<HTML dir=ltr><HEAD>
<META http-equiv=Content-Type content="text/html; charset=unicode">
<META content="MSHTML 6.00.6000.16762" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial color=#000000 size=2>We have been using XEP for a few years now.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Recently one of our online resource locations renewed their SSL certificates using GoDaddy's Intermediate Certificate.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Once this was active on their web server, XEP and XEPwin have started throwing errors.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Could not retrieve image from 'https://www....com/logo-for-report.jpg': javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>To remiedy this problem, we compiled and ran the following code:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>import java.io.*;<BR>import java.net.URL;</DIV>
<DIV>import java.security.*;<BR>import java.security.cert.*;</DIV>
<DIV>import javax.net.ssl.*;</DIV>
<DIV>public class InstallCert {</DIV>
<DIV> public static void main(String[] args) throws Exception {<BR> String host;<BR> int port;<BR> char[] passphrase;<BR> if ((args.length == 1) || (args.length == 2)) {<BR> String[] c = args[0].split(":");<BR> host = c[0];<BR> port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);<BR> String p = (args.length == 1) ? "changeit" : args[1];<BR> passphrase = p.toCharArray();<BR> } else {<BR> System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");<BR> return;<BR> }</DIV>
<DIV> File file = new File("jssecacerts");<BR> if (file.isFile() == false) {<BR> char SEP = File.separatorChar;<BR> File dir = new File(System.getProperty("java.home") + SEP<BR> + "lib" + SEP + "security");<BR> file = new File(dir, "jssecacerts");<BR> if (file.isFile() == false) {<BR> file = new File(dir, "cacerts");<BR> }<BR> }<BR> System.out.println("Loading KeyStore " + file + "...");<BR> InputStream in = new FileInputStream(file);<BR> KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());<BR> ks.load(in, passphrase);<BR> in.close();</DIV>
<DIV> SSLContext context = SSLContext.getInstance("TLS");<BR> TrustManagerFactory tmf =<BR> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());<BR> tmf.init(ks);<BR> X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];<BR> SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);<BR> context.init(null, new TrustManager[] {tm}, null);<BR> SSLSocketFactory factory = context.getSocketFactory();</DIV>
<DIV> System.out.println("Opening connection to " + host + ":" + port + "...");<BR> SSLSocket socket = (SSLSocket)factory.createSocket(host, port);<BR> socket.setSoTimeout(10000);<BR> try {<BR> System.out.println("Starting SSL handshake...");<BR> socket.startHandshake();<BR> socket.close();<BR> System.out.println();<BR> System.out.println("No errors, certificate is already trusted");<BR> } catch (SSLException e) {<BR> System.out.println();<BR> e.printStackTrace(System.out);<BR> }</DIV>
<DIV> X509Certificate[] chain = tm.chain;<BR> if (chain == null) {<BR> System.out.println("Could not obtain server certificate chain");<BR> return;<BR> }</DIV>
<DIV> BufferedReader reader =<BR> new BufferedReader(new InputStreamReader(System.in));</DIV>
<DIV> System.out.println();<BR> System.out.println("Server sent " + chain.length + " certificate(s):");<BR> System.out.println();<BR> MessageDigest sha1 = MessageDigest.getInstance("SHA1");<BR> MessageDigest md5 = MessageDigest.getInstance("MD5");<BR> for (int i = 0; i < chain.length; i++) {<BR> X509Certificate cert = chain[i];<BR> System.out.println<BR> (" " + (i + 1) + " Subject " + cert.getSubjectDN());<BR> System.out.println(" Issuer " + cert.getIssuerDN());<BR> sha1.update(cert.getEncoded());<BR> System.out.println(" sha1 " + toHexString(sha1.digest()));<BR> md5.update(cert.getEncoded());<BR> System.out.println(" md5 " + toHexString(md5.digest()));<BR> System.out.println();<BR> }</DIV>
<DIV> System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");<BR> String line = reader.readLine().trim();<BR> int k;<BR> try {<BR> k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;<BR> } catch (NumberFormatException e) {<BR> System.out.println("KeyStore not changed");<BR> return;<BR> }</DIV>
<DIV> X509Certificate cert = chain[k];<BR> String alias = host + "-" + (k + 1);<BR> ks.setCertificateEntry(alias, cert);</DIV>
<DIV> OutputStream out = new FileOutputStream("jssecacerts");<BR> ks.store(out, passphrase);<BR> out.close();</DIV>
<DIV> System.out.println();<BR> System.out.println(cert);<BR> System.out.println();<BR> System.out.println<BR> ("Added certificate to keystore 'jssecacerts' using alias '"<BR> + alias + "'");<BR> }</DIV>
<DIV> private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();</DIV>
<DIV> private static String toHexString(byte[] bytes) {<BR> StringBuilder sb = new StringBuilder(bytes.length * 3);<BR> for (int b : bytes) {<BR> b &= 0xff;<BR> sb.append(HEXDIGITS[b >> 4]);<BR> sb.append(HEXDIGITS[b & 15]);<BR> sb.append(' ');<BR> }<BR> return sb.toString();<BR> }</DIV>
<DIV> private static class SavingTrustManager implements X509TrustManager {</DIV>
<DIV> private final X509TrustManager tm;<BR> private X509Certificate[] chain;</DIV>
<DIV> SavingTrustManager(X509TrustManager tm) {<BR> this.tm = tm;<BR> }</DIV>
<DIV> public X509Certificate[] getAcceptedIssuers() {<BR> throw new UnsupportedOperationException();<BR> }</DIV>
<DIV> public void checkClientTrusted(X509Certificate[] chain, String authType)<BR> throws CertificateException {<BR> throw new UnsupportedOperationException();<BR> }</DIV>
<DIV> public void checkServerTrusted(X509Certificate[] chain, String authType)<BR> throws CertificateException {<BR> this.chain = chain;<BR> tm.checkServerTrusted(chain, authType);<BR> }<BR> }</DIV>
<DIV>}<BR></DIV>
<DIV>Output as Follows:</DIV>
<DIV> </DIV>
<DIV>C:\certs>java InstallCert <A href="http://www....com">www....com</A><BR>Loading KeyStore jssecacerts...<BR>Opening connection to <A href="http://www.....com:443">www.....com:443</A>...<BR>Starting SSL handshake...</DIV>
<DIV>No errors, certificate is already trusted</DIV>
<DIV>Server sent 1 certificate(s):</DIV>
<DIV> 1 Subject OU=Domain Control Validated, CN=www.....com, O=www.....com<BR> Issuer SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US<BR> sha1 b8 00 d6 93 be 7e b4 64 9b c7 d1 be 6c f3 13 86 f8 1e 72 20<BR> md5 1b 2a 3a 42 9f 7e f1 07 19 58 a3 a9 b4 06 2b 53</DIV>
<DIV>Enter certificate to add to trusted keystore or 'q' to quit: [1]</DIV></BODY></HTML>