I am trying to make a test SSL connection using the following Java code:
String httpsURL = "https://www.somehost.com";
URL myurl = new URL(httpsURL);
HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection();
InputStream ins = con.getInputStream();
InputStreamReader isr=new InputStreamReader(ins);
BufferedReader in =new BufferedReader(isr);
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
When I connect to Host A everything works fine - the connection is made and the response is received.
However when I connect to Host B, which is secured by a certificate that is issued by the same authority as Host A's, I receive the following exception:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Everything that I have开发者_如何学运维 read so far suggests that I need to install the certificates in my keystore, however if that were the solution then why does Host A work whilst Host B doesn't?
As a probably unhelpful aside - if I write a similar piece of C# code then the connection is successfully negotiated for both Hosts A and B - the same applies for navigating to the URL in the browser.
Most likely causes are,
- The Host B uses a self-signed certificate.
- The certificate is signed by CA which is not in your trust store.
- The cert is signed with an intermediate cert but Host B is misconfigured so it doesn't send the server cert with intermediate cert.
For #1, #2, you need to import the cert or the CA cert into your trust store.
For #3, tell host B to send the intermediate cert.
This probably is because you dont have a valid path for the certificate or maybe because you dont have a CA certificate of verising o some company like that.
精彩评论