Java Web Service with HTTPS
I recently had to write a small Java client that calls out to a Java Web Service that was sitting behind HTTP over SSL (HTTPS). From what I could tell, they had an expired or self signed certificate because calling the Web Service would throw an nested SSLHandshakeException, ValidatorException, and SunCertPathBuilderException that read something like the following
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
After searching around I found a 2006 article from Andreas Sterbenz describing the solution to the unable to find valid certification problem I was encountering. The article went into to much detail as far as I am concern but it did provide the right solution.
The gist of the solution is to download and compile this Java class that saves the certificates from a particular domain to a file. This program will save a keystore with the certificates called jssecacerts in the local directory where you run the Java class.
This keystore needs to be used from the client application that is connecting to a SSL service. You can start the client Java process with the following Java system property: -Djavax.net.ssl.trustStore=<PATH TO KEYSTORE> … or you can replace the the cacerts file under jre\lib\security for the JVM you are using with the jssecacerts keystore file created from the aforementioned Java program.
Using the keystore file correctly should fix the unable to find valid certifiction exception.