SunCertPathBuilderException: unable to find valid certification path to requested target

Problem

Configured Tomcat to support SSL and deployed this web service on a development Tomcat server. While connect to the deployed web service over SSL connection via this URL : “https://localhost:8443/HelloWorld/hello?wsdl“, it hits

javax.net.ssl.SSLHandshakeException: 
   sun.security.validator.ValidatorException: PKIX path building failed: 
   sun.security.provider.certpath.SunCertPathBuilderException: 
   unable to find valid certification path to requested target
 
Caused by: sun.security.validator.ValidatorException: 
   PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: 
   unable to find valid certification path to requested target
 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: 
   unable to find valid certification path to requested target

Solution

The caused of the problem and solution are both well explain in this article. Below is just the same solution, but demonstrate in my development environment :)

1. Get InstallCert.java

Get a InstallCert.java file from http://blogs.sun.com/andreas/resource/InstallCert.java

2. Add Trusted Keystore

Run InstallCert.java, with your hostname and https port, and press “1” when ask for input. It will add your “localhost” as a trusted keystore, and generate a file named “jssecacerts“.

C:\>java InstallCert localhost:8443
Loading KeyStore C:\Program Files\Java\jre6\lib\security\cacerts...
Opening connection to localhost:8443...
Starting SSL handshake...
 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.
provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at InstallCert.main(InstallCert.java:87)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertP
athBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
        at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
        at sun.security.validator.Validator.validate(Unknown Source)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
        at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:182)
        ... 9 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to reques
ted target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
        at java.security.cert.CertPathBuilder.build(Unknown Source)
        ... 15 more
 
Server sent 1 certificate(s):
 
 1 Subject CN=yong mook kim, OU=mkyong, O=mkyong, L=puchong, ST=PJ, C=my
   Issuer  CN=yong mook kim, OU=mkyong, O=mkyong, L=puchong, ST=PJ, C=my
   sha1    32 3e 15 42 96 ba e9 4d 9c 5d e7 5e 6b 0f 30 23 b4 e3 f4 98
   md5     c8 dd a1 af 9f 55 a0 7f 6e 98 10 de 8c 63 1b a5
 
Enter certificate to add to trusted keystore or 'q' to quit: [1]
1
 
[
[
  Version: V3
  Subject: CN=yong mook kim, OU=mkyong, O=mkyong, L=puchong, ST=PJ, C=my
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
 
  Key:  Sun RSA public key, 1024 bits
  modulus: 1129473579651954554552730664834664064459539051598864058082387115962631728819634110255367718769683451438528187
923246533854744470790959477657386037636238098777089479256059697784394926741427654735994678054030193662669088404706890444
59364523220747231216704221781747262219695262340353839314222273672957748320603247
  public exponent: 65537
  Validity: [From: Tue Dec 14 15:13:51 SGT 2010,
               To: Mon Mar 14 15:13:51 SGT 2011]
  Issuer: CN=yong mook kim, OU=mkyong, O=mkyong, L=puchong, ST=PJ, C=my
  SerialNumber: [    4d07192f]
 
]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 38 E4 F4 D9 51 B1 5F C1   01 13 32 79 DE 97 26 58  8...Q._...2y..&X
0010: 13 08 F1 A0 33 DB B9 90   AF EE 9E AE B9 9B 68 7D  ....3.........h.
0020: DF E8 7D 79 9D 92 24 4A   76 C9 4C 28 DA 68 B0 62  ...y..$Jv.L(.h.b
0030: FF AB 27 03 5C DD 1F C8   77 A2 25 18 DF 0C DC FD  ..'.\...w.%.....
0040: D3 39 5D 18 B4 BA 4B 36   8C FD C5 80 FF F2 E3 4D  .9]...K6.......M
0050: 0A 28 57 B9 04 D8 25 F6   FB CA DA 13 0C 36 FB 02  .(W...%......6..
0060: 9A B3 B1 28 46 D1 8E C7   D9 1A 5B CE BB A6 6F FD  ...(F.....[...o.
0070: 6D F2 35 D9 95 43 6E 38   2A 56 E7 31 21 D9 F0 90  m.5..Cn8*V.1!...
 
]
 
Added certificate to keystore 'jssecacerts' using alias 'localhost-1'

3. Verify Trusted Keystore

Try run the InstallCert command again, the connection should be ok now.

C:\>java InstallCert localhost:8443
Loading KeyStore jssecacerts...
Opening connection to localhost:8443...
Starting SSL handshake...
 
No errors, certificate is already trusted
 
Server sent 1 certificate(s):
 
 1 Subject CN=yong mook kim, OU=mkyong, O=mkyong, L=puchong, ST=PJ, C=my
   Issuer  CN=yong mook kim, OU=mkyong, O=mkyong, L=puchong, ST=PJ, C=my
   sha1    32 3e 15 42 96 ba e9 4d 9c 5d e7 5e 6b 0f 30 23 b4 e3 f4 98
   md5     c8 dd a1 af 9f 55 a0 7f 6e 98 10 de 8c 63 1b a5
 
Enter certificate to add to trusted keystore or 'q' to quit: [1]
q
KeyStore not changed
 
C:\>

4.Copy jssecacerts

Copy the generated “jssecacerts” file to your “$JAVA_HOME\jre\lib\security” folder.

5. Done

Run your web service client again, it should be working now.

Tags :

About the Author

mkyong
Founder of Mkyong.com and HostingCompass.com, love Java and open source stuff. Follow him on Twitter, or befriend him on Facebook or Google Plus. If you like my tutorials, consider make a donation to these charities.

Comments

  • Pingback: water ionizers()

  • Pingback: watch movies online free()

  • Pingback: stream movies()

  • Pingback: streaming movies()

  • Pingback: Blue Coaster33()

  • Pingback: gettingerror while installing the certificates | Technology & Programming()

  • vasanth

    Can someone please add the steps for Configuring the SSL in Jetty.Please……………

    • jesus

      Eres un chingon pinche mkyong

  • some

    works like charm. monitoring your posts, really valid ones – kudos 2 u.

  • Manoj Kumar

    You have to modify your InstallCert.java like file should be change cacerts because If you use jsscacerts it your previous certificate will lost.

  • Jayasiri

    Hi Mkyong,

    Thank you very much for the helpful tutorial. By following given steps it was able to successfully avoid the below exception we got when reading inbox via mail.pop3.ssl.
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    Thanks Again,
    Jayasiri

  • Mahmoud Saleh

    it worked with me only with following command: java InstallCert localhost:443

  • Hitesh

    While running second time, I am getting below error. This is SVN connection host:port

    C:\syntran>java InstallCert webeaen22l.nam.nsroot.net:9050
    Loading KeyStore jssecacerts…
    Opening connection to webeaen22l.nam.nsroot.net:9050…
    Starting SSL handshake…

    javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.
    va:1657)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl
    ava:932)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(
    LSocketImpl.java:1096)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocket
    pl.java:1123)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocket
    pl.java:1107)
    at InstallCert.main(InstallCert.java:87)

    Server sent 1 certificate(s):

    highly appriecite you

  • Alvin

    Loading KeyStore C:\Program Files (x86)\Java\jre7\lib\security\cacerts…
    Exception in thread “main” java.io.IOException: Keystore was tampered with, or password was incorrect
    at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
    at java.security.KeyStore.load(Unknown Source)
    at InstallCert.main(InstallCert.java:81)
    Caused by: java.security.UnrecoverableKeyException: Password verification failed
    … 4 more

    What could be course by this?

    • Jack

      Looks like the password you tried for your keystore file was wrong. The default password is “changeit”. Try that.

  • fatemeh

    thanks for your great tutorial
    I did step 1 correctly for host:pop.gmail.com with port 995
    but when i do step 2
    i get this error
    javan.net.SocketException:connection reset
    at java.net.Socket input Stream.read

    please please help me

  • Prasad

    javax.net.ssl.SSLException: java.lang.UnsupportedOperationException
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1844)
    at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:182
    7)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1346
    )
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323
    )
    at InstallCert.main(InstallCert.java:56)
    Caused by: java.lang.UnsupportedOperationException
    at InstallCert$SavingTrustManager.getAcceptedIssuers(InstallCert.java:14
    0)
    at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraint
    s(SSLContextImpl.java:926)
    at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSL
    ContextImpl.java:872)
    at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLCo
    ntextImpl.java:814)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
    java:1323)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.jav
    a:153)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.
    java:1312)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339
    )
    … 2 more

    • Mahantesh

      Have you resolved your error??even i am getting the same error and don’t know how to resolve that!!! :(

      • http://www.wzona.info Tomas

        You should implement the getAcceptedIssuers(), e.g.:

        private static class SavingTrustManager implements X509TrustManager {

        private final X509TrustManager tm;
        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager tm) {
        this.tm = tm;
        }

        public X509Certificate[] getAcceptedIssuers() {
        return tm.getAcceptedIssuers();
        }

        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        return tm.checkClientTrusted(chain, authType);
        }

        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        this.chain = chain;
        tm.checkServerTrusted(chain, authType);
        }
        }

  • http://mra.co.id Andi Kusnadi

    Hello Mr.

    Thank you for your explanation, i have done the two steps you provided.
    FIRST
    1. i type
    java -cp classes/ com/fxdx/framework/util/InstallCert testservices.dms.ferrari.com:64003

    Loading KeyStore /home/andi-mra/jdk1.7.0_25/jre/lib/security/cacerts…
    Opening connection to testservices.dms.ferrari.com:64003…
    Starting SSL handshake…

    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    .
    .
    .

    Added certificate to keystore ‘jssecacerts’ using alias ‘testservices.dms.ferrari.com-1′

    SECOND
    2.
    i doing again
    java -cp classes/ com/fxdx/framework/util/InstallCert testservices.dms.ferrari.com:64003

    and get error message

    Loading KeyStore jssecacerts…
    Opening connection to testservices.dms.ferrari.com:64003…
    Starting SSL handshake…

    javax.net.ssl.SSLException: java.lang.UnsupportedOperationException
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)

    Please help me.

    • http://mra.co.id Andi Kusnadi

      iam using java 7 sir. please help me

  • Rahul Mohan

    Hi,

    After executing the java file, i am getting the below exception

    javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1839)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1019)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1230)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1214)
    at InstallCert.main(InstallCert.java:97)

    any help will be highly appreciated.

  • http://www.ohadr.com Ohad R

    great post!
    thanks.
    however, you should update the broken links in it…

  • Balwant Chauhan

    Thanks for this post.It worked very fine for me with single server.
    I need to generate certificate for more than one server. Is it possible to keep generated certificates inside a single jssecacert file?? Or what is the way to keep generated certificates otherwise??

    • Arum

      Hello Balwant Chauhan ,

      Did you generate one Certificate file for more than one server at a time?
      Your reply is much appreciated

  • krishnan

    Thanks a lot it is working like a gem:)

  • Nitesh Sahay

    I have created a trustServerCertificate() which basically trust the certificate of the requested server at runtime.
    For that i do the following step

    1)Create a keystore and import the certificate into this keystore file
    2)put it into my project class path
    3)Write a method trustServerCertificate() which trust the keystore file

    static Properties properties = new Properties();
    void trustServerCertificate(){
    try {

    properties.load(ThisClass.class.getClassLoader().getResourceAsStream(“keystore.properties”));
    System.out.println(“Properties loaded successfully”);
    } catch (IOException e) {
    properties = null;
    System.out.println(“Properties not loaded: ” + e.getMessage());
    e.printStackTrace();
    }
    String keyStore = Util.class.getClassLoader().getResource(ThisClass.getProperties(“KeyStoreLocation”)).getFile();
    System.out.println(“KS path :” + keyStore);
    System.setProperty(“javax.net.ssl.trustStore”, keyStore);
    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

    }
    public static String getProperties(String key) {
    return properties.getProperty(key);
    }

    I am getting the same only when i trying to access the method for trust the certificate of the requested server from another method or constructor or init,but not from main method.

  • Vivek Jain

    Please help
    Getting below mention error

    main, WRITE: TLSv1 Handshake, length = 32
    main, READ: TLSv1 Alert, length = 2
    main, RECV TLSv1 ALERT: warning, close_notify
    main, SEND TLSv1 ALERT: fatal, description = unexpected_message
    main, WRITE: TLSv1 Alert, length = 18

    javax.net.ssl.SSLException: Received close_notify during handshake

  • sri

    C:\cert>java InstallCert localhost:8080
    Loading KeyStore C:\Program Files\Java\jre7\lib\security\cacerts…
    Opening connection to localhost:8080…
    Starting SSL handshake…
    Exception in thread “main” java.net.SocketTimeoutException: Read timed out
    at java.net.SocketInputStream.socketRead0(Native Method)
    at java.net.SocketInputStream.read(Unknown Source)
    at java.net.SocketInputStream.read(Unknown Source)
    at sun.security.ssl.InputRecord.readFully(Unknown Source)
    at sun.security.ssl.InputRecord.read(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source
    )
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at InstallCert.main(InstallCert.java:87)

    I have got the above exception can any one help?

    • Manish

      port 8080 is down that’s why it is given exception.

      • Manish

        server must running on port 8080.

  • Pingback: How to add Certificate to Apache Tomcat()

  • Ramesh V

    Hi Yong,
    I followed your steps as mentioned in the above.
    Now i am able to create the certificate. I did Copy the generated “jssecacerts” file to your “$JAVA_HOME\jre\lib\security” folder.
    Still i am getting same error:
    D:\MyStuff\TestCIMSweb>wsimport -p com.merge.cims.plugin -s src -d bin https://192.168.5.22/bah1100203_test/cimsservices/viewjob.svc?wsdl

    error: failed to parse document at “https://192.168.5.22/bah1100203_test/cimsservices/viewjob.svc?wsdl”: javax.net.ssl.SSLHandshakeExcept
    ion: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unabl
    e to find valid certification path to requested target

    can you any suggestions if i miss any thing.
    Thank You

    • Igor

      Hey guys!

      Can anybody tell me how to resolve this issue?

      Thanks,
      Igor

  • paramesh

    C:\Users\291767>java InstallCert localhost:8443
    Loading KeyStore C:\Program Files\Java\jre7\lib\security\cacerts…
    Opening connection to localhost:8443…
    Exception in thread “main” java.net.ConnectException: Connection refused: connec
    t
    at java.net.DualStackPlainSocketImpl.connect0(Native Method)
    at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source)
    at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
    at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
    at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
    at java.net.PlainSocketImpl.connect(Unknown Source)
    at java.net.SocksSocketImpl.connect(Unknown Source)
    at java.net.Socket.connect(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.connect(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.(Unknown Source)
    at sun.security.ssl.SSLSocketFactoryImpl.createSocket(Unknown Source)
    at InstallCert.main(InstallCert.java:94)
    Am getting this above exception can u please give me a solution?

  • subash

    While running with the following command

    C:\>java InstallCert localhost:8443

    I am getting the following exception

    C:\>java InstallCert localhost:8080
    Loading KeyStore C:\Program Files\Java\jre1.7.0\lib\security\cacerts…
    Opening connection to localhost:8080…
    Starting SSL handshake…

    javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
    at sun.security.ssl.InputRecord.handleUnknownRecord(Unknown Source)
    at sun.security.ssl.InputRecord.read(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at InstallCert.main(InstallCert.java:87)
    Could not obtain server certificate chain
    Please attach the solution for this exception?

  • Pingback: SOAP Webservice is giving the below error | BlogoSfera()

  • William Valencia

    Please update the links, these display 404 not found messages

  • Anu

    While running with the following command

    C:\>java InstallCert localhost:8443

    I am getting the following exception

    Loading KeyStore C:\Program Files\Java\jre7\lib\security\cacerts...
    Exception in thread "main" java.lang.NoClassDefFoundError: InstallCert$SavingTrustManager
            at InstallCert.main(InstallCert.java:88)
    Caused by: java.lang.ClassNotFoundException: InstallCert$SavingTrustManager
            at java.net.URLClassLoader$1.run(Unknown Source)
            at java.net.URLClassLoader$1.run(Unknown Source)
            at java.security.AccessController.doPrivileged(Native Method)
            at java.net.URLClassLoader.findClass(Unknown Source)
            at java.lang.ClassLoader.loadClass(Unknown Source)
            at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
            at java.lang.ClassLoader.loadClass(Unknown Source)
            ... 1 more
  • Tsadhate
  • Tsadhate

    Thanks for this, it was really useful to me :)

  • Nikolay

    The web links are not working.

  • ET Andes

    Thanks a lot. As always, you’ve been a great help.

  • Infotechie

    Hi Yong,

    Nice Tutorial.But I am still getting the same problem. My client is able to connect to server without any error/exception. In My application we are generating a pdf from a Html file. Now, when this pdf is generated error is coming at that point.
    No certificate error is coming on Web Browser.

    Please provide your valuable suggestions.

    Thanks.

  • Pingback: Java - Keystore Import (InstallCert.java) - Stan Kiselev Project()

  • Mahesh

    When connecting to our client production server from our production server over https, we are getting exception as java.net.SocketException: java.lang.ClassNotFoundException: org.ab
    logic.search.AllTrustSSLSocketFactory

    Please help on this.

  • Pingback: Query on jvm truststore and jssecacerts file? | PHP Developer Resource()

  • Satya

    Hello,
    Is the “Java InstallCert” command need to run on the webserver where the JSP page is running OR on the user machine where the user is accessing the JSP page.
    Thank you.
    Satya

  • Clydefrog

    Nice tutorial Yong!

    The website “http://blogs.sun.com/andreas/resource/InstallCert.java” doesn’t work anymore, though. Try this one instead: http://code.google.com/p/java-use-examples/source/browse/#svn%2Ftrunk%2Fsrc%2Fcom%2Faw%2Fad%2Futil%253Fstate%253Dclosed

  • Pingback: Add SSL Certificate to Plumtree Publisher JRE « WebCenter Interaction, ALUI, Plumtree blog by Integryst()

  • Jason

    I want java program connect to VMware Ubuntu PostgreSQL database using JDBC with SSL.

    String url = “jdbc:postgresql://192.168.235.128:5432/lincdoc”;
    Properties props = new Properties();
    props.setProperty(“user”,”demo.data”);
    props.setProperty(“password”,”aCTqjR3H”);
    props.setProperty(“ssl”,”true”);
    connection = DriverManager.getConnection(url, props);

    But hit error :
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    So i follow this post to solve the problem
    http://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/comment-page-1/#comment-72715

    But hit another error :

    D:\Project\InstallCert\src>java com.aw.ad.util.InstallCert 192.168.235.128:8443
    Loading KeyStore C:\Program Files\Java\jre6\lib\security\cacerts…
    Opening connection to 192.168.235.128:8443…
    Exception in thread “main” java.net.ConnectException: Connection refused: connec
    t
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.PlainSocketImpl.doConnect(Unknown Source)
    at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
    at java.net.PlainSocketImpl.connect(Unknown Source)
    at java.net.SocksSocketImpl.connect(Unknown Source)
    at java.net.Socket.connect(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(Unknow
    n Source)
    at com.aw.ad.util.InstallCert.main(InstallCert.java:94)

    NOTE : 192.168.235.128 is VMware IP address. Should i run the InstallCert.java inside VMware – Ubuntu instead of Windows Command Prompt ?

    I copy the InstalCert.java from here :
    http://code.google.com/p/java-use-examples/source/browse/trunk/src/com/aw/ad/util/InstallCert.java

    Appreciate for any help !

    • Jason

      I try

      java com.aw.ad.util.InstallCert localhost:8443

      also same error

    • anis

      hello ,

      the server must be running in this port when you call InstallCert,
      you can start tomcat at the port 8443 , after that call the class

      • Madhu

        Hi,

        I wan to run this in Linux server and after the certificates are generated I stored in security folder of JRE. But when I execute command “wget https://10.63.25.44:443/ProvisioningGateway/services/SPMLHlrSubscriber453Service?wsdl” I get below error:

        Connecting to 10.63.25.44:443… connected.
        ERROR: cannot verify 10.63.25.44âs certificate, issued by â/C=DE/ST=none/L=Munich/O=Siemens A.G./OU=COM/CN=srnpgw3â
        Self-signed certificate encountered.
        ERROR: certificate common name âsrnpgw3â10.63.25.44â
        To connect to 10.63.25.44 insecurely, use â–no-check-certificateâ.

        Could any one of you explain how to solve this problem?

  • Frederic DEBARD

    Great ! Smart How To.

  • Pingback: SSL Mutual Authentication Issue - - Coding Answers()

  • Pingback: How to bypass certificate checking in a Java web service client()