From owner-freebsd-java@FreeBSD.ORG Fri Jul 14 08:17:07 2006 Return-Path: X-Original-To: freebsd-java@freebsd.org Delivered-To: freebsd-java@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F397216A4DE for ; Fri, 14 Jul 2006 08:17:06 +0000 (UTC) (envelope-from jshevland@rowantreesoftware.com.au) Received: from www.rowantreesoftware.com.au (218-214-142-195.people.net.au [218.214.142.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5EE7B43D46 for ; Fri, 14 Jul 2006 08:17:06 +0000 (GMT) (envelope-from jshevland@rowantreesoftware.com.au) Received: from [127.0.0.1] (unknown [10.10.0.250]) by www.rowantreesoftware.com.au (Postfix) with ESMTP id D1C1711417 for ; Fri, 14 Jul 2006 18:17:04 +1000 (EST) Message-ID: <44B752BF.6060905@rowantreesoftware.com.au> Date: Fri, 14 Jul 2006 18:15:59 +1000 From: Joe Shevland Organization: Rowantree Software Pty. Ltd. User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: freebsd-java@freebsd.org References: <44B5CBE9.6080400@centtech.com> <44B61F91.1030209@rowantreesoftware.com.au> <44B69A84.8060200@centtech.com> In-Reply-To: <44B69A84.8060200@centtech.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Failed to communicate to CE X-BeenThere: freebsd-java@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting Java to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 08:17:07 -0000 Eric Anderson wrote: > On 07/13/06 05:25, Joe Shevland wrote: >> Eric Anderson wrote: >>> Hi everyone, >>> >>> I'm new to this list, so please let me know what extra details are >>> needed. >>> >>> One application I have, gives me this error: >>> >>> Failed to communicate to CE >>> javax.net.ssl.SSLHandshakeException: >>> sun.security.validator.ValidatorException: PKIX path building >>> failed: sun.security.provider.certpath.SunCertPathBuilderException: >>> unable to find valid certification path to requested target >>> >>> Is this a bug in the app, or FreeBSD java? If I run this program on >>> linux, and remote display it to FreeBSD, it works fine. >>> >>> I'm running against the new diablo-jre (package, not port) on >>> FreeBSD 6-STABLE. >>> >>> Thanks, >>> Eric >>> >>> >>> >> >> Fairly sure thats the message you get when you don't have the >> certificate of the server (or its CA) in your trusted keystore (or >> perhaps in this case the default keystore Java is using - cacerts >> perhaps). Client apps I've written that need to use SSL with a >> server's self-signed certificate, I'd export the servers certificate >> and import it into a keystore on the client, then set >> -Djavax.net..trustStore=. > > Found it! (Thanks for the help) > > Here's what it was: > /usr/local/diablo-jre1.5.0/lib/security/ > > I used the directory from a linux machine, and it works like magic. > > Thanks.. > > Eric Just posting back to the list in case the JRE needs an updated cacerts file. That may not be the case if it was a custom certificate. Cheers Joe