1

i am using java application to check the url connrectivity, for the some url (internal) application url, i am getting 200 (success), for the others i am getting the below exception.

but if i manually connect to the below url , no issues on that, do i need pki certificates. need your help.

URL Link response code (200), good

http://pns15a-0215.corpny.com:21212/Mngr 200 OK OK

URL link response exception

https://tantex.intra.net/Mngr/

Exception message: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Logs

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)

Program Source code

        log.info("testing the httpurlconnection for url:" + strUrl );

            url = new URL(strUrl);
            urlConn = (HttpURLConnection) url.openConnection();
            urlConn.connect();

            if (urlConn.getResponseCode() == HttpURLConnection.HTTP_OK )
            {
                log.info("url http connection is sucessfull");

                //append the response status
                urlResponseStatus = "OK";
            }
            else
            {
                log.info("url http connection failure, response code:" +  urlConn.getResponseCode());

                //append the response status
                urlResponseStatus = "NOT OK";
            }

            urlResponseCode = urlConn.getResponseCode();
            urlResponseMessage =  urlConn.getResponseMessage();
Gopal
  • 757
  • 3
  • 13
  • 30

1 Answers1

13

The SSL certificate isn't trusted by Java. The certificate may be self-signed, or it may be signed by a CA (Certificate Authority) whose root certificate is not in the Java certificate store.

Add the code to trust the certificate provided by host. Import the certificate before consuming the URL.

Just add below code to trust the certificate

TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return null;
    }
    public void checkClientTrusted(
        java.security.cert.X509Certificate[] certs, String authType) {
    }
    public void checkServerTrusted(
        java.security.cert.X509Certificate[] certs, String authType) {
    }
}};

   try {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
    }

// Add your code below
Thilak
  • 367
  • 2
  • 12
  • 1
    where to add this code, in JavaMail class? – Hassan Dec 25 '15 at 00:18
  • @Hassan I think in your `main` function, so it runs once at startup. However, doesn't seem to work. Maybe because `HttpsURLConnection` is for `HTTP` but JavaMail is `SMTP`, so the code configures the wrong thing (http not smtp). – KajMagnus May 29 '18 at 07:54