wood burning stoves 2.0*
The moose likes Security and the fly likes https client certificate Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "https client certificate" Watch "https client certificate" New topic
Author

https client certificate

Geoffrey Wambugu
Greenhorn

Joined: Jan 20, 2010
Posts: 2
Hi All
Can any one out there help me on SSL. Am trying to open a HTTPS URL that require a certificate from the client.
I have a certificate and it works with internet explorer.I have imported the same certificate to my keystore using keytool. I want to open the same URL in java.
In my java code I have pointed where my keystore in this snipet
System.setProperty("javax.net.ssl.keyStore","C:\\Temp\\mykeystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "secure");
System.setProperty("java.protocol.handler.pkgs","javax.net.ssl");

Now my problem is when I try to open the URL in java I get this exception:

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1049)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at java.net.URL.openStream(URL.java:1010)
at testvoda.URLReader.main(URLReader.java:35)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
... 19 more
Java Result: 1

Please help
Thank you.
Geoffrey
Tim McGuire
Ranch Hand

Joined: Apr 30, 2003
Posts: 820

SunCertPathBuilderException: unable to find valid certification path to requested target


This is an error seen when using a test or self-signed certificate.
One side of the handshake is unable to verify the authenticity of the certificate. I'm betting you clicked a "accept certificate anyway" button when it worked in IE.

In your java client, you need some interactive code asking a user to accept the "test" certificate from the server. I know you have used System.setProperty(), but that code snippet, I think, is pulling a cert in for your client.

I think your answer is here:
http://blogs.sun.com/andreas/entry/no_more_unable_to_find
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: https client certificate