0

I know this is a very basic question, but some how I have managed to not find a solution to this problem. I have a java class that has a main method. In that method, I try to access an https url as below:

package helloworld;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;

import javax.net.ssl.HttpsURLConnection;

public class ConnectHttps
{
public static void main(String[] argsd)
{
    System.out.println("***************Https testing started **************");
    try
    {
        URL u = new URL("https://localhost:8443/myapp/test");
        HttpsURLConnection http = (HttpsURLConnection) u.openConnection();
        http.setAllowUserInteraction(true);
        http.setRequestMethod("GET");
        http.connect();

        InputStream is = http.getInputStream();
        BufferedReader reader = new BufferedReader(new InputStreamReader(is));
        StringBuilder stringBuilder = new StringBuilder();
        String line = null;
        while ((line = reader.readLine()) != null)
        {
            stringBuilder.append(line
                + "\n");
        }
        System.out.println(stringBuilder.toString());
        System.out.println("***************Https testing completed **************");
    }
    catch (IOException e)
    {
        System.out.println("***************Https testing failed **************");
        e.printStackTrace();
    }
}

}

On executing this program, the output I get is:

***************Https testing started **************
***************Https testing failed **************
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at helloworld.ConnectHttps.main(ConnectHttps.java:59)

I guess I am doing a very basic mistake here.

I am using JDK 1.7.0_25.

Aspirant
  • 1,934
  • 4
  • 25
  • 44
  • @axiopisty Why? If JSSE wasn't 'properly configured', how could he ever have compiled this program? Or executed it? Or got a stack trace containing sun.security.ssl.SSLSocketImpl? – user207421 Oct 18 '13 at 21:41

1 Answers1

2

java.net.ConnectException: Connection timed out: connect

This is not really related to SSL/TLS. Rather, your client can't connect to the server at all (at least not within a reasonable time).

It's quite possible that there's a firewall preventing you from making such connections.

You might have to go through a proxy, in which case setting the https.proxyHost and https.proxyPort system properties should be taken into account by HttpsURLConnection.

Bruno
  • 119,590
  • 31
  • 270
  • 376
  • Thanks for the response [Bruno](http://stackoverflow.com/users/372643/bruno). I have edited my question to point to a local URL. I gave a public URL earlier so that it could be a complete [sscce](http://sscce.org/). I get the exception: `javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found`. I did my research to get to [this](http://www.mkyong.com/webservices/jax-ws/java-security-cert-certificateexception-no-name-matching-localhost-found/), but all this is doing is disabling SSL. – Aspirant Oct 23 '13 at 19:48
  • Essentially what I need is to be able to configure security certificates on my client, which is not a browser in this case. – Aspirant Oct 23 '13 at 19:51
  • Your certificate is not valid for `localhost`. Try to use the FQDN in the URL, to match what's in the certificate. – Bruno Oct 23 '13 at 20:27
  • As naive as it may sound, I used keytool to add the certificates but not sure if I am even going in the correct direction. – Aspirant Oct 23 '13 at 20:51
  • Also, for environments other than development, this might again result in similar exceptions as certificates for those environments will be different. – Aspirant Oct 23 '13 at 20:52