3

I have a certificate(signed by a ca) added to my truststore, but when I try to access it via the following code, I get the exception, PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

Code:

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;

public class ConnectHttps
{ 

public static void main(String[] argsd)
{
    System.out.println("***************Https testing started **************");


    try
    {
        URL u = new URL(
            "https://my-server.com/my-webservices/data");
        HttpsURLConnection http = (HttpsURLConnection) u.openConnection();
        http.setAllowUserInteraction(true);
        http.setRequestMethod("GET");
        http.connect();

        InputStream is = http.getInputStream();
        BufferedReader reader = new BufferedReader(new InputStreamReader(is));
        StringBuilder stringBuilder = new StringBuilder();
        String line = null;
        while ((line = reader.readLine()) != null)
        {
            stringBuilder.append(line
                + "\n");
        }
        System.out.println(stringBuilder.toString());
        System.out.println("***************Https testing completed **************");
    }
    catch (IOException e)
    {
        System.out.println("***************Https testing failed **************");
        e.printStackTrace();
    }
}

}

The certificate is valid and displays the data perfectly on google chrome and ie:

Chrome

but not on mozilla firefox and my java client(above):

Firefox

Please advise, what could be the problem.

Aspirant
  • 1,934
  • 4
  • 25
  • 44
  • What does it say in Firefox in the "Technical Details" section? It's possible that your cert was issued by a CA that is known and trusted in the Windows certificate list but not in the Firefox or Java lists. – Bruno Oct 31 '13 at 20:59
  • On the technical details it says: "The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)" – Aspirant Nov 01 '13 at 13:06
  • Hello [Wolfgang Fahl](http://stackoverflow.com/users/1497139/wolfgang-fahl), can you please explain how are the two questions similar? – Aspirant Nov 20 '13 at 14:36
  • http://stackoverflow.com/questions/11153058/java7-refusing-to-trust-certificate-in-trust-store is the question that shows when this is happening with jdk7. For Firefox you simply might want to add your CA certificate and you should be fine – Wolfgang Fahl Feb 13 '14 at 15:41
  • The CA certificate was added explicitly and it worked after that. But that still does not make this a duplicate question as mentioned above. – Aspirant May 21 '14 at 13:14

0 Answers0