Different ways to fix the certificate issues such as SSLHandshakeException, SunCertPathBuilderException. Solution certificate problem in HTTPS. Https Exception Java How To Fix suncertpathbuilderexception.
In this tutorial, How to fix problems in Java on "HTTPS connection with SSL certificate Error".
Check this tutorial : http://www.java-samples.com/showtutorial.php?tutorialid=210
Original article
Introduction:
HTTPS protocol is supported since JDK1.4 (AFAIK), you have nothing special to do.As a java developer, if you have not been stung by the below-mentioned exception while running a Java application developed by you on your machine that hits an SSL server (https), then be prepared to get a nasty experience at some point of your coding journey.
Use case or Problematic Program:
import java.io.InputStreamReader; import java.io.Reader; import java.net.URL; import java.net.URLConnection; public class ConnectHttps { public static void main(String[] args) throws Exception { URL url = new URL("https://amazon.com"); URLConnection con = url.openConnection(); Reader reader = new InputStreamReader(con.getInputStream()); while (true) { int ch = reader.read(); if (ch==-1) { break; } System.out.print((char)ch); } } }
Output:
However, you can have a problem if the server certificate is self-signed by a testing certification authority (CA) which is not in trusted CAs of Java on the client side. An exception likeException in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The above exception(SunCertPathBuilderException) is thrown. This is a common situation with a development server.
Solution 1:
The fix is to add the self signed certificate to trusted CAs on the client side. You do that by updating the CACERT file in the your JRE_HOME/lib directory.Check this tutorial : http://www.java-samples.com/showtutorial.php?tutorialid=210
Solution 2:
you can override the check and accept an untrusted certificate (with the risk coming with it!).import java.io.InputStreamReader; import java.io.Reader; import java.net.URL; import java.net.URLConnection; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import java.security.cert.X509Certificate; public class ConnectHttps { public static void main(String[] args) throws Exception { /* * fix for * Exception in thread "main" javax.net.ssl.SSLHandshakeException: * sun.security.validator.ValidatorException: * PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: * unable to find valid certification path to requested target */ TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); // Create all-trusting host name verifier HostnameVerifier allHostsValid = new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true; } }; // Install the all-trusting host verifier HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); /* * end of the fix */ URL url = new URL("https://amazon.com"); URLConnection con = url.openConnection(); Reader reader = new InputStreamReader(con.getInputStream()); while (true) { int ch = reader.read(); if (ch==-1) { break; } System.out.print((char)ch); } } }
Conclusion:
In this post, we saw why HTTPS exceptions will come while invoking secure URL's and possible solutions to fix suncertpathbuilderexception and SSLHandshakeException.Original article
COMMENTS