B
Brian J. Sayatovic
(I apologize for the earlier, aborted posting)
I've written a simple test program that just opens a reads from an SSL URL
to try and find the source of the problem I'm having conencting to a secure
site from within a WAS4-deployed application. I've run this test in two
different configurations:
1. WAS4 JRE (including IBM's JSSE) with the following pre-connection code:
// IBM's JSSE
Security.addProvider(new com.ibm.jsse.IBMJSSEProvider());
System.setProperty("java.protocol.handler.pkgs",
"com.ibm.net.ssl.internal.www.protocol");
2. Sun's JRE 1.3.1_06 (with Sun's JSSE 1.0.3) with the following
pre-connection code:
// Sun's JSSE
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
To add to the uncertainty I'm having, I'm testing against two SSL sites.
The first, A, has a known-good Verisgn-rooted SSL certificate. The other's,
B, certificate appears to be Verisign-rooted, but I'm not certain. Both
sites appear in Internet Explorer without any special warnings.
When I use the WAS4 JRE configuration (1) against the known-good site (A), I
get an SSLHandshakeException with the description "bad certificate". If I
hit the same site using the Sun JRE ocnfiguration (2), it successfulyl
connects to the site.
I've not even gone on to testing the second site (B) since I can't even get
the known-good site (A) to wotk with the WAS4 JRE (1) configuration. It is
necessary to get that configuration working as that is the production
configuration.
Can anyone help?
Regards,
Brian
I've written a simple test program that just opens a reads from an SSL URL
to try and find the source of the problem I'm having conencting to a secure
site from within a WAS4-deployed application. I've run this test in two
different configurations:
1. WAS4 JRE (including IBM's JSSE) with the following pre-connection code:
// IBM's JSSE
Security.addProvider(new com.ibm.jsse.IBMJSSEProvider());
System.setProperty("java.protocol.handler.pkgs",
"com.ibm.net.ssl.internal.www.protocol");
2. Sun's JRE 1.3.1_06 (with Sun's JSSE 1.0.3) with the following
pre-connection code:
// Sun's JSSE
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
To add to the uncertainty I'm having, I'm testing against two SSL sites.
The first, A, has a known-good Verisgn-rooted SSL certificate. The other's,
B, certificate appears to be Verisign-rooted, but I'm not certain. Both
sites appear in Internet Explorer without any special warnings.
When I use the WAS4 JRE configuration (1) against the known-good site (A), I
get an SSLHandshakeException with the description "bad certificate". If I
hit the same site using the Sun JRE ocnfiguration (2), it successfulyl
connects to the site.
I've not even gone on to testing the second site (B) since I can't even get
the known-good site (A) to wotk with the WAS4 JRE (1) configuration. It is
necessary to get that configuration working as that is the production
configuration.
Can anyone help?
Regards,
Brian