I'm using Apache HTTP client library. Can someone explain to me what is wrong? I can do the same actions via a web browser.
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed ... Caused by: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed
1. Given that they seem to connect to these pages just fine, what are major browsers doing, and is what they are doing also "radically insecure"?Sorry, no idea. The original problem about the signer/issuer check is clearly a problem with the certificates themselves.
2. The sites with these unsigned server certificates are requiring clients to connect with HTTPS for their own security reasons, but a client may not have same security concerns or may be passing data that it knows is not sensitive, right?Not sure what you're getting at here. The HTTPS server site can't accomplish its own security objectives, whatever they are, unless the connection is secure, and the connection is only secure if at least one peer is authenticated. If the site doesn't authenticate itself properly, that is clearly its problem, and a security risk. If the client 'co-operates' by ignoring the lack of authentication, that risk becomes a security breach.*