On Sat, 2010-01-30 at 17:53 -0500, Clemens Eisserer wrote:
> Hello,
>
> I use the following code in my application, to make sure even
> https-connections can be etablished if the server's certificate is
> invalid/self-signed:
>
> Protocol myhttps = new Protocol("https", new
> EasySSLProtocolSocketFactory(), 443);
> Protocol.registerProtocol("https", myhttps);
>
> Is this enough?
>
That would be enough for self-signed but not for invalid certificates.
> I recently heard from one customer which said he ran into troubles
> because the machine running HttpClient was unaware of the server's
> certificates. Can this be right?
>
Whether this is right or wrong could depend on your particular
application. Per default HttpClient trusts only server certificates
trusted by the Java runtime (certificates stored in the JRE keystore)
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
