The problem that I am having is that if the second method is not called before the first, then the certificates are not in place and I get this error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
Of course when I call the methods in the right order that error is not there.
My question is can anyone help me write a check that can be done on maybe the HttpsURLConnection con object from the first code that can help me verify that the relevant certificates are properly recognized? Of course, the aim is to find a a more graceful way to exit when there is an error.
A sample test that was written is as follows:
public class ProgramTest { public static void main(String[] args){ try { NetUtils.getSSLCertificate("c:/Users/kingw/.keystore", "changeit", "changeit"); NetUtils.sendGet("https://testing.dev.cfed.local/api/auth/" + "c076utf5-2aaa-4b58-92d3-981dyhfefvgyyh" + "/" + "22"); }catch(Exception e){ e.printStackTrace(); } }}
Question: why are you using explicit cert handling?
mccarl
Apart from CEHJ's valid question above, rather than going to a lot of trouble to check if the certs are configured, why can't you just ensure that you code your app to call the cert setup method before any method that communicates with the server?
onaled777
ASKER
CEHJ - I really couldnt get it to work any other way
mccarl - Based on the way the code was structured.
If the cert is imported into your regular store then it should all work automatically, in theory. DID you import it?
onaled777
ASKER
Yes CEHJ - These were my steps:
1. I pasted the https_url in the browser
2. I retrieved the certificate and downloaded it to my local drive
3. I used the keytool utility in the jre bin to create a keystore
4. I imported the downloaded certificate into the newly created keystore.
5. I checked to make sure the certificate was listed in the keystore with the command keytool -list -v
Yet when I dont do the explicit cert handling I get this error:
***
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E .......
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Looks like the issue was one of configuration. The JAVA_HOME property was configured incorrectly and the keytool facility was looking for the cacerts in the wrong location. When reconfigured it worked without the explicit certificate handling. Thanks.