Obtain remote server's certificate from java class

naxi used Ask the Experts™
I am writing java class which is connecting to remote server via https.
Connection cannot be established since this server has self-signed-certificate.

This is error I get:

Fatal transport error: sun.security.validator.ValidatorException: No trusted certificate found
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
      at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
      at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
      at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
      at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
      at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
      at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
      at java.io.BufferedOutputStream.flush(Unknown Source)
      at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:827)
      at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1975)
      at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
      at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
      at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
      at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
      at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
      at test.TestCiraDriver.main(TestCiraDriver.java:93)
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
      at sun.security.validator.SimpleValidator.buildTrustedChain(Unknown Source)
      at sun.security.validator.SimpleValidator.engineValidate(Unknown Source)
      at sun.security.validator.Validator.validate(Unknown Source)
      at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
      at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
      ... 17 more

I use java.net.URL to connect:

java.net.URL ciraUrl = new java.net.URL(message);
java.net.URLConnection ciraConnection = ciraUrl.openConnection();

Is it possible somehow from my java class to obtain remote server's certificate and put it into (I guess .keystore) file?

All I know about remote server is just address that starts with https://  so I cannot perform any work on the server (like using keytool etc.)

I am using jdk1.4.2_08
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2016
You need to override the default trust policy. Here's how to trust all:



The point is I don't want to trust all.
For SSH for example there is a way to add new IP and public key to existing file(on client server)
So next time when connection is established you can compare if that IP already exists, if it does and the public key is changed it is going to override it.
Is there a way to do the same thing for HTTPS?


I am not sure if this is the way to do it, but I would like to give 100  points to CEHJ for his effort to answer the question. It is not solution that I wanted but it can work.....

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial