SSLHandshakeException using one computer, works on an other

Question

I am trying to access this https://www.cityofathens.gr/khe/epixeiriseis/json?shop_id=49087 page using a java client to read some json data. Strange thing is that when i run it on my computer it works just fine, but when i run the jar to a VM it is giving me this error

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I am using this

String url="https://www.cityofathens.gr/khe/epixeiriseis/json?shop_id=49087";
BufferedReader in = new BufferedReader(new InputStreamReader(new URL(url).openStream()));
String result=IOUtils.toString( in );
System.out.println(result);

After some digging I tried to use HttpsURLConnection

String url="https://www.cityofathens.gr/khe/epixeiriseis/json?shop_id=49087";
URL myurl = new URL(url);
HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection();
InputStream ins = con.getInputStream();
InputStreamReader isr = new InputStreamReader(ins);
BufferedReader in = new BufferedReader(isr);

but the error remained the same!

any help? Thanks

@Henry,root as the linux root? of the client or the server? funny thing, tried it on an older pc of mine and doesnt work there either(all 3 using Ubuntu) — Skaros Ilias, Aug 01 '16 at 08:22

score 0 · Answer 1 · edited May 23 '17 at 12:08

Your other Java VM is missing root ca (DST Root CA X3). Update JRE/JDK to 7u111/8u101 on VM or add the certificates to the keystore by hand.

Download certificates:

wget https://letsencrypt.org/certs/letsencryptauthorityx1.der
wget https://letsencrypt.org/certs/letsencryptauthorityx2.der
wget https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.der
wget https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.der
wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der
wget https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.der

Add them to the keystore (location may be different on your system):

sudo keytool -trustcacerts -keystore /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/cacerts  -storepass changeit -noprompt -importcert -file letsencryptauthorityx1.der
# repeat for the rest of *.der files

You will need to restart java processes you want to use the new certs.

Skip certificate validation

You could also ignore certificate problems (not recommended): check this answer for code:

you will need to work with keytool https://docs.oracle.com/javase/tutorial/security/toolsign/rstep2.html. Download certificate, import it via keytool to jvm keystore. See here for more details http://stackoverflow.com/questions/373295/digital-certificate-how-to-import-cer-file-in-to-truststore-file-using — borowis, Aug 01 '16 at 10:24

SSLHandshakeException using one computer, works on an other

1 Answers1

Skip certificate validation