0

I'm using the JavaLite implementation and everything works fine when requesting HTTP services but when trying to get data from the HTTPS version of the service I get the HttpException "Failed URL".

Here's my code:

Get get = Http.get(url + "/eds/api/v1/certificados");
get.header("Authorization", "Basic " + Credentials);
get.header("APIKey", APIKey);
get.header("Accept", "application/json");
            
System.out.println(get.text());

Also tried with

String test = Http.get(url + "/eds/api/v1/certificados").header("Authorization", "Basic " + Credentials).header("APIKey", APIKey).header("Accept", "application/json").text();

Both of them behave the same way, if the URL is HTTP I can get the data, if the URL is HTTPS catch "Failed URL". I've tested the REST service with SOAPui and the HTTPS server works fine.

Any suggestion what I'm missing when trying to send a GET on HTTPS with headers?

mkrieger1
  • 19,194
  • 5
  • 54
  • 65
Luis Gonzalez
  • 1
  • 1
  • you need to do more research: 1. Provide a full stack trace, 2. Try the same with plain Java. I have a feeling you have some certificate issue. – ipolevoy Mar 23 '18 at 13:16
  • Thanks Igor, it's true, when trying with curl I need to use --insecure option to override certificates, how can I do the same with JavaLite? – Luis Gonzalez Mar 23 '18 at 14:44
  • I've found this code from https://stackoverflow.com/questions/2893819/accept-servers-self-signed-ssl-certificate-in-java-client and it works like a charms, at least for what I need – Luis Gonzalez Mar 23 '18 at 16:02

1 Answers1

0

I was going to suggest that the site's digital certificate was not signed by a Certificate Authority that is contained in the Java JRE certificate store.

Here is what you can do:

  1. Use the browser and explore the certificate of the site, including a certificate chain, all the way to the root Certificate Authority
  2. Explore what CA certs are installed locally.

The file for Java is: 

$JAVA_HOME/jre/lib/security/cacerts

you need to run this command: 

keytool  -list -keystore cacerts

When prompted for password, just press Enter.

If you do not see a certificate of a CA that was used to sign a certificate of your site, than you will have this error.

How to fix:

  1. Use a well known CA to get a certificate for your site and ensure it is already present in your Java cert database.

or:

  1. Get the certificate from the site using a browser, and import it into your local Java database with command:

    keytool -importcert ...

For more information on the keytool program:

 keytool --help
ipolevoy
  • 5,432
  • 2
  • 31
  • 46