16

I'm trying to connect to a website using a HttpClient object. It works fine for websites we normally use(Like google). But there is a web site, when I try to connect, my program gives this error..

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:295)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1369)
....................
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
...............

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 27 more

When I try to go to this url from the browser, I have to click continue anyway. Otherwise browser will not load the page. It gives a privacy error saying your connection is not private.

How can I overcome this problem in my java application..? I want my software to connect with that url without any error or without asking any confirmation.

Ramesh-X
  • 4,853
  • 6
  • 46
  • 67
  • Does this answer your question? [How to ignore SSL certificate errors in Apache HttpClient 4.0](https://stackoverflow.com/questions/2703161/how-to-ignore-ssl-certificate-errors-in-apache-httpclient-4-0) – rogerdpack Feb 23 '21 at 18:59
  • I solved this problem generating a new Cacerts file and adding it to java trustStore. – NeoRamza Mar 11 '22 at 17:10

2 Answers2

25

Problem was solved when I used a TrustSelfSignedStrategy object as the Trust material to HttpClient.

        httpClient = HttpClients.custom()
            .setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContexts.custom()
                    .loadTrustMaterial(null, new TrustSelfSignedStrategy())
                    .build()
                )
            ).build();

The code I used is shown above..

Ramesh-X
  • 4,853
  • 6
  • 46
  • 67
14

For HttpClient4.x, the following will trust all

public static HttpClientBuilder createTrustAllHttpClientBuilder() {
  SSLContextBuilder builder = new SSLContextBuilder();
  builder.loadTrustMaterial(null, (chain, authType) -> true);           
  SSLConnectionSocketFactory sslsf = new 
  SSLConnectionSocketFactory(builder.build(), NoopHostnameVerifier.INSTANCE);
  return HttpClients.custom().setSSLSocketFactory(sslsf);
}
greensuisse
  • 1,727
  • 16
  • 18