Gopal Gopal - 4 months ago 20
Java Question

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed

i am using java application to check the url connrectivity, for the some url (internal) application url, i am getting 200 (success), for the others i am getting the below exception.

but if i manually connect to the below url , no issues on that, do i need pki certificates.
need your help.

URL Link response code (200), good



http://pns15a-0215.corpny.com:21212/Mngr 200 OK OK

URL link response exception



https://tantex.intra.net/Mngr/

Exception message:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Logs



javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)

Program Source code



log.info("testing the httpurlconnection for url:" + strUrl );

url = new URL(strUrl);
urlConn = (HttpURLConnection) url.openConnection();
urlConn.connect();

if (urlConn.getResponseCode() == HttpURLConnection.HTTP_OK )
{
log.info("url http connection is sucessfull");

//append the response status
urlResponseStatus = "OK";
}
else
{
log.info("url http connection failure, response code:" + urlConn.getResponseCode());

//append the response status
urlResponseStatus = "NOT OK";
}

urlResponseCode = urlConn.getResponseCode();
urlResponseMessage = urlConn.getResponseMessage();

Answer

The SSL certificate isn't trusted by Java. The certificate may be self-signed, or it may be signed by a CA (Certificate Authority) whose root certificate is not in the Java certificate store.

Add the code to trust the certificate provided by host. Import the certificate before consuming the URL.

Just add below code to trust the certificate

TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return null;
    }
    public void checkClientTrusted(
        java.security.cert.X509Certificate[] certs, String authType) {
    }
    public void checkServerTrusted(
        java.security.cert.X509Certificate[] certs, String authType) {
    }
}};

   try {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
    }

// Add your code below