Re: [Hbci4java-help] java.security.cert.CertPathValidatorException: Path does not chain with any of
Brought to you by:
kleiner77
Menu
▾
▴
Re: [Hbci4java-help] java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
|
From: Marcus W. <Ma...@Wo...> - 2010-01-11 05:11:44
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rolf Viehmann schrieb: > >> ThatŽs exactly what I wanted to avoid for my users are it is a >> PITA to add a trust-ancor to the default Java keystore. (First >> issue: itŽs password protected and they donŽt document the >> password.) > > > If I understand it correctly, you could use the parameter > client.passport.PinTan.certfile to specify a file that you ship > along with your code that will be used by HBCI4Java. This file > could contain any (root or immediate) certificate that will be > needed to communicate with the host. Do you know any way of doing this at configuration-time inside the program? Preferably one that works with any version of the hbci-protocol. (I don´t know much about how hbci and FinTS work on the network-layer.) I don´t think it´s an option to ship and update the certificates of every bank the user could configure with the software. > > Also, the password for the default Java keystore seems to be > documented, it's either "changeit" or "changeme" (the latter only > on MacOSX). Yes, cou can find out about it but not easy enough to let an untrained everyday-user do it. > > You could also check out the great open source (GNU GPL v2) > software Portecle (http://portecle.sourceforge.net/) that can be > used to inspect and modify Java keystores. Never seen that one yet. Thanks for mentioning it. Marcus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktKsv0ACgkQf1hPnk3Z0cT5UgCfVwkg5uiv1a37qp/t3/bJgTnq SXwAnjifUta8N7WD2o5PBq4d0lakxVYi =KtRW -----END PGP SIGNATURE----- |
