HTTPSURLConnection/JSSE

Similar Messages

• How to use JSSE HttpsURLConnection in WL 5.1

  I am trying to POST, from a jsp within weblogic,
  to an outside https URL. It appears to me that
  weblogic.net.http.HttpsURLConnection cannot POST
  to a connection.
  I am now trying to use Sun's JSSE 1.0.3.
  I've installed jcert.jar, jnet.jar and jsse.jar to
  C:\usr\local\java\jdk1.3.1_04\jre\lib\ext
  Here is the relevant code:
  <%@ page import="java.io.*,java.net.*,java.util.*,java.lang.*,javax.servlet.*,java.security.*,com.sun.net.ssl.*"
  %>
  <%
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  System.setProperty("java.protocol.handler.pkgs", com.sun.net.ssl.internal.www.protocol");
  url = new java.net.URL("https://www.some-secure-site.com"); // This is where
  the ClassCastException occurs.
  %>
  Here is the thread dump:
  java.lang.ClassCastException: weblogic.net.http.HttpsURLConnection
  at jsp_servlet._payPal.__verify._jspService(__verify.java:150)
  at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:120)
  at weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImpl.java:945)
  at weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImpl.java:909)
  at weblogic.servlet.internal.ServletContextManager.invokeServlet(ServletContextManager.java:269)
  at weblogic.socket.MuxableSocketHTTP.invokeServlet(MuxableSocketHTTP.java:392)
  at weblogic.socket.MuxableSocketHTTP.execute(MuxableSocketHTTP.java:274)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:130)
  I think I need to register an HTTPS URLStreamHandler when
  instantiating my URL object so I receive a
  com.sun.net.ssl.HttpsURLConnection instead of a
  weblogic.net.http.HttpsURLConnection - like so:
  URL url = new URL("https", "some.site.com", 443, "/some/uri", new some.URLStreamHandler());
  Any help is greatly appreciated.
  -SS

  you should use specifal constructor .. for url..
  some thing like..
  URL( "https","www.verisign.com","443","",new
  com.sun.net.ssl.internal.www.protocol.https.Handler());
  thanks
  kiran
  "sstaats" <[email protected]> wrote in message
  news:[email protected]...
  >
  I am trying to POST, from a jsp within weblogic,
  to an outside https URL. It appears to me that
  weblogic.net.http.HttpsURLConnection cannot POST
  to a connection.
  I am now trying to use Sun's JSSE 1.0.3.
  I've installed jcert.jar, jnet.jar and jsse.jar to
  C:\usr\local\java\jdk1.3.1_04\jre\lib\ext
  Here is the relevant code:
  <%@ pageimport="java.io.*,java.net.*,java.util.*,java.lang.*,javax.servlet.*,java.se
  curity.*,com.sun.net.ssl.*"
  %>
  <%
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  System.setProperty("java.protocol.handler.pkgs",com.sun.net.ssl.internal.www.protocol");
  url = new java.net.URL("https://www.some-secure-site.com"); // This is
  where
  the ClassCastException occurs.
  %>
  Here is the thread dump:
  java.lang.ClassCastException: weblogic.net.http.HttpsURLConnection
  at jsp_servlet._payPal.__verify._jspService(__verify.java:150)
  at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
  atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :120)
  atweblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImp
  l.java:945)
  atweblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImp
  l.java:909)
  atweblogic.servlet.internal.ServletContextManager.invokeServlet(ServletContext
  Manager.java:269)
  atweblogic.socket.MuxableSocketHTTP.invokeServlet(MuxableSocketHTTP.java:392)
  atweblogic.socket.MuxableSocketHTTP.execute(MuxableSocketHTTP.java:274)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:130)
  I think I need to register an HTTPS URLStreamHandler when
  instantiating my URL object so I receive a
  com.sun.net.ssl.HttpsURLConnection instead of a
  weblogic.net.http.HttpsURLConnection - like so:
  URL url = new URL("https", "some.site.com", 443, "/some/uri", newsome.URLStreamHandler());
  >
  Any help is greatly appreciated.
  -SS

• Https Connection from servlets using JSSE.

  Hi all,
  Although my question is the same as the QOW for this week, there is an error "unsupported keyword EMAIL" returned when i try to establish a https connection using servlet. The error log is as follow:
  =====================================
  java.io.IOException: unsupported keyword EMAIL
  at com.sun.net.ssl.internal.ssl.AVA.<init>([DashoPro-V1.2-120198])
  at com.sun.net.ssl.internal.ssl.RDN.<init>([DashoPro-V1.2-120198])
  at com.sun.net.ssl.internal.ssl.X500Name.a([DashoPro-V1.2-120198])
  at com.sun.net.ssl.internal.ssl.X500Name.<init>([DashoPro-V1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([DashoPro-V1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream([DashoPro-V1.2-120198])
  at URLReader.doGet(URLReader.java:78)
  ===================================
  Does anyone know the meaning of this error?
  I try to write a java application using the similar code and it totally works fine(i can connect to the server and obtain the page). Does JSSE support Java Servlet? Or this is the problem of tomcat server? FYI, I'm using
  Tomcat 3.2.2
  Java SDK 1.3
  Many thanks!
  Ethan
  p.s. Here is the source for my program
  import java.io.*;
  import java.net.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import javax.net.*;
  import javax.net.ssl.*;
  import com.sun.net.ssl.*;
  public class URLReader extends HttpServlet{
  private PrintWriter out = null;
  public void doGet(HttpServletRequest req, HttpServletResponse res){
  res.setContentType("text/html");
  res.setHeader("Cache-Control", "no-cache");
  res.setHeader("Progma", "no-cache");
  out = res.getWriter();
  java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  System.setProperty("javax.net.ssl.trustStore", "File_for_keyStore");
  System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
  try {
       URL url = new URL("https://server_name:port/index.htm");
       HttpsURLConnection urlconnection = (HttpsURLConnection)url.openConnection();
       BufferedReader in = new BufferedReader(new InputStreamReader(urlconnection.getInputStream()));
       String outputLine ;
       while ( (outputLine = in.readLine()) != null){
       out.println("There is the result: "+outputLine);
       in.close();
  catch(Exception e){
  public void doPost(HttpServletRequest req, HttpServletResponse res){
  }

  I was just having this issue, after months of error-free ssl behavior, on a new machine i was installing (Note: that I was running the IBM jdk1.3) It turns out that when I was editing the java.security file to know about JCE/JSSE providers i had the providers in the wrong order. The Error causing sequence was:
  security.provider.1=com.sun.net.ssl.internal.ssl.Provider
  security.provider.2=com.ibm.crypto.provider.IBMJCA
  # Extra provider added ibm@33894
  security.provider.3=com.ibm.crypto.provider.IBMJCE
  # extra provider i added
  security.provider.4=sun.security.provider.Sun
  The issue disappeared when i changed the order to:
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.sun.net.ssl.internal.ssl.Provider
  security.provider.3=com.ibm.crypto.provider.IBMJCA
  # Extra provider added ibm@33894
  security.provider.4=com.ibm.crypto.provider.IBMJCE
  hope that helps!
  --john molnar
  Trellis Network Security

• How to use HTTPS with JSSE URLConnection in servlet

  Hi, I have a servlet that calls another servlet using the URLConnection class. This seems to work very well if I am using http. However when trying to call it using https using JSSE I get the following error:
  "javax.net.ssl.SSLHandshakeException: untrusted server cert chain."
  The following is the code that I am using in the servlet:
            java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
            System.getProperties().put("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
            this.servlet = new URL(servletURL);
            URLConnection conServlet = servlet.openConnection();
  Both of these servlets are under IIS on my machine. I am able to execute each of the servlets from the browser using https directly. Does this sounds like an SSL certifcate problem or is that something in the Java code? Any ideas greatly appreciated.

  Hi,
  Perhaps you can create your own trust manager. I've found this example in another newsgroup: (please note that this example trusts everyone, but you can modify the trust manager as you wish)
  if (putUrl.startsWith("https"))
    //set up to handle SSL if necessary
    System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
    System.setProperty("javax.net.debug", "ssl,handshake,data,trustmanager");
    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
    //use our own trust manager so we can always trust
    //the URL entered in the configuration.
    X509TrustManager tm = new MyX509TrustManager();
    KeyManager []km = null;
    TrustManager []tma = {tm};
    SSLContext sc = SSLContext.getInstance("ssl");
    sc.init(km,tma,new java.security.SecureRandom());
    SSLSocketFactory sf1 = sc.getSocketFactory();
    HttpsURLConnection.setDefaultSSLSocketFactory (sf1);
  m_url = new URL (putUrl);
  class MyX509TrustManager implements X509TrustManager {
  public boolean isClientTrusted(X509Certificate[] chain) {
    return true;
  public boolean isServerTrusted(X509Certificate[] chain) {
    return true;
  public X509Certificate[] getAcceptedIssuers() {
    return null;
  }Hope this helps,
  Kurt.

• JSSE 1.0.2 : Unsupported keyword OID.2.5.4.5 (id-at-serialNumber)

  Hi,
  I am encountering the following exception when opening an SSL connection to an
  HTTPS web server (running apache + mod_ssl ) :
  java.io.IOException: unsupported keyword OID.2.5.4.5
  at com.sun.net.ssl.internal.ssl.AVA.<init>([DashoPro-V1.2-120198])
  at com.sun.net.ssl.internal.ssl.RDN.<init>([DashoPro-V1.2-120198])
  at com.sun.net.ssl.internal.ssl.X500Name.a([DashoPro-V1.2-120198])
  at com.sun.net.ssl.internal.ssl.X500Name.<init>([DashoPro-V1.2-120198])
  at
  com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
  at
  com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
  at
  com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
  at
  com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([DashoPro-V
  1.2-120198])
  at
  com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream([Das
  hoPro-V1.2-120198])
  at [...]The web server's X.509 V3 certificate was acquired from Certinomis (a
  french company - www.certinomis.com), and I have imported its root CA and
  intermediate CA into my client JVM's keystore using keytool.
  After a short investigation, it looks like it is a bug of JSSE 1.0.2
  implementation which doesn't recognize the Object Id 2.5.4.5 which
  according to the following page, is a standard X.500 attribute :
  http://www.alvestrand.no/objectid/2.5.4.5.html
  Here is an excerpt of this page :
  2.5.4.5 - id-at-serialNumber
  OID value: 2.5.4.5
  OID description: The Serial Number attribute type specifies an identifier, the
  serial number of a device.
  An attribute value for Serial Number is a printable string.
  serialNumber ATTRIBUTE ::= {
  WITH SYNTAX PrintableString (SIZE (1..ub-serialNumber))
  EQUALITY MATCHING RULE caseIgnoreMatch
  SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
  ID id-at-serialNumber
  }The very same code works when accessing web sites using Verisign certificates
  which do not contain such a 2.5.4.5 OID in the certificate subject, so it may
  well be dued to a malformation of the Certinomis certificate.
  Any help appreciated,
  Patrick DECAT.
  Following is the trace printed out when running the JVM with
  -Djavax.net.debug=all (binary blocks replaced by [...]) :
  C:\java\jdk1.3.1\bin\javaw -classpath
  C:\Development\HttpsReader\classes;
  C:\java\jsse1.0.2\lib\jsse.jar;C:\java\jsse1.0.2\lib\jnet.jar;
  C:\java\jsse1.0.2\lib\jcert.jar;C:\java\jdk1.3.1\jre\lib\i18n.jar;
  C:\java\jdk1.3.1\jre\lib\jaws.jar;C:\java\jdk1.3.1\jre\lib\rt.jar;
  C:\java\jdk1.3.1\jre\lib\sunrsasign.jar;C:\java\jdk1.3.1\lib\dt.jar;
  C:\java\jdk1.3.1\lib\tools.jar
  -Djavax.net.debug=all HttpsReader
  keyStore is :
  keyStore type is : jks
  init keystore
  init keymanager of type SunX509
  trustStore is: C:\java\jdk1.3.1\jre\lib\security\jssecacerts
  trustStore type is : jks
  init truststore
  adding as trusted cert: [
    Version: V3
    Subject: CN=CertiNomis, OU=AC Racine - Root CA, O=CertiNomis, C=FR
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
    Key:  com.sun.rsajca.JSA_RSAPublicKey@19681b
    Validity: [From: Thu Nov 09 01:00:00 CET 2000,
                 To: Fri Nov 09 01:00:00 CET 2012]
    Issuer: CN=CertiNomis, OU=AC Racine - Root CA, O=CertiNomis, C=FR
    SerialNumber: [    30303030 39373337 35373338 36303030 ]
  Certificate Extensions: 3
  [1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: [...]
  [2]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
    DigitalSignature
    Key_CertSign
    Crl_Sign
  [3]: ObjectId: 2.5.29.19 Criticality=true
  BasicConstraints:[
  CA:true
  PathLen:2147483647
    Algorithm: [SHA1withRSA]
    Signature:
  0000: [...]
  adding as trusted cert: [
    Version: V3
    Subject: CN=CertiNomis Classe 2, O=CertiNomis, C=FR
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
    Key:  com.sun.rsajca.JSA_RSAPublicKey@bc49d
    Validity: [From: Wed Nov 29 01:00:00 CET 2000,
                 To: Mon Nov 29 01:00:00 CET 2004]
    Issuer: CN=CertiNomis, OU=AC Racine - Root CA, O=CertiNomis, C=FR
    SerialNumber: [    30303030 39373534 38383434 39303030 ]
  Certificate Extensions: 6
  [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
     SSL CA
     S/MIME CA
     Object Signing CA]
  [2]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: [...]
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: [...]
  [4]: ObjectId: 2.5.29.31 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: [...]
  [5]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
    DigitalSignature
    Key_CertSign
    Crl_Sign
  [6]: ObjectId: 2.5.29.19 Criticality=true
  BasicConstraints:[
  CA:true
  PathLen:2147483647
    Algorithm: [SHA1withRSA]
    Signature:
  0000: [...]
  init context
  trigger seeding of SecureRandom
  done seeding SecureRandom
  %% No cached client session
  *** ClientHello, v3.1
  RandomCookie:  GMT: 993394508 bytes = { 24, 22, 81, 16, 235, 187, 118, 86, 45,
  138, 98, 195,
  155, 110, 203, 166, 77, 227, 57, 128, 191, 247, 109, 154, 243, 212, 78, 25 }
  Session ID:  {}
  Cipher Suites:  { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
  Compression Methods:  { 0 }
  [write] MD5 and SHA1 hashes:  len = 59
  0000: [...]
  AWT-EventQueue-0, WRITE:  SSL v3.1 Handshake, length = 59
  [write] MD5 and SHA1 hashes:  len = 77
  0000: [...]
  AWT-EventQueue-0, WRITE:  SSL v2, contentType = 22, translated length = 16310
  AWT-EventQueue-0, READ:  SSL v3.1 Handshake, length = 74
  *** ServerHello, v3.1
  RandomCookie:  GMT: 993394166 bytes = { 7, 124, 93, 170, 159, 46, 253, 150, 76,
  123, 239,
  155, 27, 14, 132, 20, 203, 83, 219, 221, 217, 201, 21, 212, 79, 18, 122, 73 }
  Session ID:  {179, 250, 40, 17, 25, 73, 235, 228, 229, 141, 93, 207, 137, 204, 71,
  144, 235,
  210, 99, 135, 15, 169, 170, 141, 156, 3, 58, 135, 178, 196, 112, 222}
  Cipher Suite:  { 0, 5 }
  Compression Method: 0
  %% Created:  [Session-1, SSL_RSA_WITH_RC4_128_SHA]
  ** SSL_RSA_WITH_RC4_128_SHA
  [read] MD5 and SHA1 hashes:  len = 74
  0000: [...]
  AWT-EventQueue-0, READ:  SSL v3.1 Handshake, length = 1088
  *** Certificate chain
  chain [0] = [
    Version: V3
    Subject: OID.2.5.4.5=10052821, OU=Certificat Mercatis,
  [email protected], CN=xxxxxx.xxxxxxxx.com, OU=FC,
  O=XXXXXXXXX-XXXXXXXXX, L=Paris, ST=Paris, C=FR
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
    Key:  com.sun.rsajca.JSA_RSAPublicKey@4a0115
    Validity: [From: Fri Mar 23 11:54:32 CET 2001,
                 To: Sun Mar 24 11:54:32 CET 2002]
    Issuer: CN=CertiNomis Classe 2, O=CertiNomis, C=FR
    SerialNumber: [    39383533 34313237 32353633 ]
  Certificate Extensions: 8
  [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
     SSL server
     S/MIME
     Object Signing
  [2]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: [...]
  [3]: ObjectId: 2.5.29.32 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: [...]
  [4]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: [...]
  [5]: ObjectId: 2.5.29.31 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: [...]
  [6]: ObjectId: 2.5.29.17 Criticality=false
  SubjectAlternativeName [
  [RFC822Name: [email protected]]]
  [7]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
    DigitalSignature
    Non_repudiation
    Key_Encipherment
    Data_Encipherment
  [8]: ObjectId: 2.5.29.19 Criticality=true
  BasicConstraints:[
  CA:false
  PathLen: undefined
    Algorithm: [SHA1withRSA]
    Signature:
  0000: [...]
  add missing root cert: [
    Version: V3
    Subject: CN=CertiNomis Classe 2, O=CertiNomis, C=FR
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
    Key:  com.sun.rsajca.JSA_RSAPublicKey@bc49d
    Validity: [From: Wed Nov 29 01:00:00 CET 2000,
                 To: Mon Nov 29 01:00:00 CET 2004]
    Issuer: CN=CertiNomis, OU=AC Racine - Root CA, O=CertiNomis, C=FR
    SerialNumber: [    30303030 39373534 38383434 39303030 ]
  Certificate Extensions: 6
  [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
     SSL CA
     S/MIME CA
     Object Signing CA]
  [2]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: [...]
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: [...]
  [4]: ObjectId: 2.5.29.31 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: [...]
  [5]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
    DigitalSignature
    Key_CertSign
    Crl_Sign
  [6]: ObjectId: 2.5.29.19 Criticality=true
  BasicConstraints:[
  CA:true
  PathLen:2147483647
    Algorithm: [SHA1withRSA]
    Signature:
  0000: [...]
  stop on trusted cert: [
    Version: V3
    Subject: CN=CertiNomis Classe 2, O=CertiNomis, C=FR
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
    Key:  com.sun.rsajca.JSA_RSAPublicKey@bc49d
    Validity: [From: Wed Nov 29 01:00:00 CET 2000,
                 To: Mon Nov 29 01:00:00 CET 2004]
    Issuer: CN=CertiNomis, OU=AC Racine - Root CA, O=CertiNomis, C=FR
    SerialNumber: [    30303030 39373534 38383434 39303030 ]
  Certificate Extensions: 6
  [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
     SSL CA
     S/MIME CA
     Object Signing CA]
  [2]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: [...]
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: [...]
  [4]: ObjectId: 2.5.29.31 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: [...]
  [5]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
    DigitalSignature
    Key_CertSign
    Crl_Sign
  [6]: ObjectId: 2.5.29.19 Criticality=true
  BasicConstraints:[
  CA:true
  PathLen:2147483647
    Algorithm: [SHA1withRSA]
    Signature:
  0000: [...]
  [read] MD5 and SHA1 hashes:  len = 1088
  0000: [...]
  AWT-EventQueue-0, READ:  SSL v3.1 Handshake, length = 4
  *** ServerHelloDone
  [read] MD5 and SHA1 hashes:  len = 4
  0000: [...]
  *** ClientKeyExchange, RSA PreMasterSecret, v3.1
  Random Secret:  { 3, 1, 94, 206, 199, 220, 80, 40, 86, 42, 59, 54, 23, 92, 139,
  128, 16, 86, 141, 241, 78, 190, 245, 233, 179, 240, 248, 239, 144, 179, 120,
  41, 52, 117, 74, 230, 249, 185, 175, 141, 182, 0, 207, 81, 217, 66, 216, 69 }
  [write] MD5 and SHA1 hashes:  len = 134
  0000: [...]
  AWT-EventQueue-0, WRITE:  SSL v3.1 Handshake, length = 134
  SESSION KEYGEN:
  PreMaster Secret:
  0000: [...]
  CONNECTION KEYGEN:
  Client Nonce:
  0000: [...]
  Server Nonce:
  0000: [...]
  Master Secret:
  0000: [...]
  Client MAC write Secret:
  0000: [...]
  Server MAC write Secret:
  0000: [...]
  Client write key:
  0000: [...]
  Server write key:
  0000: [...]
  ... no IV for cipher
  AWT-EventQueue-0, WRITE:  SSL v3.1 Change Cipher Spec, length = 1
  *** Finished, v3.1
  verify_data:  { 48, 119, 230, 86, 67, 207, 57, 59, 18, 222, 4, 107 }
  [write] MD5 and SHA1 hashes:  len = 16
  0000: [...]
  Plaintext before ENCRYPTION:  len = 36
  0000: [...]
  AWT-EventQueue-0, WRITE:  SSL v3.1 Handshake, length = 36
  AWT-EventQueue-0, READ:  SSL v3.1 Change Cipher Spec, length = 1
  AWT-EventQueue-0, READ:  SSL v3.1 Handshake, length = 36
  Plaintext after DECRYPTION:  len = 36
  0000: [...]
  *** Finished, v3.1
  verify_data:  { 238, 82, 186, 214, 115, 130, 241, 249, 113, 52, 93, 58 }
  %% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
  [read] MD5 and SHA1 hashes:  len = 16
  0000: [...]
  Finalizer, SEND SSL v3.1 ALERT:  warning, description = close_notify
  Plaintext before ENCRYPTION:  len = 22
  0000: [...]
  Finalizer, WRITE:  SSL v3.1 Alert, length = 22

  Just to keep this thread updated, here is some information I got from Sun's support :
  "They have closed this as a duplicate of the other bug[The bug was already identified internally].
  The fix for it has been put into build # 71 of merlin (1.4).
  I don't yet know whether that build is (or will be) early enough to be part of merlin-beta2 (second public beta).
  In any case, the problem has been fixed. It's just a matter of when it will
  appear in a publicly-available form."

• Tunneling Problem using HttpsUrlConnection

  Hi,
  I had gone through forums regarding this topic and still i am facing the same problem using the HttpsUrlConnection. We are working behind a proxy so we have to make a proxy authorization if we want to connect to a server in the internet.
  But in case of HttpUrlConnection, everything works
  fine. But if we do the same with a HttpsUrlConnection, the authentication fails. It throws an IOException
  with the message
  Unable to tunnel through 192.9.100.10:80.
  Proxy returns "HTTP/1.1 407 Proxy authentication required"
  Sample code as follows,
  The following code doesn't have any problem becos it works fine with HttpUrlConnection and also it is working without proxyserver for https as well.
  This is running under MSVM.
  I don't want to use SSLSocketFactory and i need to use following layout(i.e only with Httpsurlconnection)
  Is there any way to make work with proxyserver? Or can't we do this at all?
  System.setProperty("proxySet","true");
  System.setProperty("https.proxyHost","proxyIP");
  System.setProperty("https.proxyPort","80");
  OutputStream os = null;
  OutputStreamWriter osw = null;
  InputStream is = null;
  InputStreamReader isr = null;
  BufferedReader br = null;
  URL url;
  String line = null;
  System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  String login = proxyUserName+":"+proxyPassWord;
  String encodedLogin = new sun.misc.BASE64Encoder().encode(login.getBytes());
  url = new URL("https://www.verisign.com");
  HttpsURLConnection con = null;
  con =(HttpsURLConnection) url.openConnection();
  con.setRequestProperty("Proxy-Authorization", encodedLogin);
  con.setRequestMethod("GET");
  con.setDoOutput(true);
  con.setDoInput(true);
  con.setUseCaches(false);
  con.connect();
  os = con.getOutputStream();
  osw = new OutputStreamWriter(os);
  osw.write("SampleMsg");
  osw.flush();
  osw.close();
  is = con.getInputStream();
  isr = new InputStreamReader(is);
  br = new BufferedReader(isr);
  while ( (line = br.readLine()) != null)
       System.out.println("line: " + line);
  Can any one help me regarding this?I need a reply very urgently.
  Thanks,
  Prabhakaran R

  Hope this help.
  Note to change the properties to fit your system, and use the supported package ( JSSE, JRE1.5.......).
  You can use URLConnection for both HTTP or HTTPS protocol.
  import java.io.*;
  import java.net.*;
  import java.security.*;
  import java.util.*;
  import javax.net.ssl.*;
  public class testSSL9 {
  public testSSL9() {
  byte[] data = httpConnection();
  System.out.println(new String(data));
  public static void main(String[] args) {
  Properties sysprops = System.getProperties();
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  // sysprops.put("java.protocol.handler.pkgs",
  // "com.sun.net.ssl.internal.www.protocol");
  sysprops.put("java.protocol.handler.pkgs",
  "javax.net.ssl.internal.www.protocol");
  sysprops.put("javax.net.ssl.trustStore",
  "D:/jdk1.4/jre/lib/security/cacerts");
  sysprops.put("javax.net.debug", "ssl,handshake,data,trustmanager");
  sysprops.put("https.proxyHost", "172.16.0.1");
  sysprops.put("https.proxyPort", "3128");
  sysprops.put("https.proxySet", "true");
  sysprops.put("http.proxyHost", "172.16.0.1");
  sysprops.put("http.proxyPort", "3128");
  sysprops.put("proxySet", "true");
  testSSL9 testSSL91 = new testSSL9();
  private byte[] httpConnection() {
  try {
  URL url = null;
  // String strurl = "https://www.verisign.com";
  String strurl = "https://central.sun.net";
  // String strurl = "http://www.yahoo.com"; --> use: HttpURLConnection
  url = new URL(strurl);
  HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
  HttpsURLConnection.setFollowRedirects(false);
  connection.setDoOutput(true);
  connection.setDoInput(true);
  connection.setUseCaches(false);
  connection.connect();
  InputStream stream = null;
  BufferedInputStream in = null;
  ByteArrayOutputStream bytearr = null;
  BufferedOutputStream out = null;
  try {
  stream = connection.getInputStream();
  in = new BufferedInputStream(stream);
  bytearr = new ByteArrayOutputStream();
  out = new BufferedOutputStream(bytearr);
  catch (Exception ex1) {
  System.out.println(ex1);
  System.out.println("Server reject connection...sory");
  int i = 0;
  while ( (i = in.read()) != -1) {
  out.write(i);
  out.flush();
  stream.close();
  in.close();
  bytearr.close();
  out.close();
  return bytearr.toByteArray();
  catch (Exception ex) {
  ex.printStackTrace();
  return null;
  }

• Type httpsURLConnection is not defined

  I'm relatively new to using the JSSE (read: several hours into tinkering with it) and I'm completely at wits end trying to figure out WHY I can't locate the httpsURLConnection class.
  I have fully updated my Java to include JSE 6 Update 2... however I can't find either the httpsURLConnection class or ANYTHING dealing with javax.net to import into my current program.
  If it helps, I'm developing in Visual Studio .NET 2005.
  Thanks in advance for any help!

  I'm developing in VB.NET, so case sensitivity is not
  an issue. Unless I'm missing something obvious
  (which is possible), that is the spelling error to
  which you were referring?
  When I instantiate a new object, I receive a pop-up
  list of all of the different objects that I can
  possibly create... HttpsURLConnection is not listed,
  while HttpURLConnection is.
  In addition, when I begin making a new object, I
  should be able to type:
  Dim sslConnection As New javax.
  ...... at which point I'd receive a smiliar pop-up
  list of all the classes/methods associated with
  javax, so I can pick what I want. It doesn't appear.
  Javax is not getting imported into my program for
  some strange reason.
  My apologies for the confusion w/ the cases, I've
  just gotten used to VS.NET handling all of my
  case-ing for me, so I didn't even think twice about
  it when I was posting.What am I missing? This is a Java forum, not a VB.NET forum.

• Classcast exception while using HttpsURLConnection

  I am using java1.3. I have downloaded all the jars in JSSE..however when i am using the HttpsURLConnection class i get ClassCase exception at
  HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
  I don't get any error while compiling however get the error when executing
  Any help on this will greatly appricated.
  Thanks
  Sudha

  Magic, that worked for me.
  Now the real question is why did it work. My code worked fine under JRE 1.3.1, but when I remove jsse.jar from my classpath and upgraded to JRE 1.4.1 it broke. By commenting out the System.setProperty it now works. Strange.
  Cheers,
  Paul

• Help with java.lang.ClassCastException in JSSE

  I need an urgent help.
  i am writing code in JSSE for getting Server certificater(through SSL)
  i wrote
  public class url
  public static void main(String[] args)
  try
  System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
  Security.addProvider(new Provider());
  URL url=new URL("https://localhost:8443");
  HttpsURLConenction urlc=(HttpsURLConnection) url.openConnection();
  catch(Exception e)
  System.out.println(e);
  when i am executing this programing, i am getting the following run time error
  java.lang.ClassCastException
  I think i am getting error for the following line of code
  " HttpsURLConenction urlc=(HttpsURLConnection)url.openConnection(); "
  Please help me out to overcome this run time error.
  I would be grateful to you if you can solve my error

  Hi all
  I have the same error:
  java.lang.ClassCastException: com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl
  MY CODE IS:
  // Set the system and security properties
                 System.setProperty("javax.net.ssl.trustStore",
                           "C:\\certificados\\cacerts");
                 System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
                 // Keystore location and password
                 System.setProperty("javax.net.ssl.keyStore",
                           "C:\\certificados\\keystore");
                 System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
  //Set the request
  String url_ = "https://195.235.160.165";
  //Creamos la petici�n html
  StringBuffer buffer = new StringBuffer();
  buffer.append(url_);
  buffer.append("/GPP/WLServer?Method=M_FINDIT&CLIENT=");
  buffer.append(client);
  buffer.append("&CLI_PASSWD=");
  buffer.append(cli_passwd);
  buffer.append("&USER=");
  buffer.append(user_login);
  buffer.append("&USER_PASSWD=");
  buffer.append(user_passwd);
  buffer.append("&TUSERID=");
  buffer.append(MSISDN);
  buffer.append("&TUSERID_TYPE=MSISDN");
  buffer.append("&GROUP=");
  buffer.append(group_id);
  buffer.append("&SRS=GPP:UTM28");
  url_ = buffer.toString();
  URL url = new URL(url_);
  HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
  conn.setHostnameVerifier(new HostnameVerifier() {
  public boolean verify(String hostname, SSLSession session)
  // I don't care if the certificate doesn't match host name
  return true;
  BufferedReader in = new BufferedReader(
                      new InputStreamReader(
                      conn.getInputStream()));
  //Creates a writer with the encoding parameter as "UTF-8"
  Writer out_ = new OutputStreamWriter(response.getOutputStream(), "UTF-8" );
  String inputLine;
       String fichero_in = "";
       while ((inputLine = in.readLine()) != null){               
       if(inputLine.length()!=0){
            System.out.println(inputLine);
            fichero_in = inputLine;
            out_.write(inputLine);
       in.close();
  //Sets the Content-Type header
  response.setContentType("application/xml; charset=utf-8");
       //response.setContentType("text/html; charset=UTF-8");
  //Sends the response XML to the client
  out_.write(url_);
  //out_.write(fichero_in);
  out_.flush();
  response.sendRedirect(response.encodeRedirectURL("out_"));
  Anyone can hel me??
  Thanks in advance

• Problems with JSSE under Weblogic 5.1 sp9

  I have a java application which uses JSSE to communicate with a WebMethods server
  and it works great. However, when I take the same code block and run it under
  Weblogic 5.1 sp11, I receive a bad certificate error. After spending a lot of
  time reading through various postings, I fixed the problem where Weblogic was
  intercepting HTTPsURLConnection, but still have the bad_certificate error.
  My setup is as follows:
  - Keys stored using keytool in keystores outside of Weblogic
  - Service pack 9 is installed (also tested SP10)
  - Code runs fine as an isolated java application, but will not run when called
  from within weblogic.
  - JDK1.3.1_02
  - Modified the weblogic.policy file with the following line:"permission java.net.NetPermission
  "specifyStreamHandler";"
  Source Code:
  System.getProperties().put("java.protocol.handler.pkgs",
  "com.sun.net.ssl.internal.www.protocol");
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  System.out.println("\n\nHandler = "+System.getProperty("java.protocol.handler.pkgs"));
  URL server = new URL(null, "https://B2bserver.quadrem.com:4443/invoke/wm.tn/receive",
  new com.sun.net.ssl.internal.www.protocol.https.Handler());
  System.out.println("Connecting to : "+server.toExternalForm());
  char[] password = "weblogic".toCharArray();
  SSLContext context = SSLContext.getInstance("SSL");
  KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
  KeyStore keystore = KeyStore.getInstance("JKS");
  keystore.load(new FileInputStream("x:/jpkeystore"), password);
  keyManagerFactory.init(keystore, password);
  context.init(keyManagerFactory.getKeyManagers(), null, null);
  HttpsURLConnection conn = (HttpsURLConnection)server.openConnection();
  conn.setDoInput( true );
  conn.setDoOutput( true );
  conn.setAllowUserInteraction(false);
  conn.setUseCaches( false );
  conn.setDefaultUseCaches ( false );
  conn.setRequestMethod("POST");
  conn.setRequestProperty("Content-Type","text/xml");
  conn.setRequestProperty("Host", remoteHost);
  conn.setRequestProperty("Content-Length", "" + (XML_HEADER.length()+doc.length()));
  DataOutputStream out = new DataOutputStream (conn.getOutputStream());
  out.writeBytes(XML_HEADER);
  out.write(doc.getBytes());
  out.flush();
  out.close();
  All help will be appreciated.
  thanks
  Mark Johnson
  781-993-9212 x375
  [email protected]

  Mark,
  Can you post the complete exceptionand stack trace here ?
  Mark Johnson wrote:
  I have a java application which uses JSSE to communicate with a WebMethods server
  and it works great. However, when I take the same code block and run it under
  Weblogic 5.1 sp11, I receive a bad certificate error. After spending a lot of
  time reading through various postings, I fixed the problem where Weblogic was
  intercepting HTTPsURLConnection, but still have the bad_certificate error.
  My setup is as follows:
  - Keys stored using keytool in keystores outside of Weblogic
  - Service pack 9 is installed (also tested SP10)
  - Code runs fine as an isolated java application, but will not run when called
  from within weblogic.
  - JDK1.3.1_02
  - Modified the weblogic.policy file with the following line:"permission java.net.NetPermission
  "specifyStreamHandler";"
  Source Code:
  System.getProperties().put("java.protocol.handler.pkgs",
  "com.sun.net.ssl.internal.www.protocol");
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  System.out.println("\n\nHandler = "+System.getProperty("java.protocol.handler.pkgs"));
  URL server = new URL(null, "https://B2bserver.quadrem.com:4443/invoke/wm.tn/receive",
  new com.sun.net.ssl.internal.www.protocol.https.Handler());
  System.out.println("Connecting to : "+server.toExternalForm());
  char[] password = "weblogic".toCharArray();
  SSLContext context = SSLContext.getInstance("SSL");
  KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
  KeyStore keystore = KeyStore.getInstance("JKS");
  keystore.load(new FileInputStream("x:/jpkeystore"), password);
  keyManagerFactory.init(keystore, password);
  context.init(keyManagerFactory.getKeyManagers(), null, null);
  HttpsURLConnection conn = (HttpsURLConnection)server.openConnection();
  conn.setDoInput( true );
  conn.setDoOutput( true );
  conn.setAllowUserInteraction(false);
  conn.setUseCaches( false );
  conn.setDefaultUseCaches ( false );
  conn.setRequestMethod("POST");
  conn.setRequestProperty("Content-Type","text/xml");
  conn.setRequestProperty("Host", remoteHost);
  conn.setRequestProperty("Content-Length", "" + (XML_HEADER.length()+doc.length()));
  DataOutputStream out = new DataOutputStream (conn.getOutputStream());
  out.writeBytes(XML_HEADER);
  out.write(doc.getBytes());
  out.flush();
  out.close();
  All help will be appreciated.
  thanks
  Mark Johnson
  781-993-9212 x375
  [email protected]

• ClassCastException - HttpsURLConnection

  I am getting the following error:
  java.lang.ClassCastException: com.ibm.net.ssl.internal.www.protocol.https.HttpsURLConnection
  Does anybody have a solution to this? I am developing in WSAD 5.
  if (protocol.equalsIgnoreCase("https"))
    //use Sun's JSSE to deal with SSL
    //java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
    System.out.println("1");
    System.setProperty( "java.protocol.handler.pkgs","com.ibm.net.ssl.internal.www.protocol");
    System.out.println("2");
    java.security.Security.addProvider(new com.ibm.jsse.IBMJSSEProvider());
    //System.getProperties().put("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
    //System.getProperties().put("java.protocol.handler.pkgs", "com.ibm.net.ssl.internal.www.protocol");
    System.out.println("3");
    url = new URL(protocol + "://" + hostname + "/" + prefix + "/" + service);
    System.out.println("4");
    connection = (HttpsURLConnection) url.openConnection();  //this is where the error is occuring
    System.out.println("5");
  else     
    url = new URL(protocol + "://" + hostname + "/" + prefix + "/" + service);
    connection = (HttpURLConnection) url.openConnection();
  }

  Okay, maybe I have t reversed :P There are two HttpsURLConnections, one in javax.net the other one you are using. If you have imported one or both, you will have to qualify which you mean:
  connection = (com.ibm.net.ssl.internal.www.protocol.https.HttpsURLConnection) url.openConnection();And make sure connection is instantiated as:
  com.ibm.net.ssl.internal.www.protocol.https.HttpsURLConnection as well.

• URGENT: Timeout on HTTPSURLCONNECTION

  I've scoured the web and these fora for a solution to my problem, and I can't seem to find a solution, so would really appreciate any help/pointers/examples to assist me.
  I've managed to read from a secure web page, using JSSE to set up an httpsurlconnection called connect, and can read and post to it fine. My problem is that I want to set a timeout period if I don't receive a reply to my GET or POST methods. Everything I've found only applies to HTTPurlconnection, and it seems as if HTTPSurlconnection isn't able to handle user-defined timeouts. The closest I've got is setting up an SSLsocket and then using the inherited setSoTimeout, but my Java's not good enough to set that up correctly, and I'm not sure if it would work. Then maybe there are thread methods, which are even more complicated, and I don't want to use threads as I'll be running up to 60 instances of this URL reading/posting class at a time.
  Does anyone have some example code which allows me to set a timeout period for my HTTPSurlconnection?
  Many many thanks, I'm a relative newbie to Java and these fora, so appreciate any replies.
  Claude

  look at "sun.net.client.defaultConnectTimeout"
  http://java.sun.com/j2se/1.4/docs/guide/net/properties.html
  it might help you

• Timeout in HttpsURLConnection

  I am using the HttpsURLConnection class to post and retrieve reply from a HTTPS site through a proxy. My problem is, I can't seem to set the timeout value for the HttpsURLConnection. If there is no reply from the site, the program will hang there.
  I'm using J2SDK 1.4.1_03 and I have tried specifying the option:
  System.setProperty("sun.net.client.defaultReadTimeout","30000");
  or during runtime:
  -Dsun.net.client.defaultReadTimeout=30000
  However, both options do not seem to work. Did I do something wrong here?
  After looking around for some information, I gather that other people also face this problem. Generally, I think the suggestions seem to be pointing to two solutions:
  1. Implemen a customized HttpsURLConnection, ie creating the socket with the timeout.
  2. Create another thread to keep track of the https connection and to stop it after a timeout value.
  Is there any other solutions? Which solution will be the best and simplest to implemen?

  Hi,
  there is a library called HTTPClient available for free on:
  http://jakarta.apache.org/commons/httpclient/
  It supports time out, besides a bunch of other features.
  Also HTTPS is straight forward, as soon as the underlying JSSE
  installation is done.

• Class com.ibm.jsse.be configured for a TrustManagerFactory : Help needed

  Hi
  I am getting the following runtime error when trying for a HTTPS connection from my java code.
  Runtime Error : Class com.ibm.jsse.be configured for a TrustManagerFactory: not a TrustManagerFactory Action: 4 Class: com.americanexpress.teen.common.fis.FISInterface Method: getFISTestData(String fisURL) Exception:java.net.SocketException: Class com.ibm.jsse.be configured for a TrustManagerFactory: not a TrustManagerFactory
       at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
       at com.ibm.net.ssl.www.protocol.https.b.b(Unknown Source)
       at com.ibm.net.ssl.www.protocol.http.bs.a(Unknown Source)
       at com.ibm.net.ssl.www.protocol.http.bs.o(Unknown Source)
       at com.ibm.net.ssl.www.protocol.https.b.<init>(Unknown Source)
       at com.ibm.net.ssl.www.protocol.https.b.a(Unknown Source)
       at com.ibm.net.ssl.www.protocol.https.b.a(Unknown Source)
       at com.ibm.net.ssl.www.protocol.https.b.a(Unknown Source)
       at com.ibm.net.ssl.www.protocol.https.p.b(Unknown Source)
       at com.ibm.net.ssl.www.protocol.https.p.connect(Unknown Source)
       at com.ibm.net.ssl.www.protocol.http.bw.getInputStream(Unknown Source)
       at com.ibm.net.ssl.www.protocol.http.bw.getHeaderField(Unknown Source)
       at com.ibm.net.ssl.www.protocol.http.bw.getResponseCode(Unknown Source)
       at com.ibm.net.ssl.internal.www.protocol.https.HttpsURLConnection.getResponseCode(Unknown Source)
       at com.americanexpress.teen.common.fis.FISInterface.getFISTestData(FISInterface.java:2238)
       at org.apache.jsp._fisTestPage._jspService(_fisTestPage.java:112)
       at com.ibm.ws.webcontainer.jsp.runtime.HttpJspBase.service(HttpJspBase.java:89)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.ibm.ws.webcontainer.jsp.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:344)
       at com.ibm.ws.webcontainer.jsp.servlet.JspServlet.serviceJspFile(JspServlet.java:669)
       at com.ibm.ws.webcontainer.jsp.servlet.JspServlet.service(JspServlet.java:767)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.ibm.ws.webcontainer.servlet.StrictServletInstance.doService(StrictServletInstance.java:110)
       at com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet._service(StrictLifecycleServlet.java:174)
       at com.ibm.ws.webcontainer.servlet.IdleServletState.service(StrictLifecycleServlet.java:313)
       at com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet.service(StrictLifecycleServlet.java:116)
       at com.ibm.ws.webcontainer.servlet.ServletInstance.service(ServletInstance.java:283)
       at com.ibm.ws.webcontainer.servlet.ValidServletReferenceState.dispatch(ValidServletReferenceState.java:42)
       at com.ibm.ws.webcontainer.servlet.ServletInstanceReference.dispatch(ServletInstanceReference.java:40)
       at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:61)
       at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.handleWebAppDispatch(WebAppRequestDispatcher.java:974)
       at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java:564)
       at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:200)
       at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java:119)
       at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.java:276)
       at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(CachedInvocation.java:71)
       at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletRequestProcessor.java:182)
       at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.java:334)
       at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:56)
       at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:618)
       at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:439)
       at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:672)
  My application is trying to a https://xyz.com from java code and i am getting the above exception.
  I tried connecting to "https://xyz.com " from my workspace via Websphere 5.1 server and my server is throwing the above exception. I have extened the ibmjsse provided by WAS 5.1 and using it for connecting to the HTTPS URL.
  I feel the above problem might be due to network issues. Please help me in resolving the same.
  Thanks in advance !!!!!

  Steps i have done to ensure the connectivity :
  Method A :
  1) I imported the pfx and CA certificates given by xyz.com in my web browser (IE)
  2) After that, I tried connecting to "https://xyz.com" from browser and getting a proper response.
  Method B :
  1) I updated the jre cacert with CA certificate given by xyz.com
  2) Loaded the pfx keystore from my java client code program and ran it as a java standalone code and got the proper response.
  My java code
  import java.io.*;
  import java.net.*;
  import javax.net.ssl.HttpsURLConnection;
  import javax.net.ssl.*;
  import java.security.*;
  import java.sql.Time;
  public class HTTPSConnect{
       public static void main(String[] args)
                 URL url;
                 StringBuffer buffer;
                 String line;
                 int responseCode=0;
                 HttpsURLConnection connection = null;
                 InputStream input;
                 BufferedReader dataInput;
                 //FIS Sample URL
                 String fisURL = "https://xyz.com";
                 String fisResp = "";
                 try
                 Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
                 System.setProperty("javax.net.debug", "all");
                 String path = "F:\\MyCertificate.pfx";
                 String type = "pkcs12";
                 String password = "abc123";
                 System.setProperty("javax.net.ssl.keyStoreType", type);
                 System.setProperty("javax.net.ssl.keyStore",path);
                 System.setProperty("javax.net.ssl.keyStorePassword",password);
                      url = new URL(fisURL);
                      //Create the connection
                      connection = (HttpsURLConnection) url.openConnection();
                      connection.setUseCaches(false);
                      //Get the response code for the HTTPS connection
                      responseCode = connection.getResponseCode();
                 if (200 == responseCode)
                      buffer = new StringBuffer();
                      //Getting the FIS Response XML using the Stream reader
                      input = connection.getInputStream();
                      dataInput = new BufferedReader(new InputStreamReader(input));
                           while ((line = dataInput.readLine()) != null)
                                buffer.append(line);
                                buffer.append('\n');
                      fisResp = (String) buffer.toString().trim();
                 else
                      System.out.println("HTTP Status-Code : " + responseCode);
                 catch (MalformedURLException mue)
                      System.out.println("Exception in URL : " + mue.getMessage() );
                      mue.printStackTrace();
                 catch (IOException ioe)
                      System.out.println("IO Exception : " + ioe.getMessage() );
                      ioe.printStackTrace();
                 catch (Exception e)
                      System.out.println("Exception : " + e.getMessage() );
                      e.printStackTrace();
                 System.out.println("FIX XML Response : " + fisResp);
                 System.out.println("Response Code of HTTPS Connection : " + responseCode);
  Please let me know if i am missing something :)

• Help: httpsurlconnection and x509certificate

  I am developing a java client that will retrieve data from a webserver through http. The webserver uses x509certificate.
  My specific question is how to pass an x509 certificate into the https request.
  I have the following sample code:
  // load the certificate
  InputStream instream = new FileInputStream("someCertificate.cer");
  X509Certificate cert = X509Certificate.getInstance(instream);
  instream.close();
  URL myURL = new URL ("https://www.someserver.com/");
  HttpsURLConnection httpsConn = (HttpsURLConnection) myURL.openConnection();
  httpsConn.setDoOutput(true);
  BufferedReader in = new BufferedReader(new InputStreamReader(httpsConn.getInputStream()));
  String line;
  while ((line = in.readLine()) != null)
  System.out.println(line);
  in.close();
  The server requires the client to present the x509 certificate.
  How do I pass the certificate for authentication before trying to getInputStream()?
  Can anyone point to me any articles or sample codes on how to program this. I am fairly new to this area of programming.
  Your help is much appreciated.
  Thank you.
  Message was edited by:
  Ewon799

  I am developing a java client that will retrieve data
  from a webserver through http. The webserver uses
  x509certificate.
  My specific question is how to pass an x509
  certificate into the https request.Do you really want to pass the x509 certificate as part of the HTTPS request, or do you want to pass the x509 certificate as part of the SSL/TLS handshaking, which is what is most commonly done.
  Normally when the SSL/TLS handshake is going on, the server sends the certificate to the client, then the client approves it, and finalizes the SSL/TLS handshake. At this point, the connection is secured, and only THEN does the https exchange takes place.
  If that's what you really want, then you need to initialize your SSLContext to have access to the keystore that stores that privatekey/cert combo. You can either do it through the system variables, or by initializing a SSLContext to point it's X509KeyManager to the right keystore.
  See the JSSE Reference Guide for more information, specifically the sections on key and trust manager, and the system properties.