1

I am referring to this JSSE Reference Guide and doing handshake with my Webserver with an SNI Hostname and getting the public certificate.

Only for a particular SNI Domain, when I try to get the Pub-Cert with ssl-handshake I am getting the below exception

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

It comes exactly when i wrap the data using sslEngine.wrap(myAppData, myNetData);

Am not sure how to tackle it ..

But when i try to do the handshake from my linux-terminal with the below command, it works perfectly fine ..

/usr/bin/openssl s_client -connect api.sys.mm.d1.cf.company.com:443 -servername www.myapp.company.com 2>/dev/null
Arun
  • 3,440
  • 11
  • 60
  • 108
  • These exceptions usually come up when the root certificate is not trusted. You may need to add the root certificate (the top most certificate in your certificate chain) to the trust store. Other possibility, is that your server does not return the whole certificate chain (excluding the root certificate) when requested. – Tomer Aug 05 '19 at 22:10
  • you can also try to update your JDK – m.antkowicz Aug 05 '19 at 22:14
  • the same `JDK` ran my code well 1 month back. Now am running in to the issue... Would that be a good option to use libraries such as `bouncy-castle` to make `SSL` calls and read the ceritificate, as opposed to using `java-NIO` apis ? – Arun Aug 05 '19 at 22:17

0 Answers0