0

Even after doing the below steps, I am unable to establish a connection to https link

  1. Converted .crt and .key file to .p12 through openssl

  2. Converted .p12 file to .jks file through keytool (though I could directly mention .p12 in the code)

  3. Added generated .jks file to cacerts present in jdk/jre/lib/security
  4. My client code is here
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream("test.jks"), "changeit".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore);
TrustManager[] tms = tmf.getTrustManagers();
System.out.println(tms.length);
//this is gives me 1
SSLContext sslContext = null;
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tms, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
URL url;
url = new URL(" https://testurl.com");
HttpsURLConnection urlConn = (HttpsURLConnection) url.openConnection();
urlConn.setRequestMethod("POST");
urlConn.setRequestProperty("Content-Type", "application/json; utf-8");
urlConn.setRequestProperty("Accept", "application/json");
urlConn.setDoOutput(true);
urlConn.setDoInput(true);
urlConn.connect();
  1. Tried adding truststore in System property as well but same error.
  2. Tried adding truststore/keystore in VM arguments, still got the same error.

What else should I try to make it work?

Muhammad Dyas Yaskur
  • 6,914
  • 10
  • 48
  • 73
Rini Philip
  • 1
  • There is some debugging/troubleshooting guidance in [this question](https://stackoverflow.com/questions/9210514/unable-to-find-valid-certification-path-to-requested-target-error-even-after-c). Have you tried any of those options? – andrewJames Mar 10 '20 at 12:57
  • I tried adding -Djavax.net.debug=SSL in VM arguments and I see this error at the end of the console - *** %% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] main, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown main, WRITE: TLSv1.2 Alert, length = 2 main, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target – Rini Philip Mar 10 '20 at 13:03
  • 1
    the code works for me if the keystore test.jks contains a valid CA for the certificate of the target url. can you list the certificates in test.jks? – pero_hero Mar 10 '20 at 13:04
  • I had got .crt and .key file from the server. Then I converted these to .jks file. I believe it should contain valid certificate. I tried sending request through postman with .crt and .key file and I was able to successfully receive the response – Rini Philip Mar 10 '20 at 13:24
  • is ssl certificate verification turned on in your postman settings? – pero_hero Mar 10 '20 at 13:28
  • yes. otherwise I would have not got response :) – Rini Philip Mar 10 '20 at 13:43
  • kindly help on above mentioned issue! – Rini Philip Mar 11 '20 at 18:50
  • I tried same code in Mac system it executed beautifully! why same java code and certificate is not working in Windows 10 machine :( – Rini Philip Mar 25 '20 at 07:08

0 Answers0