Error Solved

Finally I solved the error

Archive for December 2008

SSLHandshakeException: When trying trying to access a HTTPS URL

without comments

I was trying to access a HTTPS URL using java.net.HttpURLConnection and got following error.

Error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Most of the time, this exception occurs when you are using selfsigned certificate.

Reason:  The host that you are trying to connect has an self signed certificate, and that certificate is not in your truststore.

Description:
Actually I am using the tomcat server and I have enabled HTTPS connector. I have created a selfsigned certificate for the tomcat.

I have a standalone Java program which connects to the server and downloads file over HTTPS. But when I try to connect to the server, it threw SSLHandshakeException.

Solution:  Solution to resolve this exception is to import the selfsigned certificate into the system truststore.
Below steps explains how to do it.

Step-1: Export the certificate.

Export your self signed certificate using keytool utility provided with JDK.open the command prompt and change current directory to JAVA_HOME/bin. Now run following command.

keytool -export -alias tomcat -storepass changeit  -file tomcat.cer

It will create a tomcat.cer file in the current directory.

Note: You may need to modify -alias and -storepass options if required. Default keystore  password is ‘changeit’.

Step-2: Import the certificate into truststore.

keytool -import -alias tomcat -file tomcat.cer -keystore <path to JAVA_HOME>\jre\lib\security\cacerts
or
keytool -import -alias tomcat -file tomcat.cer -keystore ..\jre\lib\security\cacerts

It will ask you to enter keystore password. Default password is ‘changeit’.  when it ask, ‘Trust this certificate?’, type yes and press enter.

Step-3: Verify that the certificate is added successfully

keytool -list -keystore C:\j2sdk1.4.2_16\jre\lib\security\cacerts

It will list all the certificate. verify that the certificate you just added is present in list.

That’s it! now run your program again.

Written by daringtakers

December 10, 2008 at 2:05 pm

Posted in java

Tagged with , ,