bytes = { 139, 214, 225, 90, 66, 187, 209, 102, 61, 206, 214, 127, 65, 85, 39, 88, 162, 1, 53, 255, 208, 234, 207, 26, 74, 4, 177, 213 }
Session ID: {89, 242, 19, 161, 3, 178, 31, 57, 88, 84, 187, 218, 194, 76, 244, 187, 23, 84, 240, 215, 19, 93, 176, 35, 237, 63, 49, 125, 232, 186, 89, 98}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Warning: No renegotiation indication extension in ServerHello
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 4D B1 00 F7 8B D6 E1 5A 42 BB ...F..M......ZB.
0010: D1 66 3D CE D6 7F 41 55 27 58 A2 01 35 FF D0 EA .f=...AU'X..5...
0020: CF 1A 4A 04 B1 D5 20 59 F2 13 A1 03 B2 1F 39 58 ..J... Y......9X
0030: 54 BB DA C2 4C F4 BB 17 54 F0 D7 13 5D B0 23 ED T...L...T...].#.
0040: 3F 31 7D E8 BA 59 62 00 04 00 ?1...Yb...
[Raw read]: length = 5
0000: 16 03 01 02 BF .....
[Raw read]: length = 703
0000: 0B 00 02 BB 00 02 B8 00 02 B5 30 82 02 B1 30 82 ..........0...0.
0010: 02 1A 02 09 00 BC 20 1A 57 EB B4 98 97 30 0D 06 ...... .W....0..
0020: 09 2A 86 48 86 F7 0D 01 01 04 05 00 30 81 9C 31 .*.H........0..1
0030: 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 .0...U....US1.0.
0040: 06 03 55 04 08 13 0A 43 61 6C 69 66 6F 72 6E 69 ..U....Californi
0050: 61 31 10 30 0E 06 03 55 04 07 13 07 46 72 65 6D a1.0...U....Frem
0060: 6F 6E 74 31 20 30 1E 06 03 55 04 0A 13 17 48 75 ont1 0...U....Hu
0070: 72 72 69 63 61 6E 65 20 45 6C 65 63 74 72 69 63 rricane Electric
0080: 2C 20 4C 4C 43 31 0D 30 0B 06 03 55 04 0B 13 04 , LLC1.0...U....
0090: 49 50 56 36 31 19 30 17 06 03 55 04 03 13 10 74 IPV61.0...U....t
00A0: 75 6E 6E 65 6C 62 72 6F 6B 65 72 2E 6E 65 74 31 unnelbroker.net1
00B0: 1A 30 18 06 09 2A 86 48 86 F7 0D 01 09 01 16 0B .0...*.H........
00C0: 69 6E 66 6F 40 68 65 2E 6E 65 74 30 1E 17 0D 30 [email protected]
00D0: 37 30 37 31 31 30 31 33 35 33 31 5A 17 0D 31 37 70711013531Z..17
00E0: 30 37 30 38 30 31 33 35 33 31 5A 30 81 9C 31 0B 0708013531Z0..1.
00F0: 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 0...U....US1.0..
0100: 03 55 04 08 13 0A 43 61 6C 69 66 6F 72 6E 69 61 .U....California
0110: 31 10 30 0E 06 03 55 04 07 13 07 46 72 65 6D 6F 1.0...U....Fremo
0120: 6E 74 31 20 30 1E 06 03 55 04 0A 13 17 48 75 72 nt1 0...U....Hur
0130: 72 69 63 61 6E 65 20 45 6C 65 63 74 72 69 63 2C ricane Electric,
0140: 20 4C 4C 43 31 0D 30 0B 06 03 55 04 0B 13 04 49 LLC1.0...U....I
0150: 50 56 36 31 19 30 17 06 03 55 04 03 13 10 74 75 PV61.0...U....tu
0160: 6E 6E 65 6C 62 72 6F 6B 65 72 2E 6E 65 74 31 1A nnelbroker.net1.
0170: 30 18 06 09 2A 86 48 86 F7 0D 01 09 01 16 0B 69 0...*.H........i
0180: 6E 66 6F 40 68 65 2E 6E 65 74 30 81 9F 30 0D 06 [email protected]..
0190: 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 .*.H............
01A0: 30 81 89 02 81 81 00 D7 24 7C 25 2A 7E 69 75 4A 0.......$.%*.iuJ
01B0: 85 01 91 86 60 8F 2C 96 E4 BE 96 E4 B6 36 28 A1 ....`.,......6(.
01C0: 7A 56 53 5C 01 A4 13 C8 6B 96 44 B7 5E 3D C0 60 zVS\....k.D.^=.`
01D0: B9 27 75 D5 A0 72 84 D7 54 C9 48 F4 B2 B4 B4 44 .'u..r..T.H....D
01E0: 0C 3D 90 48 57 F4 17 8D 71 EA 1E F8 4E 6F 88 68 .=.HW...q...No.h
01F0: 4F 5E 30 F9 56 F2 48 F4 57 18 3A 94 89 A9 09 60 O^0.V.H.W.:....`
0200: 19 CD 15 98 88 47 C3 80 E7 50 30 33 DF A9 51 91 .....G...P03..Q.
0210: A4 34 40 09 60 C5 C4 F9 38 7C 7A EB 5A F3 3C 63 .4@.`...8.z.Z.<c
0220: 3D 2D 24 12 08 C6 6F 02 03 01 00 01 30 0D 06 09 =-$...o.....0...
0230: 2A 86 48 86 F7 0D 01 01 04 05 00 03 81 81 00 55 *.H............U
0240: 45 96 28 96 33 CD 36 1C 3A 98 96 8B DE 20 93 99 E.(.3.6.:.... ..
0250: 75 C9 D7 86 94 2E 62 69 C3 80 71 C2 F4 F0 1A 74 u.....bi..q....t
0260: E5 5C 63 37 64 92 60 68 43 50 0F 49 FB A0 90 71 .\c7d.`hCP.I...q
0270: 1C EF 37 3F BF 38 E2 32 55 6C EB 63 C5 6A A1 71 ..7?.8.2Ul.c.j.q
0280: 8B AF 76 0A 49 C6 0A 7C 32 0A 7F 87 9B F3 C5 5B ..v.I...2......[
0290: 1F 98 9C EC 8D 2C 28 E2 DA 83 98 6D 36 6B 7B DE .....,(....m6k..
02A0: E7 E6 26 4A AC E9 3F 84 96 4E CB B6 EC C5 13 5D ..&J..?..N.....]
02B0: 99 45 A0 CB 4B AB BA 08 B7 DF 51 7D CB B7 1F .E..K.....Q....
main, READ: TLSv1 Handshake, length = 703
*** Certificate chain
chain [0] = [
Version: V1
Subject: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 1024 bits
modulus: 151078214832725997135839062949249516337507001175872585678208884131491712232432816986255053685674730439436945979324335861205079532450830475393857978740049212402170775011735778076852329233310431150139137152539823492882314808967689085169519290729775244738682251391827885615393137851975032443040800861047648470639
public exponent: 65537
Validity: [From: Tue Jul 10 20:35:31 CDT 2007,
               To: Fri Jul 07 20:35:31 CDT 2017]
Issuer: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
SerialNumber: [    bc201a57 ebb49897]
Algorithm: [MD5withRSA]
Signature:
0000: 55 45 96 28 96 33 CD 36 1C 3A 98 96 8B DE 20 93 UE.(.3.6.:.... .
0010: 99 75 C9 D7 86 94 2E 62 69 C3 80 71 C2 F4 F0 1A .u.....bi..q....
0020: 74 E5 5C 63 37 64 92 60 68 43 50 0F 49 FB A0 90 t.\c7d.`hCP.I...
0030: 71 1C EF 37 3F BF 38 E2 32 55 6C EB 63 C5 6A A1 q..7?.8.2Ul.c.j.
0040: 71 8B AF 76 0A 49 C6 0A 7C 32 0A 7F 87 9B F3 C5 q..v.I...2......
0050: 5B 1F 98 9C EC 8D 2C 28 E2 DA 83 98 6D 36 6B 7B [.....,(....m6k.
0060: DE E7 E6 26 4A AC E9 3F 84 96 4E CB B6 EC C5 13 ...&J..?..N.....
0070: 5D 99 45 A0 CB 4B AB BA 08 B7 DF 51 7D CB B7 1F ].E..K.....Q....
Found trusted certificate:
Version: V1
Subject: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 1024 bits
modulus: 151078214832725997135839062949249516337507001175872585678208884131491712232432816986255053685674730439436945979324335861205079532450830475393857978740049212402170775011735778076852329233310431150139137152539823492882314808967689085169519290729775244738682251391827885615393137851975032443040800861047648470639
public exponent: 65537
Validity: [From: Tue Jul 10 20:35:31 CDT 2007,
               To: Fri Jul 07 20:35:31 CDT 2017]
Issuer: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
SerialNumber: [    bc201a57 ebb49897]
Algorithm: [MD5withRSA]
Signature:
0000: 55 45 96 28 96 33 CD 36 1C 3A 98 96 8B DE 20 93 UE.(.3.6.:.... .
0010: 99 75 C9 D7 86 94 2E 62 69 C3 80 71 C2 F4 F0 1A .u.....bi..q....
0020: 74 E5 5C 63 37 64 92 60 68 43 50 0F 49 FB A0 90 t.\c7d.`hCP.I...
0030: 71 1C EF 37 3F BF 38 E2 32 55 6C EB 63 C5 6A A1 q..7?.8.2Ul.c.j.
0040: 71 8B AF 76 0A 49 C6 0A 7C 32 0A 7F 87 9B F3 C5 q..v.I...2......
0050: 5B 1F 98 9C EC 8D 2C 28 E2 DA 83 98 6D 36 6B 7B [.....,(....m6k.
0060: DE E7 E6 26 4A AC E9 3F 84 96 4E CB B6 EC C5 13 ...&J..?..N.....
0070: 5D 99 45 A0 CB 4B AB BA 08 B7 DF 51 7D CB B7 1F ].E..K.....Q....
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E .......
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net found
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net found
     at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
     at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1665)
     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:258)
     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:252)
     at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1165)
     at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
     at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
     at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
     at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
     at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
     at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1185)
     at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1169)
     at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440)
     at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
     at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
     at TestSSL.main(TestSSL.java:33)
Caused by: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net found
     at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:225)
     at sun.security.util.HostnameChecker.match(HostnameChecker.java:94)
     at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:285)
     at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:271)
     at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1144)
     ... 11 more
{quote}
So, now I'm trying to figure out how to get past this. Unless (and until) Tunnelbroker includes the alternative name in their certificate (or if it's included already, until I figure out how to get that alternative imported into my truststore), I'm never going to be able to update via java.
Have a great day:)
Patrick.

Similar Messages

Premiere Pro CS5: please help problem with importing a file error output "there was an error decompressing audio or video"

please help problem with importing a file error output "there was an error decompressing audio or video"

this is related to what adobe program/version?

How do I import a website created using Frontpage into Dreamweaver

How do I import a website created using Frontpage into Dreamweaver?

Nothing to import. Simply define your local site folder in DW -- Site > New Site. Tell DW where to find your FP site files on your hard drive.
Under Servers, input your remote server's FTP log-in credentials and site Root Directory:
Some FP proprietary stuff like extensions will not work in Dreamweaver so you'll have a fair amount of code clean up ahead of you. Most people find it easier to just rebuild their site with DW.
Good luck!
Nancy O.

Help requested with White Balance

This may come as a surprise to many, but here I am requesting your help, instead of giving it.
I have filled out a feature request with the following content, already some time ago:
Would it not be nice to be able to extract the WB settings in K from the metadata and be able in post to change it to what you should have done during the shoot.
Say your WB is set to 5600 K, you can extract that from the metadata and with the White Balance effect you can enter a desired setting of say 6100 K. During the shoot you can do that with the Canon XF series, but if you have forgotten to use a warm card instead of the white balance card, this would be a great effect to have. Or in the situation where you simply want a shot to be slightly cooler or warmer, this would be a great feature.
Interface similar to the scale slider and fully keyframeable. The program monitor should reflect changes in color temperature immediately. Simple, easy to understand, like using a set of Warm Cards after the shoot.
Retrieval of the color temperatures should not be difficult. It is contained in the metadata:
It works both with AWB and manual for the XF series. If the camera does not record these data, the effect should be greyed out.
I request your help to get this feature implemented, since it is pretty simple to implement, is a great help to have when doing multicam work, to fine tune different cameras or to change the atmosphere of a shot. It is far easier than the color correction effects we already have.
If you agree with me, please fill out a similar feature request. The more requests made, the greater the chance of it being implemented.
See Feature Request Form

Harm, I've seen instances of multi-cam shoot cameras that were identical models, using a clone of the settings which still resulted in differences in color. I've seen this blamed on the chips and the chip manufacturing process. I've also seen multicam footage from analog cameras that were supposedly balanced before shooting that resulted in shifts. And then, you have a situation where the atmospherics can alter the color, such as when one camera is close to the action, and the distant camera is shooting through fog or haze that has light shooting through it.
So again, while you can get in the ballpark with certain regimes, when it comes time to finish, you have to trust your eyes.
So, for my situation, it's not something that rises to the level of something I'd use enough to warrant a feature request.
My biggest issue today is that I'd love to see Pr offering bottom-up rendering, the way Avid MC offers it with its Render All option vs. Smart Rendering, which is top down. I don't like that I have to re-render entire sequences just because I made a little change to an upper layer clip. That, to me, warrants a concerted campaign or pitchfork mob.
But, I'll make a pact with you. If you'll request bottom up rendering, I'll request WB metadata support, OK?

Import a certificate into Sun/Java/Deployment/security/trusted.clientcerts

Hi I'm trying to make a java applet, it has to add a certificate in the Keystore Sun/Java/Deployment/security/trusted.clientcerts.
The problem is that to store, I have to enter a password. I enter "". ToCharArray () but when I try to view the certificates, it does not appear in the java control panel.
And when I try to import a certificate from the java control panel throws the following error "keystore was tampered with or password was incorrect".
Code:
private void guardarKeyStore(KeyStore ks) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException{
FileOutputStream out = new FileOutputStream(System.getenv("APPDATA").replace("\\", "/")+"/Sun/Java/Deployment/security/trusted.clientcerts");
ks.setCertificateEntry("someAlias", decodeCertificate(somebase64));
ks.store(out, "".toCharArray());
out.close();
}

Francisco26 wrote:
I Want to insert a certificate into trusted.clientcerts via java applet.
This certificate have to appear in the java control panel. (Security->Certificates->user->client autentication)
Why that? Because i need to do an applet that download a certificate response from a request to a CA.Which to paraphrase EJP is undesirable, insecure and untrustworthy. What you are asking would allow an untrustworthy site to declare itself trustworthy.

Help, problem with merging expressions website with dreamweaver

hello,
I am hoping you guys have some patience with this question. We created a website with frontpage and it's hosted on an ftp server and we use ftp open and edit the site. My question is, how can I open, work, and edit my site, since it is not even saved on my local hard drive but on the ftp servers of the webhosts.
Thanks,
Andrew

I can think of two ways and I am sure there must be many other ways to do what you want to do.
1) You could download the entire site using FTP program like WS-FTP, FileZilla and others. You can point this downloaded folder into your DW when you are defining a new site;
2) The second method is to define a new site in DW and then import a site using DW's own FTP technology; this will allow you to download your entire site from your host.
There are also other tools like WinHTTrack etc that can download the entire site on to your desktop.
The aim is to download everything on to your desktop before doing any editing.
Hope this gives you a start.

Can someone help with importing video from Canon XA10 (AVCHD) into PE 11?

In PE 11 when I import video from my canon xa10 (avchd) the quality is terrible, I also have a canon xa20, 60D and gopro that I video with and they all turn out with great video quality. Is there a reason why the xa10 video quality is bad? Setting I need to change?

dillonknopp
Thanks for the follow up.
In Premiere Elements 11 and 12 takes over setting the project preset based on the properties of the first file drag to the Timeline. Sometimes it does it right; sometimes not. You can check what the project has set by using the readings from Edit Menu/Project Settings/General and the readings for Editing Mode, Timebase, Frame Size, and Pixel Aspect Ratio even if the fields look grayed out. If the project preset is set for NTSC AVCHD Full HD1080p30, then the Edit Menu/Project Settings/General should be as represented in the following screenshot
Please refer to setting the project preset yourself manually and then importing the source media into the project.
ATR Premiere Elements Troubleshooting: PE11: Accuracy of Automatic Project Preset (New Project Dialog) Setting
Depending on how the current stage of troubleshooting progresses, you might want to post a screenshot
of your Expert workspace, showing the Edit area monitor display of the rendered Timeline.
We will be watching for your results.
Thank you.
ATR

Help requested with Windows Portable Directories

Setup:
Tiger Server 10.4.11
Everything is setup up perfectly and all Mac users can login and use their portable home directories. Everything works great.
Here's my question:
Is it possible to replicate the same behavior when logging in from Windows XP?
I setup a test user (WINUSER) and pointed him to the same share I use for the Mac home directories.
How do I set it up so that when I log in with this user from Windows XP, that Windows XP creates a local account and syncs it with the Mac OS X server (the same way that the Mac laptops do it).
Any help would be greatly appreciated.
Thanks

Figured it out.

Help requested with 645 Ultra-C with a PCI ATA/133 card fitted

I'm new here, so please bear with me if this plea for help is short of info :-
I built my PC 5 years ago, using a 645 Ultra-C board ( MS-6547 2.00 ) and have had no problems since - till now.
I recently installed a PCI ATA/133 card, mainly to be able to add 2 additional hard drives. It installed ok and the 2 extra drives are recognised correctly on the card's primary channel as is a DVD device on the secondary channel.
However, on initial booting, the card is interrogated to determine what devices are connected to it and then there is a delay of up to 2 minutes ( it feels like forever ) while BootMagic is being searched for/loaded.
It makes no difference if I swap the 2 drives and the dvd over or remove the dvd drive.
The bios ( AMI 07.00T 12/20/01 ) is correctly setup to boot from floppy first, then HDD1 ( connected to the mainboard's primary channel) and 'try other boot devices' is disabled.
I have no wish to boot from the extra drives, so is there any way of avoiding the boot system from looking there first ? Is there any other bios settings to consider ?
I'd be grateful for any hints/help.
Thanks.

Quote from: Del UK on 26-January-08, 06:45:25
Yes,
Go into bios and set boot sequence
Also go into pci controller bios, and set no boot
It's usually CRTL+A or CRTL+M keys on keyboard............
Controller cards will be main boot target, unless told
I have got the boot sequence set correctly - but I can see no sign of a pci controller bios option. Cntrl A or Cntrl M have no effect. Maybe the 645 bios doesnt offer those options.
I have never updated the bios - being of the 'if it aint broke dont change it' school of thought, so I may need to look at this area, now.
I'll be posting a question here about live update very soon - basically 'is it the best way to update the bios ?'
Thanks for your help so far
John

Help requested with the background of lighting effects

I need help creating a light background when rendering with light effects. I am selecting filter, then render, then lighting effects. From there I am choosing an omni light to create a blue light shining from above on my project. The problem I have is that the blue light fades into black or grey. I need the blue light to disseminate or fade into a white background instead. I have tried all sorts of options with changing the background in the lighting effects menu to no avail. I have photoshop CS3. Any help would be greatly appreciated!
Jim

Could you please post a screenshot with the pertinent Panels and dialog visible?

Help requested with major crashes and start-up probs with a G5 & OS 10.4.7

Not sure if this post should be on Tiger OS or hardware ...
I have had my G5 for 14 months. It runs with a 20" Apple CRT monitor
It has just developed quite serious problems. These have two elements
- Three days ago, while writing a mail message, vertical bars came down over the message and the 'need to restart' alert came up
- when attempting to restart I couldn't. The G5 start up sound was heard but the monitor button remained amber. When I did nothing the fans ran unti I forced it to close down
This persisted during several attempts to restart and while trying with the shift key held down
Later that day the machine started
I ran Disk utilities (checking disk and repairing permissions)
I ran Disk Warrior (no problems reported)
Both elements of this problem - the bars and restart message and the failure to fully restart - have occurred several times in the last three days. The problem may occur after 10 minutes or a couple of hours. It may then take many attempts to get the machine to start up. When it does, there is no pattern to explain why it has
Currently, everything apart from the monitor, key board and router are disconnected
Nonetheless, I expect to find myself 'behind bars' again soon
Any advice would be much appreciated

Hi norpsych;
It sounds like you are having kernel panics. Generally they are caused by hardware problems. I would suggest you disconnect everything and run the Apple Hardware Test from the install media that came with you system.
Allan

Need help please with importing RAW files from iPhoto to LR

I have a MAC, shoot RAW images and when I import them from IPhoto To LR5 they come in as a JPEG. I do have elements 10 as the original default for editing. When I want to import from IPhoto to LR I was dragging the RAW files. Can someone please tell me what I am doing incorrectly? Thank you!

Moving this discussion to the Photoshop Lightroom forum.

Help needed with uploading a website [was: Stuck at the last hurdle...]

Hiya, my tutor covered all the basics at the web design course I wen on, except how to actually get the website onto the internet. I have no idea what to do from here. I've reserved a domain name at 1and1 but can't see any pointers on how to get the website up.
On Dreamweavers 'configure server' window I don't have any idea what goes in there.
I don't know what goes in:
Name:
Access type:
FTP host:
Host directory:
Login
Password
(the three tabs underneath)
or the URL prefix
Please could someone guide me through what to do or point me to a tutorial?
[Subject line edited for clarity by moderator]

Either you have CS4 or You are in "basic" setup. I use "Advanced" because I have been doing this for a while and I do know the Advanced Steeings:
In Local Info, you have the following:
Site Name: mysite
Local Root folder: /Users/username/sites/mysite
Default images folder: /Users/username/sites/mysite/images
Links relative to: Document
HTTP address: http://yourdomain.com/public_html/
Case-sensitive links: (unchecked)
Cache: Enable cache checked.
In Remote Info, you have the following:
Access: FTP
FTP Host: http://yourdomain.com/
Host directory: /public_html/
Login: the login given you by your hosting provider
Password: the password given you by your hosting provider
Use Passive FTP (sometimes checked, sometimes not -- depends on the results of the test.
Use IPv6 transfer mode: (usually unchecked -- for now)
Use firewall (usually unchecked)
Use Secure FTP (SFTP) checked if possible, if not, leave unchecked based on the results of the test.
Don't touch Server Compatibility...
You want to check Maintain synchronization information and leave automatically upload files to server and enable file check in and check out unchecked..
When you signed up for 1&1, they will have given you the information you need for your login, password, host directory (which is usually /public_html) and the name of the ftp host if it is different from the name of the domain you created. I would imagine this would be in an email they sent you.

Help me with importing music!!!!!

I took all my music from my c: drive and moved it to my g: drive in order to save space on my hard drive (obviously).
I may have copied all the songs and transferred them over, and created duplicates accidentally, but I killed those.
Now that all my music is in the g: drive and there is no music in my iTunes, how do I get it all in there without duplicating things (like when I drag and drop) or having to go click every song to add it????????

Start with this Article for some understanding of how to move your Library. Then post back with more specifics as to what you actually did.
This well-written iLounge Article is a must-read for anyone considering moving their Library to a new computer or a new location. Or, just wants a better understanding of how iTunes manages your music.
Best of Luck

PLEASE HELP! Trouble importing media used in Premiere CS6 into CC

After infinitely trouble with stability in OSX Premiere CS6, I´ve tried to open my project in CC. I get a dialogue box when importing media with heading "Cannot Link Media" and saying "The selcted file cannot be linked because it has 2 audio channel(s) and the clip was created with 1 audio channel(s). Now, these clips had no issues in CS6, but after installing CC, I cannot open anything in CS6 and CC won´t, as stated, accept my clips. Now, I tried to uninstall CS6 to late reinstall it. But Adobe seems to have removed the installer, anyway I can´t find it. SERIOUSLY!. This is EXTREMELY frustrating. PLEASE HELP!

I don't have any sure-fire solutions, but I do have a suggestion: rather than opening the whole CS6 project and going through the whole conversion process, try importing just the sequence(s) from the CS6 project into a new CC project. There are a couple of ways to do so: 1) File>Import, select "Import Selected Sequences," then pick the desired ones, or 2) drill down to the project in Media Browser, which will show you it's contents, then drag and drop the sequence(s) into the Project panel.
I found a few bug reports in the same neighborhood. They were all fixed in the release you're using. But each was specific to a particular file type, so you may have hit on a case that we didn't exercise. It could really help us nail this down if you provided one small clip that CC is balking at and, ideally, a CS6 project containing that clip.

Help requested with Importing a website's CA certificate into my Java App

Similar Messages

Maybe you are looking for