1

I'm using this code to download the timeline page from our local Trac system:

HttpURLConnection con = (HttpURLConnection) TRAC_TIMELINE_URL.openConnection();
String userpassword = TRAC_USERNAME + ":" + TRAC_PASS;
String encodedAuthorization = new String(Base64.encodeBase64(
        userpassword.getBytes(Charsets.ASCII)), Charsets.ASCII);
con.setRequestProperty("Authorization", "Basic " + encodedAuthorization);
InputStream ins = con.getInputStream();

Because the Trac server is accessed via HTTPS but has a self-signed certificate, I get the following exception on the call to getInputStream:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

What's the quickest way to make it work? I'm fine with just ignoring the certificate correctness altogether, because this request is going to be made over the LAN.

Donal Fellows
  • 133,037
  • 18
  • 149
  • 215
Bart van Heukelom
  • 43,244
  • 59
  • 186
  • 301
  • seems to be a duplicate: http://stackoverflow.com/questions/859111/how-do-i-accept-a-self-signed-certificate-with-a-java-httpsurlconnection – Neeme Praks Nov 26 '10 at 13:42

1 Answers1

0

At the very least, you need to make sure that the public certificate that matches the private certificate used by your Trac system (or the certificate of the CA that signed that server cert) is in your truststore. It's a requirement of the Java SSL libraries that there is a chain of trust to a known trust-root (verifying a binding between the DN of the server cert and the requested hostname is optional, though highly recommended for normal HTTPS).

Donal Fellows
  • 133,037
  • 18
  • 149
  • 215