Where to add certificate for SSLException in java?

Question

I'm using the code below to send an OTP but I'm receiving an error:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at responseMessage = connection.getResponseMessage();

I've found couple of solutions but not sure about the implementation of the answers.

public Boolean sendSmsOTP(String MobileNumber, String OTPKey) {
    logDebugInfo("In sendSmsOTP ", LOG_TYPE_INFORMATIVE);
    HttpURLConnection connection;
    int responseCode;
    String requestData, responseMessage;
    URL smsUrl;
    URI uri;
    String mobileNumber = MobileNumber.replace("+91", "");
    try {
        logDebugInfo("Mobile Number : " + mobileNumber + "  OTP : " + OTPKey, LOG_TYPE_INFORMATIVE);
        requestData = gResourceBundle.getString("RequestSMSData");
        requestData = requestData.replace("[MobileNumber]", mobileNumber.trim());
        requestData = requestData.replace("[OTPKEY]", OTPKey);
        requestData = requestData.replace("[ ]", "%20");
        requestData = requestData.replace(" ", "%20");
        System.out.println(requestData.toString());
        uri = new URI(requestData);
        smsUrl = uri.toURL();
        logDebugInfo("URL : " + smsUrl.toString(), LOG_TYPE_INFORMATIVE);

        connection = (HttpURLConnection) smsUrl.openConnection();
        connection.setDoOutput(false);
        connection.setDoInput(true);

        System.out.println("Manish negi -> "+connection.toString());

        responseMessage = connection.getResponseMessage();
        logDebugInfo("Response Message from SMS server " + responseMessage, LOG_TYPE_INFORMATIVE);
        responseCode = connection.getResponseCode();
        if (responseCode == HttpURLConnection.HTTP_OK) {
            connection.disconnect();
            System.out.println("OTP GENERATED");
            return true;
        } else {
            connection.disconnect();
            return false;
        }
    } catch (Exception e) {
        logErrorInfo("Exception in sendSmsOTP function()..." + e.getMessage());
        logDebugInfo("Exception in sendSmsOTP function()..." + e.getMessage(), LOG_TYPE_CRITICAL);
        gResultMessage = gResultMessage.replace("Error Code", "CA01");
        gReturnResponse = getJSONString(gErrorResponse, gResultMessage);
        e.printStackTrace();
        return false;
    }
}

This code throws the error given below:

A console typically contains text output as well. You should *not* put up a screenshot, but just well formatted *text* where possible. — GhostCat, Apr 30 '18 at 12:50
In other words *dont post pictures of text here.* Complete waste of your time and our bandwidth. Post the text. — user207421, May 01 '18 at 10:37
It would have been very appreciable.. if you guys had answered my question, instead of making the fuss about it — ManishNegi, May 02 '18 at 05:04

anothernode · Accepted Answer · 2018-05-11T08:01:25.203

1

In my experience this error message often means that you are trying to establish a TLS connection to a server with a self-signed certificate. If that is the case here, the solution usually is to add the server's certificate to the certificate store of the JVM your client is running on.

If you have the certificate in a file called server.crt, you can add it using the keytool that comes with the JVM, like this:

keytool -import -noprompt \
  -storepass changeit \
  -alias some_alias \
  -keystore $JAVA_HOME/jre/lib/security/cacerts \
  -file server.crt

You can obtain the server's certificate using openssl with a command like this:

 openssl s_client -showcerts -connect www.example.com:443 </dev/null

edited May 11 '18 at 08:01

answered Apr 30 '18 at 13:00

anothernode

5,100
13
43
62

I tried to run the command given below: **C:\Program Files\Java\jdk1.7.0_75\bin>keytool -import -noprompt -storepass changeit -alias baya -keystore "C:\Progr am Files\Java\jdk1.7.0_75\jre\lib\security" -file "C:\Users\Manish Negi\Desktop\cer.crt"** Which lead me to: **Certificate was added to keystore keytool error: java.io.FileNotFoundException: C:\ProgramFiles\Java\jdk1.7.0_75\jre\lib\security (Access is denied)** I started command prompt in admin mode – ManishNegi May 01 '18 at 07:49
`C:\ProgramFiles\Java\jdk1.7.0_75\jre\lib\security` is a directory, but the keystore is a file in that directory. Try `C:\ProgramFiles\Java\jdk1.7.0_75\jre\lib\security\cacerts` instead. – anothernode May 01 '18 at 09:36
i tried you modification ..ran the command successfully ..but still getting the same error – ManishNegi May 01 '18 at 10:02

score 1 · Answer 2 · answered May 01 '18 at 09:53

1

First of all you need to install or add the server's certificate to your client JVM keystore. you can install it by keytool as explained by anothernode or you can use GUI based tool keyStore Explorer.

Once you have server certificate on client store then it should be solved. could you use keyStore Explorer tool and examine if certificate is added to client keystore or not?

answered May 01 '18 at 09:53

Waqas Ahmed

4,801
3
36
45

I've the certificate but dont know where to place it? – ManishNegi May 01 '18 at 10:04
you need to place the certificate on same machine on which you above code us deployed public Boolean sendSmsOTP(String MobileNumber, String OTPKey) {....} .... Infact your webapp running on server let say local tomcat then you need to add on your local jvm key store... – Waqas Ahmed May 01 '18 at 10:42

Where to add certificate for SSLException in java?

2 Answers2