0

I am trying to connect to a web server using a java client and get the following exception:

javax.ejb.EJBTransactionRolledbackException: RESTEASY004655: Unable to invoke request: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The server uses a signed Certificate from a CA that my machine trusts. I am assuming that the problem lies in the servers address, which uses a port that differs from https default. E.g.: "https://someserver.net:11011"

How can i get my java client to accept certificates on any port?

Here's how i currently create a client and attempt to create a connection:

javax.ws.rs.client.Client client = ClientBuilder.newClient();
URI uri = new URL("https://someserver.net:11011").toURI();
Response response = client.target(uri).request().get();

I tried to connect on the default port, which worked:

Response testResponse = client.target("https://someserver.net").request().get(); // works
Response testResponse2 = client.target("https://someserver.net:443").request().get(); // works
Response testResponse3 = client.target("https://someserver.net:11011").request().get(); // throws
Jargo
  • 33
  • 6
  • Does this answer your question? [Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?](https://stackoverflow.com/questions/9619030/resolving-javax-net-ssl-sslhandshakeexception-sun-security-validator-validatore) – pringi Feb 04 '22 at 12:13
  • @pringi your linked question is about self signed certificates. I am dealing with a signed certificate from a trusted CA. If possible in any way I would like to avoid having to manually add the certificate to the jvm. Which would have to be again manually updated every few years when a new certificate gets issued – Jargo Feb 04 '22 at 12:27
  • How do you now Java that is running the application trusts the certificate? Did you check cacerts of the JVM that is running the code? Also Certificates are not bound to ports. See https://comodosslstore.com/resources/what-ssl-certificate-port-does-ssl-use/. – pringi Feb 04 '22 at 12:32
  • I updated my question. Targeting the same address without specifying a port successfully delivers a response from the server. Meaning the JVM accepts the certificate, as long as I connect on the default port – Jargo Feb 04 '22 at 12:43
  • Have you tried "https://someserver.net:443". Does it work also? What is Client? There is a difference (not know if it matters or not) between you working test and the failing one. In one you use a String, and in the other you use a URI. Try with String instead. – pringi Feb 04 '22 at 13:03
  • 1
    I updated the question again with more examples of failing/working requests. All based on strings. Also specified the client – Jargo Feb 04 '22 at 13:13
  • Please check with other tool (like openssl) if you can connect to that url. example: openssl s_client -connect someserver.net:11011 – pringi Feb 04 '22 at 15:27

0 Answers0