1

hi all i use this code to connect https and its work fine on my pc but when i upload to my server dont work

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)
at mehritco.ir.connection.URLConnection.read(URLConnection.java:38)
at mehritco.ir.cortexclient.objects.invoice.Price.setExchangeRate(Price.java:42)

and this log file dont show at local pc!

here the my code for connect to https/ssl

public String readLinkInJson(String url, String data) throws MalformedURLException, IOException {
    URL obj = new URL(url);
    System.out.println(data);
    HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();
    con.setHostnameVerifier(hv);
    con.setRequestMethod("POST");
    con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
    con.setRequestProperty("User-Agent", "Mozilla/5.0");
    con.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
    con.setDoOutput(true);
    // For POST only - START
    try (OutputStream os = con.getOutputStream()) {
        os.write(data.getBytes("UTF-8"));
        os.flush();
    }
    // For POST only - END
    String inputLine;
    StringBuilder response = new StringBuilder();
    int responseCode = con.getResponseCode();
    if(responseCode >= 400){
    try (BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()))) {
        while ((inputLine = in.readLine()) != null) {
            response.append(inputLine);
        }
    }
    }else{
    try (BufferedReader in = new BufferedReader(new InputStreamReader(con.getErrorStream()))) {
        while ((inputLine = in.readLine()) != null) {
            response.append(inputLine);
        }
    }
    }
    return response.toString();

}

so what can i do? please help me to find right code...

  • did you have add a certificate in your java trust store in your remote server? – Mançaux Pierre-Alexandre Jul 18 '18 at 10:00
  • no , how i can? @MançauxPierre-Alexandre –  Jul 19 '18 at 04:37
  • get the client certificate of your server and add it to your java trustore: https://stackoverflow.com/questions/373295/digital-certificate-how-to-import-cer-file-in-to-truststore-file-using or this comment can help you if you don t have the certificate https://stackoverflow.com/a/23162215/3414468 – Mançaux Pierre-Alexandre Jul 19 '18 at 15:12
  • with your code i change set requestmethod to GET and call https://www.google.fr and it work, be carrefull with if(responseCode >= 400), here you getIntpustream instead of errorStream...and in else you read errorStream... if you are looking for your truststore or keystore file, they are in jour jvm directory, google can help you to find it – Mançaux Pierre-Alexandre Jul 19 '18 at 15:24
  • yes , Thanks @MançauxPierre-Alexandre –  Jul 21 '18 at 06:34
  • i use some other code to add cert without adding directly to security lib and fix my if to connect... –  Jul 21 '18 at 06:35
  • yes its another solution, but if you have multiple environnement to call (integration, preproduction,production...) you need to have different cert and if you have multiplie application to do, you need to duplicate your code. but if you add the certificate directly in truststore, all your application and client can call distant application without adding any piece of code ;) just a point of view. – Mançaux Pierre-Alexandre Jul 23 '18 at 07:22
  • @MançauxPierre-Alexandre can you show some part of code to use? –  Jul 24 '18 at 09:47
  • its just the same code you have at the origin, but add an SSLContext, and then try to add server certificate in the trustore of the JVM that launch your program, then when an https call was made, the certificat was recognized thanks to the SSLcontext and connection can be establish. see link i give you in my previous comments and on google you will find many exemple of java HTTPS client ;) – Mançaux Pierre-Alexandre Jul 24 '18 at 12:19

1 Answers1

1

i found my answer!

 TrustManager[] trustAllCerts = new TrustManager[]{
            new X509TrustManager() {
                @Override
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }

                @Override
                public void checkClientTrusted(
                        java.security.cert.X509Certificate[] certs, String authType) {
                }

                @Override
                public void checkServerTrusted(
                        java.security.cert.X509Certificate[] certs, String authType) {
                }
            }
        };

        try {
            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        } catch (GeneralSecurityException e) {
        }

add this code befor make url object.