1

I am trying to access my api from java but I get the following error:

javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required

I do not get this error when I test the code on my personal Windows computer. But this error does occur on my linux production server running Ubuntu with openjdk 11.

The server is hosted on that same ubuntu server, and proxied with Cloudflare SSL Full

HttpsURLConnection con = null;
    try {
        URL url = new URL("https://www.example.com/");
        con = (HttpsURLConnection) url.openConnection();
        con.addRequestProperty("XF-Api-Key", "key");
        con.addRequestProperty("XF-Api-User", "1");
        con.setConnectTimeout(5000);
        con.setReadTimeout(5000);
        con.addRequestProperty("User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
        con.setRequestMethod("GET");
        con.setRequestProperty("Content-Type", "application/json");
        try {
            BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
            String inputLine;
            StringBuffer content = new StringBuffer();
            while ((inputLine = in.readLine()) != null)
                content.append(inputLine);
            in.close();

            System.out.println(content.toString());
        } catch (Exception e) {
            e.printStackTrace();
            BufferedReader in = new BufferedReader(new InputStreamReader(con.getErrorStream()));
            String inputLine;
            StringBuffer content = new StringBuffer();
            while ((inputLine = in.readLine()) != null) {
                content.append(inputLine);
            }
            in.close();
            System.out.println(content.toString());
        }
    } catch (Exception exp) {
        System.out.println("Cant load data from API");
        exp.printStackTrace();
    } finally {
        if (con != null)
            con.disconnect();
    }

Is something not configured properly on my linux server?

Update: my problem has not been solved yet and I am still looking for an answer. I cannot find any informative blogs or information on the internet.

Mark Cockram
  • 75
  • 8
  • This question already answered [here](https://stackoverflow.com/questions/6353849/received-fatal-alert-handshake-failure-through-sslhandshakeexception) – Vivek Jain May 15 '21 at 20:44
  • The problem is that I have already added the certificates of my origin server. I am not sure how to add missing cloudflare certificates if needed. Also that post you linked is for handshake errors – Mark Cockram May 24 '21 at 16:34

3 Answers3

0

The server expects the client to present a certificate that it trusts, so the client needs to be configured with a Keystore - see https://www.baeldung.com/java-https-client-certificate-authentication

Reuben
  • 155
  • 3
-1

I encountered a similar problem, the same error occurred, it helped me (oddly enough) duplicating the certificate in the user's root folder - from where the command was launched

/home/{user}/

cmptq
  • 1
-1

Try importing the certificate of server into your java truststore and set proper SSLContext to use the truststore and then try to establish the connection. From Security POV, using proper certificate along with correct truststore implementation is recommeneded.

pseudo code goes below

1 - Load truststore
2 - Import certificate // Optional if you imported certificate directly using keytool in jdk
3 - Initialize SSLContext with the truststore already created
4 - Implement hostnameverifier if needed // only if needed
5 - Connect to endpoint.

There are bunch of tutorials which will help you get started with these. Cheers.

apgautham
  • 9
  • 2