{"id":568,"date":"2009-04-07T17:51:18","date_gmt":"2009-04-07T22:51:18","guid":{"rendered":"http:\/\/www.juixe.com\/techknow\/index.php\/2009\/04\/07\/java-web-service-with-https\/"},"modified":"2009-04-07T17:51:18","modified_gmt":"2009-04-07T22:51:18","slug":"java-web-service-with-https","status":"publish","type":"post","link":"http:\/\/juixe.com\/techknow\/index.php\/2009\/04\/07\/java-web-service-with-https\/","title":{"rendered":"Java Web Service with HTTPS"},"content":{"rendered":"

I recently had to write a small Java client that calls out to a Java Web Service that was sitting behind HTTP over SSL (HTTPS). From what I could tell, they had an expired or self signed certificate because calling the Web Service would throw an nested SSLHandshakeException, ValidatorException, and SunCertPathBuilderException that read something like the following<\/p>\n

\njavax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n<\/p><\/blockquote>\n

After searching around I found a 2006 article from Andreas Sterbenz describing the solution to the unable to find valid certification<\/a> problem I was encountering. The article went into to much detail as far as I am concern but it did provide the right solution.<\/p>\n

The gist of the solution is to download and compile this Java class that saves the certificates<\/a> from a particular domain to a file. This program will save a keystore with the certificates called jssecacerts<\/b> in the local directory where you run the Java class.<\/p>\n

This keystore needs to be used from the client application that is connecting to a SSL service. You can start the client Java process with the following Java system property: -Djavax.net.ssl.trustStore=<PATH TO KEYSTORE> … or you can replace the the cacerts<\/b> file under jre\\lib\\security for the JVM you are using with the jssecacerts keystore file created from the aforementioned Java program.<\/p>\n

Using the keystore file correctly should fix the unable to find valid certifiction<\/b> exception.<\/p>\n","protected":false},"excerpt":{"rendered":"

I recently had to write a small Java client that calls out to a Java Web Service that was sitting behind HTTP over SSL (HTTPS). From what I could tell, they had an expired or self signed certificate because calling the Web Service would throw an nested SSLHandshakeException, ValidatorException, and SunCertPathBuilderException that read something like […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","footnotes":""},"categories":[15,3],"tags":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p902K-9a","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/posts\/568"}],"collection":[{"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/comments?post=568"}],"version-history":[{"count":0,"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/posts\/568\/revisions"}],"wp:attachment":[{"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/media?parent=568"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/categories?post=568"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/tags?post=568"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}