I'm trying to get httpsConnection in j2me (some parts of my configuration below< if more required i can provide more)
<j2me.midlet.configuration>CLDC-1.1</j2me.midlet.configuration>
<j2me.midlet.profile>MIDP-2.0</j2me.midlet.profile>
WTK is 2.5.2_01
HttpsConnection connection = (HttpsConnection)Connector.open("https://myURL/user/login", Connector.READ);`
on connection.open() i get
[WtkRun] javax.microedition.pki.CertificateException: Certificate in a chain was not issued by the next authority in the chain
[WtkRun] at com.sun.midp.ssl.X509Certificate.verifyChain(+115)
[WtkRun] at com.sun.midp.ssl.Handshake.parseChain(+111)
[WtkRun] at com.sun.midp.ssl.Handshake.rcvCert(+114)
[WtkRun] at com.sun.midp.ssl.Handshake.doHandShake(+96)
[WtkRun] at com.sun.midp.ssl.SSLStreamConnection.<init>(+173)
[WtkRun] at com.sun.midp.ssl.SSLStreamConnection.<init>(+12)
[WtkRun] at com.sun.midp.io.j2me.https.Protocol.connect(+214)
[WtkRun] at com.sun.midp.io.j2me.http.Protocol.streamConnect(+57)
[WtkRun] at com.sun.midp.io.j2me.http.Protocol.startRequest(+12)
[WtkRun] at com.sun.midp.io.j2me.http.Protocol.sendRequest(+38)
[WtkRun] at com.sun.midp.io.j2me.http.Protocol.sendRequest(+6)
[WtkRun] at com.sun.midp.io.j2me.http.Protocol.openInputStream(+9)
[WtkRun] at nkclause.PostClause.a(+162)
[WtkRun] at nkclause.PostClause.startApp(+473)
[WtkRun] at javax.microedition.midlet.MIDletProxy.startApp(+7)
[WtkRun] at com.sun.midp.midlet.Scheduler.schedule(+270)
[WtkRun] at com.sun.midp.main.Main.runLocalClass(+28)
[WtkRun] at com.sun.midp.main.Main.main(+80)
I've managed to get certificate details, so it's Issuer is
[WtkRun] C=US;O=Thawte, Inc.;CN=Thawte SSL CA
and the same issuer exist in browser storage; I'm accesing the URL with no problem.
I also tried to do some hacks like
connection = (StreamConnection) Connector.open("https://myURL/user/login:443;CertificateErrorHandling=warn;HandshakeCommentary=on", Connector.READ);
but the exception is still the same.
I'm seeking to approachs to handle the case: 1) may be the second authority in the chain isn't known to WTK emulator. In browser I can check certificate issuers visually, but how can I do int in wtk? 2) is there a way to ignore ssl certificate troubles? The old answers say that no, but may be something has changed since that times?
It has been a while since I specifically looked at the wtk emulator, but if you just need it for emulation, I believe you can just add the certificate to your java keychain and it will be accepted. As the WTK doesn't require a J2SE VM available, you would likely not be talking about the J2SE keytool.
My first step would be to check out ${WTK_LOCATION}/bin/mekeytool. For different handsets you will be doing different things to accept custom certificates, so the solution would likely be very handset-specific.
I'm pretty sure that nothing has changed in J2ME for programmatically ignoring the certificate. If you want to do that, why not just use http rather than https?