0

I am trying to access local https site with self-signed certificate. I modified the hostfile and I assigned an Ip address to my localsite; the code I am using to get to the site:

 String httpsURL = "https://test-ssl.com";
    URL myurl = new URL(httpsURL);
    HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection();
    InputStream ins = con.getInputStream();
    InputStreamReader isr = new InputStreamReader(ins);
    BufferedReader in = new BufferedReader(isr);

    String inputLine;

    while ((inputLine = in.readLine()) != null)
    {
      System.out.println(inputLine);
    }

    in.close();
  }

and I am getting this Error Message:

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)

I have imported the self-signed certificate into the keystore using following this command:

keytool -import -alias site-ssl -keystore cacerts -file site-ssl.com.cer

Certificate was imported successfully

what am I missing here?

Moe
  • 1,427
  • 4
  • 34
  • 54

1 Answers1

1

You should try it with a hostname instead of the IP address in the URL. It's trying to do hostname verification, and the certificate doesn't contain a Subject Alternative Name for 192.168.1.6.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • Modified the question, can you take a look? Thanks! – Moe Apr 29 '16 at 05:27
  • Your JVM isn't using the `cacerts` file you imported the certificate into as a truststore. – user207421 Apr 29 '16 at 08:40
  • I agree with @EJP, may be this would work: `keytool -import -alias site-ssl -keystore $JAVA_HOME/jre/lib/security/cacerts -file site-ssl.com.cer` – Seb B. May 04 '16 at 13:13