dinsdag 31 mei 2011

unable to find valid certification path to requested target

This was the complete exception I encountered trying to post data to a https connection.

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I eventually found a lot of information on how to bypass or fix this issue. A quick fix is to implement a TrustManager accepting everything like this:

import java.security.cert.X509Certificate;

    import javax.net.ssl.HostnameVerifier;
    import javax.net.ssl.HttpsURLConnection;
    import javax.net.ssl.SSLContext;
    import javax.net.ssl.SSLSession;
    import javax.net.ssl.TrustManager;
    import javax.net.ssl.X509TrustManager;

    // Create a trust manager that does not validate certificate chains
    TrustManager[] trustAllCerts = new TrustManager[] {
        new X509TrustManager() {
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
 
            public void checkClientTrusted(X509Certificate[] certs, String authType) {
                // Trust always
            }
 
            public void checkServerTrusted(X509Certificate[] certs, String authType) {
                // Trust always
            }
        }
    };
 
    // Install the all-trusting trust manager
    SSLContext sc = SSLContext.getInstance("SSL");
    // Create empty HostnameVerifier
    HostnameVerifier hv = new HostnameVerifier() {
  public boolean verify(String arg0, SSLSession arg1) {
   return true;
  }
    };

    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    HttpsURLConnection.setDefaultHostnameVerifier(hv);

A better solution is to add the required certificate to your keystore. For more information on these solutions check this info.

I also found this rather outdated discussion. The linked utility is no longer available but it might be useful to read through the comments.

1 opmerking:

  1. I am happy to found your blogs.It is really great.I learnt new things from your website.I like your thoughts.Thanks for making such a cool post.

    BeantwoordenVerwijderen