Why WTK doesn't allow me to make https connection to some URL that is accesable from browser

Question

I'm trying to get httpsConnection in j2me (some parts of my configuration below< if more required i can provide more)

<j2me.midlet.configuration>CLDC-1.1</j2me.midlet.configuration>
<j2me.midlet.profile>MIDP-2.0</j2me.midlet.profile>

WTK is 2.5.2_01

HttpsConnection connection = (HttpsConnection)Connector.open("https://myURL/user/login", Connector.READ);`

on connection.open() i get

[WtkRun] javax.microedition.pki.CertificateException: Certificate in a chain was not issued by the next authority in the chain
   [WtkRun]     at com.sun.midp.ssl.X509Certificate.verifyChain(+115)
   [WtkRun]     at com.sun.midp.ssl.Handshake.parseChain(+111)
   [WtkRun]     at com.sun.midp.ssl.Handshake.rcvCert(+114)
   [WtkRun]     at com.sun.midp.ssl.Handshake.doHandShake(+96)
   [WtkRun]     at com.sun.midp.ssl.SSLStreamConnection.<init>(+173)
   [WtkRun]     at com.sun.midp.ssl.SSLStreamConnection.<init>(+12)
   [WtkRun]     at com.sun.midp.io.j2me.https.Protocol.connect(+214)
   [WtkRun]     at com.sun.midp.io.j2me.http.Protocol.streamConnect(+57)
   [WtkRun]     at com.sun.midp.io.j2me.http.Protocol.startRequest(+12)
   [WtkRun]     at com.sun.midp.io.j2me.http.Protocol.sendRequest(+38)
   [WtkRun]     at com.sun.midp.io.j2me.http.Protocol.sendRequest(+6)
   [WtkRun]     at com.sun.midp.io.j2me.http.Protocol.openInputStream(+9)
   [WtkRun]     at nkclause.PostClause.a(+162)
   [WtkRun]     at nkclause.PostClause.startApp(+473)
   [WtkRun]     at javax.microedition.midlet.MIDletProxy.startApp(+7)
   [WtkRun]     at com.sun.midp.midlet.Scheduler.schedule(+270)
   [WtkRun]     at com.sun.midp.main.Main.runLocalClass(+28)
   [WtkRun]     at com.sun.midp.main.Main.main(+80)

I've managed to get certificate details, so it's Issuer is

[WtkRun] C=US;O=Thawte, Inc.;CN=Thawte SSL CA

and the same issuer exist in browser storage; I'm accesing the URL with no problem.

I also tried to do some hacks like

connection = (StreamConnection) Connector.open("https://myURL/user/login:443;CertificateErrorHandling=warn;HandshakeCommentary=on", Connector.READ);

but the exception is still the same.

I'm seeking to approachs to handle the case: 1) may be the second authority in the chain isn't known to WTK emulator. In browser I can check certificate issuers visually, but how can I do int in wtk? 2) is there a way to ignore ssl certificate troubles? The old answers say that no, but may be something has changed since that times?

Answer 1

It has been a while since I specifically looked at the wtk emulator, but if you just need it for emulation, I believe you can just add the certificate to your java keychain and it will be accepted. As the WTK doesn't require a J2SE VM available, you would likely not be talking about the J2SE keytool.

My first step would be to check out ${WTK_LOCATION}/bin/mekeytool. For different handsets you will be doing different things to accept custom certificates, so the solution would likely be very handset-specific.

I'm pretty sure that nothing has changed in J2ME for programmatically ignoring the certificate. If you want to do that, why not just use http rather than https?