When Celoxis connects to your servers over SSL, it should be able to validate the SSL certificate presented by your server to it. Celoxis must be able to validate your SSL certificate against the Java trusted CA certficate store. For this to happen, the SSL certificate must be obtained from trusted Certificate Authority (CA) like Verisign, RapidSSL, Thawte, GeoTrust, etc. Celoxis does not support certificates signed using CAs not trusted by Java.
About SSL Poke
Celoxis SSL Poke is a java program that connects via SSL to a host and port of your choice. The server could be a web server, mail server or any other server that supports SSL. The primary objective is to determine whether Java can authenticate the server's certificate using its trusted CA certificate store. This program also verifies whether the host and port are correct.
Downloading SSL Poke
ssl-poke.zip from here
Using SSL Poke
- Unzip the ssl-poke.zip file. It should create a folder
ssl-pokethat contains the
- Open a terminal window and cd to the
ssl-pokefolder. You must now be in the same directory that contains the
- Then type: java SSLPoke <host> <port>
Connect to our web site
$ java SSLPoke www.celoxis.com 443 SUCCESS
Connect to a server with a self-signed certificate
$ java SSLPoke localhost 8843 FAILURE: javax.net.ssl.SSLHandshakeException : PKIX path building failed unable to find valid certification path to requested target
Connect to our IMAP+SSL mail server
$ java SSLPoke secure.emailsrvr.com 993 SUCCESS
- javax.net.ssl.SSLHandshakeException : sun.security.validator.ValidatorException: PKIX path building failed
Java cannot authenticate the server's SSL certificate because its Certificate Authority (CA) is not present in its trusted CA store.
The host name is invalid i.e. not resolvable by your DNS server
- java.net.ConnectException : Connection refused
Port is invalid. No server is listening on that port.
- java.net.ConnectException : Operation timed out
The host and port combo cannot be connected. Most likely your firewall is blocking the connection, or, the IP address of the host is incorrect.
- javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
There is a mismatch between host specified in input and host name in the SSL certificate.
- Error: Could not find or load main class SSLPoke
You are not in the directory that contains the
SSLPoke.classfile. cd to that directory and try again.
- FAILURE: javax.net.ssl.SSLException : Unrecognized SSL message, plaintext connection?
You are connecting to a non-SSL port.