8 Replies Latest reply: Oct 7, 2011 7:56 AM by maheshguruswamy RSS

    Https conection error

    833900
      hi,

      here is a problem about security certificate. i have a https url and i want to get some values from that web site here is my code and error kindly help me

      String httpsURL = "https://58.27.141.246/opennms/index.jsp";
           URL myurl = new URL(httpsURL);
           
           HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection();
           InputStream ins = con.getInputStream();
           InputStreamReader isr = new InputStreamReader(ins);
           BufferedReader in = new BufferedReader(isr);

           String inputLine;

           while ((inputLine = in.readLine()) != null)
           {
           System.out.println(inputLine);
           }

           in.close();

      Error is


      Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
           at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
           at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
           at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
           at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
           at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
           at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
           at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
           at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
           at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
           at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
           at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
           at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
           at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
           at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
           at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
           at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
           at com.akmal.FirstClass.main(FirstClass.java:34)
      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
           at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
           at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
           at sun.security.validator.Validator.validate(Unknown Source)
           at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
           at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
           at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
           ... 13 more
      Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
           at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
           at java.security.cert.CertPathBuilder.build(Unknown Source)
           ... 19 more

      what should i do help help help


      thanks and regards

      Akmal
        • 1. Re: Https conection error
          EJP
          Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
          Your truststore doesn't trust the server certificate.
          • 2. Re: Https conection error
            833900
            hi,

            i have an idea about it but problem is but i do not know what step should be taken to resolve it kindly tell me what should i do to resolve it


            thanks and regards,

            Akmal
            • 3. Re: Https conection error
              836548
              Akmal wrote:
              hi,

              i have an idea about it but problem is but i do not know what step should be taken to resolve it kindly tell me what should i do to resolve it


              thanks and regards,

              Akmal
              For this you require to run a program and do the handsahking with the server (Mean checks does your truststore has the server certificate in it or not, if not, then copies the server certificate to your truststore), For this search on google for java program.

              i am sure you'll find one.

              After this run your program.
              • 4. Re: Https conection error
                gimbal2
                Tip: if you get an exception you want more information about, simply post the exception message into Google and see what you get. Be sure to leave out the parts that are specific to your environment, such as URLs.

                In this case paste "Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" (notice that this is the root cause).
                • 5. Re: Https conection error
                  833900
                  hi,

                  my problem i want to disabling Certificate Validation and now i am using this code

                  TrustManager[] trustAllCerts = new TrustManager[]{
                                 new X509TrustManager() {
                                 public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                                 return null;
                                 }
                                 public void checkClientTrusted(
                                 java.security.cert.X509Certificate[] certs, String authType) {
                                 }
                                 public void checkServerTrusted(
                                 java.security.cert.X509Certificate[] certs, String authType) {
                                 }
                                 }
                                 };
                            
                            try {
                            SSLContext sc = SSLContext.getInstance("SSL");
                            sc.init(null, trustAllCerts, new java.security.SecureRandom());
                            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
                            } catch (Exception e) {
                            }
                            
                            String httpsURL = "https://10.128.126.118/cgi-bin/webcm?getpage=%2Fusr%2Fwww_safe%2Fhtml%2Fdefs%2Fstyle5/menus%2Fmenu.html&var:style=style5&var:main=menu&var:pagename=status_network&var:pagetitle=Network&var:menu=status&var:menutitle=Status&var:autorefresh=off";
                       URL myurl = new URL(httpsURL);
                       
                       HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection();
                       InputStream ins = con.getInputStream();
                       InputStreamReader isr = new InputStreamReader(ins);
                       BufferedReader in = new BufferedReader(isr);

                       String inputLine;

                       while ((inputLine = in.readLine()) != null)
                       {
                       System.out.println(inputLine);
                       }

                       in.close();

                  and received this error


                  Exception in thread "main" java.net.ConnectException: Connection refused: connect
                       at java.net.PlainSocketImpl.socketConnect(Native Method)
                       at java.net.PlainSocketImpl.doConnect(Unknown Source)
                       at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
                       at java.net.PlainSocketImpl.connect(Unknown Source)
                       at java.net.SocksSocketImpl.connect(Unknown Source)
                       at java.net.Socket.connect(Unknown Source)
                       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(Unknown Source)
                       at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.connect(Unknown Source)
                       at sun.net.NetworkClient.doConnect(Unknown Source)
                       at sun.net.www.http.HttpClient.openServer(Unknown Source)
                       at sun.net.www.http.HttpClient.openServer(Unknown Source)
                       at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
                       at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
                       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source)
                       at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
                       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
                       at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
                       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
                       at com.akmal.FirstClass.main(FirstClass.java:74)


                  what is reason this error kindly help me i am stuck for 2 days


                  thanks and regards

                  Akmal
                  • 6. Re: Https conection error
                    EJP
                    my problem i want to disabling Certificate Validation
                    No you don't. That's just a poor tactical solution to your real problem, which is how to trust the server certificate. SSL without authentication isn't secure. You don't want to do this, you want to solve the original problem.
                    and now i am using this code
                    Please don't. It is insecure. You need to import the server's certificate into your client's truststore. Better still, get them to get their certificate signed by a trusted certificate authority.
                    Exception in thread "main" java.net.ConnectException: Connection refused: connect
                    The server isn't listening at that IP:port.
                    • 7. Re: Https conection error
                      833900
                      Thanks for suggestion and kindly tell me how to import server’s certificate into my client’s truststore I have no right on server, or refer such web site from there I can read about this that should be well explain because I am new in this type programming
                      Kindly help me I am great problem
                      Thanks and regards,
                      Muhammad Akmal
                      • 8. Re: Https conection error
                        maheshguruswamy
                        Akmal wrote:
                        Thanks for suggestion and kindly tell me how to import server’s certificate into my client’s truststore I have no right on server, or refer such web site from there I can read about this that should be well explain because I am new in this type programming
                        Kindly help me I am great problem
                        Thanks and regards,
                        Muhammad Akmal
                        Typically you use the keytool utility (http://download.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html). Here is a thought, a few threads above you were trying to disable certificate validation, if security is not that big a concern for you and if you feel that certificate management is tough (which it is), maybe you should consider a non-ssl connection?