This week's book giveaways are in the Refactoring and Agile forums. We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line! See this thread and this one for details.
Using existing server without installed certificates
posted 4 years ago
I am writing a Java desktop application that will communicate with our existing server. The server uses an SSL socket with no certificate installation required on its clients. The application has thousands of users, and our Network People decided some time ago to drop the requirement that users install our certificate on their machines. I was told that the communications are still encrypted with a certificate that is negotiated during the SSL handshake, but I don't know the details because the people who explained it to me were a little hazy on the details.
I am sure that the current application, written in VB6, communicates with the server just fine, using SSL, and without having any certificates installed. We have test machines which I re-image back to barebones XP several times a week during a testing cycle, and they work fine. So do hundreds of our users who installed their systems and our program after this decision was made, and we've quit getting any support calls saying they're getting SSL errors.
I am writing a Java program to do the same communication with the server; when it does its first read, I get:
exception reading: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
All of the web solutions to this that I've found, save one, say the solution is to install the self-signed certificate for the server. But that solution does not work for me, because my users are not going to be able to do that. I am trusting that my Network People knew what they were doing when they quit requiring the certificate to be installed, and that we'll continue to be able to use SSL without requiring that.
Can anyone direct me to instructions or examples on how to do this, or at least what to look at? The one exception I found was to put in the line to eliminate the certificate checking, but it has no effect.