Unable to invoke https REST endpoint through spring boot

Question

I have to build a REST endpoint which is internally calling some REST Endpoints (Business Confidential) and will do some customization and give a user-specific response. Endpoints (Business Confidential) that I'm using inside the spring boot framework and support HTTP and https. Since my framework supports HTTP protocol by default.

Sample Endpoint below:

http://localhost:8081/hadoop-cal-endpoint-controller/getCustomDetails/customerID

The above endpoint which I created and internally it will call another REST Service (which support HTTP and https) and applied some custom logic and return some specific format output as Response.

I added below lines into application.yml file:

   ssl:
      key-store: classpath:keystore.p12
      keyStoreType: pkcs12
      keyAlias: tomcat
      key-store-password: password
   port: 8081

Used the below blog to create keystore.p12 file (copied the keystore.p12 file in src/main/resources foder):

https://www.thomasvitale.com/https-spring-boot-ssl-certificate/

I started the spring boot application using spring-boot:run command and it ran successfully. I can able to open swagger API with https protocol as look like below:

Now the problem is whenever I tried to call the endpoints using HTTP or https inside the above client that is giving the below error message

 "status": 500,
  "error": "Internal Server Error",
  "exception": "javax.net.ssl.SSLHandshakeException",
  "message": "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

Everything works fine when I removed SSL and keep it as HTTP. But I just want to enable https and that endpoint will call another endpoint (Business confidential) and return a response.

Anyone, please help me on this?

Updated:

stack traces:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_221]
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) ~[na:1.8.0_221]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) ~[na:1.8.0_221]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) ~[na:1.8.0_221]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) ~[na:1.8.0_221]
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) ~[na:1.8.0_221]
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) ~[na:1.8.0_221]
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:965) ~[na:1.8.0_221]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064) ~[na:1.8.0_221]
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) ~[na:1.8.0_221]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395) ~[na:1.8.0_221]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) ~[na:1.8.0_221]
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) ~[na:1.8.0_221]
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) ~[na:1.8.0_221]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570) ~[na:1.8.0_221]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498) ~[na:1.8.0_221]
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) ~[na:1.8.0_221]
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:352) ~[na:1.8.0_221]
    at com.online.paypal.hadoop.cal.swagger.utils.Utils.sendGET(Utils.java:39) ~[classes/:na]
    at com.online.paypal.hadoop.cal.swagger.controller.HadoopCALEndpointController.getETLResponseLive(HadoopCALEndpointController.java:85) ~[classes/:na]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_221]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_221]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_221]
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_221]
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) ~[spring-web-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133) ~[spring-web-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97) ~[spring-webmvc-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827) ~[spring-webmvc-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738) ~[spring-webmvc-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) ~[spring-webmvc-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967) ~[spring-webmvc-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901) ~[spring-webmvc-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) ~[spring-webmvc-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) ~[spring-webmvc-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:635) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) ~[spring-webmvc-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) ~[tomcat-embed-websocket-8.5.31.jar:8.5.31]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.springframework.boot.web.filter.ApplicationContextHeaderFilter.doFilterInternal(ApplicationContextHeaderFilter.java:55) ~[spring-boot-1.5.13.RELEASE.jar:1.5.13.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111) ~[spring-boot-actuator-1.5.13.RELEASE.jar:1.5.13.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:606) ~[jersey-container-servlet-core-2.25.1.jar:na]
    at org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:524) ~[jersey-container-servlet-core-2.25.1.jar:na]
    at org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:461) ~[jersey-container-servlet-core-2.25.1.jar:na]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) ~[spring-web-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) ~[spring-web-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) ~[spring-web-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106) ~[spring-boot-actuator-1.5.13.RELEASE.jar:1.5.13.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.17.RELEASE.jar:4.3.17.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496) [tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) [tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803) [tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790) [tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1468) [tomcat-embed-core-8.5.31.jar:8.5.31]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.31.jar:8.5.31]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_221]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_221]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.31.jar:8.5.31]
    at java.lang.Thread.run(Thread.java:748) [na:1.8.0_221]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) ~[na:1.8.0_221]
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[na:1.8.0_221]
    at sun.security.validator.Validator.validate(Validator.java:262) ~[na:1.8.0_221]
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330) ~[na:1.8.0_221]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237) ~[na:1.8.0_221]
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) ~[na:1.8.0_221]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621) ~[na:1.8.0_221]
    ... 86 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:1.8.0_221]
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:1.8.0_221]
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_221]
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) ~[na:1.8.0_221]
    ... 92 common frames omitted

Below is the code that will call the HTTP/HTTPS endpoint.

  public static String send(String URL) throws IOException {
            StringBuffer response = new StringBuffer();
            //URL obj = new URL(null,url,new sun.net.www.protocol.https.Handler());
            URL obj = new URL(url);
            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
            //HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();
            //con.setHostnameVerifier(new SSLVerifier());
            con.setRequestMethod("GET");
            con.setRequestProperty("content-type", "application/json");
            int responseCode = con.getResponseCode();
            System.out.println("GET Response Code :: " + responseCode);
            responseValue = responseCode;
            System.out.println(responseValue);
            if (responseCode == HttpURLConnection.HTTP_OK) { // success
                BufferedReader in = new BufferedReader(new InputStreamReader(
                        con.getInputStream()));
                String inputLine;
                while ((inputLine = in.readLine()) != null) {
                    response.append(inputLine);
                }
                in.close();

            } else {
                System.out.println("GET request not worked");
            }
            return response.toString();

        }

Certification Path:

Updated the code as mentioned in the StackOverflow question that mentioned by Deadpool

HttpsUrlConnection using KeyStore instead of TrustStore with WebSphere Liberty Profile

FileInputStream truststoreFile = new FileInputStream(".//src//main//resources//keystore.p12");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore truststore = KeyStore.getInstance(KeyStore.getDefaultType());
            char[] trustorePassword = "password".toCharArray();
            truststore.load(truststoreFile, trustorePassword);
            trustManagerFactory.init(truststore);
            SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
            KeyManager[] keyManagers = {};//if you have key managers;
            sslContext.init(keyManagers, trustManagerFactory.getTrustManagers(), new SecureRandom());
        StringBuffer response = new StringBuffer();
        URL obj = new URL(url);
        HttpURLConnection con = (HttpURLConnection) obj.openConnection();

Observed Error:

"status": 500,
  "error": "Internal Server Error",
  "exception": "javax.net.ssl.SSLProtocolException",
  "message": "handshake alert:  unrecognized_name"

Can you confirm that your internal HTTP call uses the keystore you assume to use? Please append the code that calls the endpoints out of your application. — Smutje, Jan 08 '20 at 15:44
Also some stack trace from the spring boot application could be helpful — Georg Muehlenberg, Jan 08 '20 at 15:45
may be this one might help https://stackoverflow.com/questions/6908948/java-sun-security-provider-certpath-suncertpathbuilderexception-unable-to-find — Ryuzaki L, Jan 08 '20 at 15:50
https enabled but when I tried to call another End point inside @REST controller which is returning the above error message. — ArrchanaMohan, Jan 08 '20 at 15:55
@smutje I'm not sure how can I handle keystore in code. Can you please help me on this. — ArrchanaMohan, Jan 08 '20 at 15:55
Does this answer your question? [HttpsUrlConnection using KeyStore instead of TrustStore with WebSphere Liberty Profile](https://stackoverflow.com/questions/39578653/httpsurlconnection-using-keystore-instead-of-truststore-with-websphere-liberty-p) — Smutje, Jan 08 '20 at 15:56
I wonder this error message is from controller end point or by code that calling another endpoint in service ? @ArrchanaMohan — Ryuzaki L, Jan 08 '20 at 15:57
In your SSL certificate, set "Subject Alternatif Name" > Dns Name=localhost. — koding, Jan 08 '20 at 15:58
The code is calling another endpoint in service and observed that error message. I just mentioned the sendGET(String url) which is calling the other end point. — ArrchanaMohan, Jan 08 '20 at 16:00
https://www.tutorialspoint.com/spring_boot/spring_boot_introduction.htm — koding, Jan 08 '20 at 16:20

so-random-dude · Accepted Answer · 2020-08-14T16:21:07.963

2

Apparently, your service provider uses a self signed certificate. You either have to add the selfsigned certificate to cacerts known certificates to whitelist it or run your application with -Djavax.net.ssl.trustStore parameter

Here is details

https://stackoverflow.com/a/12146838/6785908

Quoting relevant parts here

The problem appears when your server has self signed certificate. To workaround it you can add this certificate to the list of trusted certificates of your JVM.

In this article author describes how to fetch the certificate from your browser and add it to cacerts file of your JVM. You can either edit JAVA_HOME/jre/lib/security/cacerts file or run you application with -Djavax.net.ssl.trustStore parameter. Verify which JDK/JRE you are using too as this is often a source of confusion.

See also: How are SSL certificate server names resolved/Can I add alternative names using keytool? If you run into java.security.cert.CertificateException: No name matching localhost found exception.

Or if it's just for testing purpose, why not just tell your process to skip the cert validation

like this: https://www.rgagnon.com/javadetails/java-fix-certificate-problem-in-HTTPS.html

Or

Modern way of invoking a rest service using Spring's WebClient (and ignoring the cert) https://stackoverflow.com/a/45441205/6785908

edited Aug 14 '20 at 16:21

answered Jan 08 '20 at 19:02

so-random-dude

15,277
10
68
113

I just downloaded the .cer file and imported as mentioned in that link and ran the service and still its failing. Can you please tell me what I should mentioned in the application.yml file after imported .cer file in cacert. – ArrchanaMohan Jan 09 '20 at 10:25
Can you please help me on this. I'm completely blocked and googled but didn't find any right resources. It would be great if you give me some sample code that fix my issue. – ArrchanaMohan Jan 09 '20 at 18:12
Hi @ArrchanaMohan, I am more than happy to help. Could you just checkin both Rest producer and consumer code to a github repo where the issue is reproducible – so-random-dude Jan 09 '20 at 18:20
Did you check your cacerts file for the new entry – so-random-dude Jan 09 '20 at 18:21
Yes I did. I exported the.cer file from the https through browser and imported into cacert file, and reboot the service and tried but still no luck – ArrchanaMohan Jan 09 '20 at 18:23
Is it possible to use cert.pem and key.pem file to use and fix the certification issue? I just got those file from certification team. How can I use those to resolve this issue. Yours idea and help is highly appreciated. – ArrchanaMohan Jan 09 '20 at 18:25
since It deal with some live records and I cant push the code to Git hub. That's the really paining part. – ArrchanaMohan Jan 09 '20 at 18:26
https://www.rgagnon.com/javadetails/java-fix-certificate-problem-in-HTTPS.html This will unblock you from doing the local testing. But it's a security concern, dont do this in production – so-random-dude Jan 09 '20 at 19:13
@ArrchanaMohan.. here is the code that suppresses the hostname and cert validation checks, https://github.com/jaisonpjohn/spring-scratchpad/tree/master/spring-boot-https- – so-random-dude Jan 09 '20 at 19:25
clone it and run application.java (server), then run the client. If you remove the static block , it will reproduce your issue – so-random-dude Jan 09 '20 at 19:27
1

https://github.com/jaisonpjohn/spring-scratchpad/tree/master/spring-boot-https-pkcs12 -- updated the URL – so-random-dude Jan 09 '20 at 19:33
@ArrchanaMohan.. Did this work for you. If it did, please accept the answer. – so-random-dude Jan 10 '20 at 15:45
Nope still no luck. I tried to hit https like in that code but It returned { "timestamp": "2020-01-10T13:16:26+0530", "status": 500, "error": "Internal Server Error", "exception": "org.springframework.web.client.ResourceAccessException", "message": "I/O error on GET request for \"https://hadoop.qa.amazon.com/idsearch/environment/amzon/id/47b46cfb08f8c47b46cf\": handshake alert: unrecognized_name; nested exception is javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name", – ArrchanaMohan Jan 10 '20 at 16:00
1

Try switching to Spring's WebClient than the apache web client. Refer my edited answer – so-random-dude Jan 10 '20 at 16:16

score 1 · Answer 2 · answered Jan 08 '20 at 16:34

1

-Djavax.net.ssl.keyStore=path/to/keystore.jks

answered Jan 08 '20 at 16:34

Jaganath Kamble

506
2
10

Is it system.setProperties? can you please tell me where I need to use this in the above code? – ArrchanaMohan Jan 08 '20 at 16:45

Unable to invoke https REST endpoint through spring boot

2 Answers2