I have a problem to connect with SSL in Java.
I use java 1.7.80 and S.O. : ubuntu 14.04
My problem is the certificate, even certificates. I have four elements that must be concatenated using the pkcs12 format.
testservizi.fattura.it.cer --> certificate that identifies the remote server
SDI-11036210158 --> certificate client
CAEntratetest.cer --> certificate CA
private.key --> private key
1) Step - convert the file cer into file pem
$ openssl x509 -in CAEntratetest.cer -outform PEM -out CAEntratetest.pem
$ openssl x509 -in SDI-11036210158.cer -inform DER -out SDI-11036210158.pem -outform PEM
$ openssl x509 -in testservizi.fatturapa.it.cer -inform DER -out testservizi.fatturapa.it.pem -outform PEM
2) Step - union pem files for create chain certificate
$ cat CAEntratetest.pem SDI-11036210158.pem testservizi.fatturapa.it.pem > sum_cert.pem
3) Step - create p12 file
$ openssl pkcs12 -export -in sum_cert.pem -inkey private.key -out sogei_auth.p12 -name sogei_auth
Ok. My first test is to import the p12 file in the browser (Mozilla Firefox) to verify the operation. The import is successful and at this point I enter the url
https://testservizi.fatturapa.it/ricevi_file
and he answered:
Hello! This is an Axis2 Web Service!
..perfect works!!
Now I have to make it work with java and I create a test client
import java.io.File;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils;
public class TestHTTPSClient {
public static void main(String[] args) throws Exception {
SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial(new File("C:/testSSL/sogei_auth.p12"), "changeit".toCharArray()).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext);
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
try {
HttpGet httpget = new HttpGet("https://testservizi.fatturapa.it/ricevi_file");
System.out.println("executing request " + httpget.getRequestLine());
CloseableHttpResponse response = httpclient.execute(httpget);
try {
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
EntityUtils.consume(entity);
} finally {
response.close();
}
} finally {
httpclient.close();
}
}
}
2) Change format keystore in java.security, otherwise you can not read the file p12
keystore.type=jks
change into
keystore.type=pkcs12
3) Start testing in java and I answered with an error
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
..
.
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 26 more
can you help me...
