Java And SSL Steps to configure Java HTTP Client to use SSL website Example

Java And SSL Steps to configure Java Client to use SSL website Example

Getting Execption  : javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Are you getting this error? This simply means that the web server or the URL you are connecting to does not have a valid certificate from an authorized CA. But however, being a programmer you would want to find out the alternative way to solve this issue.

What you need to do is to import the server certificate and install it in your JDK's keystore. If I am talking greek, its ok. I too just leant this. Just follow these steps and you will be able to get rid of that error.

Follow the below steps to access the ssl URL via Java

1. First of all you copy the URL that you are connecting to and paste it in your browser. Let us say you are using IE. Just paste the url in the address bar and press enter.

2. You will now probably see a dialog box warning you about the certificate. Now click on the 'View Certificate' and install the certificate. Ignore any warning messages.

3. Now that the server certificate is installed in your computer, your browser will not warn you when you visit the same site again. But however your JRE dumb as it is does not yet know about this certificate's existence until you add it to its keystore. Usually you will use the keytool to manage certificates. Keytool is a command-line utility with numerous arguments that allow you to create and manage keystores for housing digital certificates. For the complete documentation of keytool,http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html

4. You can list the current certificates contained within a keystore using they keytool -list command. The initial password for the cacerts keystore is changeit. For example:

C:\Program Files\Citrix\Citrix Extranet Server\SGJC\jre\bin>keytool -list-keystore ..\lib\security\cacerts
Enter keystore password: changeit
You will then see the something like this:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 11 entries:
engweb, Wed Apr 11 16:22:49 EDT 2001, trustedCertEntry,
Certificate fingerprint (MD5): 8C:24:DA:52:7A:4A:16:4B:8E:FB:67:44:C9:D2:E4:16
thawtepersonalfreemailca, Fri Feb 12 15:12:16 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
thawtepersonalbasicca, Fri Feb 12 15:11:01 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
verisignclass3ca, Mon Jun 29 13:05:51 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): 78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D
thawteserverca, Fri Feb 12 15:14:33 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
thawtepersonalpremiumca, Fri Feb 12 15:13:21 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D

verisignclass4ca, Mon Jun 29 13:06:57 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10
verisignclass1ca, Mon Jun 29 13:06:17 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20
verisignserverca, Mon Jun 29 13:07:34 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
thawtepremiumserverca, Fri Feb 12 15:15:26 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
verisignclass2ca, Mon Jun 29 13:06:39 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): EC:40:7D:2B:76:52:67:05:2C:EA:F2:3A:4F:65:F0:D8

5. Now you have to add the previosly installed certificate to this keystore. To add, begin by exporting your CA Root certificate as a DER-encoded binary file and save it as C:\root.cer. (you can view the installed certificates under Tools->'Internet Options' ->Content->Certificates. Once you open the certificates, locate the one you just installed under 'Trusted Root Certification Authorities". Select the right one and click on 'export'. You can now save it (DER encoded binary) under your c: drive.

6. Then use the keytool -import command to import the file into your cacerts keystore. 

    For example:-alias myprivateroot -keystore ..\lib\security\cacerts -file c:\root.cer

Enter keystore password: changeit
Owner: CN=Division name, OU=Department, O=Your Company, L=Anytown,
ST=NC, C=US, EmailAddress=you@company.com
Issuer: CN=Division name, OU=Department, O=Your Company, L=Anytown,
ST=NC, C=US, EmailAddress=you@company.com
Serial number: 79805d77eecfadb147e84f8cc2a22106
Valid from: Wed Sep 19 14:15:10 EDT 2001 until: Mon Sep 19 14:23:20 EDT 2101
Certificate fingerprints:
MD5: B6:30:03:DC:6D:73:57:9B:F4:EE:13:16:C7:68:85:09
SHA1: B5:C3:BB:CA:34:DF:54:85:2A:E9:B2:05:E0:F7:84:1E:6E:E3:E7:68
Trust this certificate? [no]: yes
Certificate was added to keystore

7. Now run keytool -list again to verify that your private root certificate was added:

C:\Program Files\Citrix\Citrix Extranet Server\SGJC\jre\bin>keytool -list -keystore ..\lib\security\cacerts

You will now see a list of all the certificates including the one you just added.

This confirms that your private root certificate has been added to the Extranet server cacerts keystore as a trusted certificate authority.

Some tips: Make sure that the certificate is in java keystore...in ubuntu 
do from terminal do > whereis java
then go to that location and ..\lib\security\carcerts and add the certificate using the above process.


I will surely resolve many defects.

Java Class Example

package com.tibco;

import java.io.*;
import java.net.*;
import java.sql.Timestamp;
import java.util.Calendar;

import javax.net.ssl.*;

class MyVerified implements HostnameVerifier {
       public boolean verify(String hostname, SSLSession session) {
           return true;
       }
    }


public class TibcoConnection {
   public static void main(String[] argv) throws Exception {
       StringBuffer contents= new StringBuffer();
        try{
            FileInputStream fstream = new FileInputStream("/home/localadmin/test.xml");
          
            DataInputStream in = new DataInputStream(fstream);
                BufferedReader br = new BufferedReader(new InputStreamReader(in));
            String strLine;
           
            while ((strLine = br.readLine()) != null)   {
             contents.append(strLine);
            }
            in.close();
          
            }catch (Exception e){
              System.err.println("Error: " + e.getMessage());
            }
   
   
      URL url = new URL("https://xyz/");
      HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
      connection.setDoOutput(true);
      connection.setDoInput(true);
     
      Calendar calendar = Calendar.getInstance();
      Timestamp currentTimestamp = new java.sql.Timestamp(Calendar.getInstance().getTime().getTime());
      String        timeStamp                = currentTimestamp.toString();
      System.out.println(timeStamp);
        System.out.println(timeStamp);
        connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        connection.setRequestProperty("User-Agent", "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3" );
        connection.setRequestProperty("Accept","text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
        connection.setRequestProperty("Accept-Language","en-us,en;q=0.5");
        connection.setRequestProperty("Accept-Encoding","gzip,deflate");
        connection.setRequestProperty("Accept-Charset","ISO-8859-1,utf-8;q=0.7,*;q=0.7");
        connection.setRequestProperty("Keep-Alive","115");
        connection.setRequestProperty("Connection","keep-alive");
        connection.setRequestProperty("Channel", "DOC");
      connection.setHostnameVerifier(new MyVerified());
      connection.setDoOutput(true);
      BufferedReader in = new BufferedReader(
                new InputStreamReader(connection.getInputStream()));
      String line;
      while ((line = in.readLine()) != null) {
         System.out.println(line);
      }
      in.close();
   }
} 

Another Java Class example 

package com.tibco;

import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.httpclient.URI;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URIUtils;
import org.apache.http.cookie.Cookie;
import org.apache.http.entity.BufferedHttpEntity;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultConnectionKeepAliveStrategy;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.protocol.HTTP;
import org.apache.http.protocol.HttpContext;
import org.apache.http.util.EntityUtils;

import ch.qos.logback.classic.Logger;

public class WcfWrapper{
   
    public static void callWcf() throws Exception {
        InputStream responsexml=null;
        DefaultHttpClient httpclient = new DefaultHttpClient();
        System.setProperty("javax.net.ssl.keyStore","/usr/local/glassfish-3.0.1/glassfish/domains/domain1/config/client_keystore.jks");
        System.setProperty("javax.net.ssl.keyStorePassword","changeit");
        System.setProperty("javax.net.ssl.trustStorePassword","changeit");
        System.setProperty("javax.net.ssl.trustStore","/usr/local/glassfish-3.0.1/glassfish/domains/domain1/config/client_cacerts.jks");
        System.setProperty("javax.net.debug","all");
       
     
      
           java.net.URI uri = URIUtils.createURI("https", "localhost", 8443, "",
                 null,
                  null);
        HttpPost httpost = new HttpPost(uri);
        List <NameValuePair> nvps = new ArrayList <NameValuePair>();
        nvps.add(new BasicNameValuePair("rawXML", "asc"));
        httpclient.getParams().setParameter("http.socket.timeout", new
                Integer(55000));
        httpost.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));
        System.out.println("Test");
        HttpResponse response = httpclient.execute(httpost);
        BufferedHttpEntity entity = new BufferedHttpEntity(response.getEntity());
        System.out.println("Post Form " + response.getStatusLine());
        if (entity != null) {
            entity.consumeContent();
        }
        System.out.println(entity.getContentType());
     try{
         responsexml = entity.getContent();
        if(response!=null){
            System.out.println(entity.getContentLength());
        }
        byte[] fileBArrayrawxml = new byte[(int)entity.getContentLength()];
        responsexml.read(fileBArrayrawxml,0,(int)entity.getContentLength());
        System.out.println("hi"+new String(fileBArrayrawxml));
        responsexml.close();
      }catch(Exception e){
          e.printStackTrace();
         
      }finally{
          responsexml.close();
      }
    }


public static void main(String args[]){
//    WcfWrapper a = new WcfWrapper();
    try{
        WcfWrapper.callWcf();}catch(Exception e){}
}
}