0

First of, this is a bachelor project so your help would be much appreciated!

Intro: I am creating a java client for a server we created in a group. The rest of the group is using javascript, so they cannot help me. If there is no fix for the issue, is it then possible to ignore all HTTPS (SSL) without too much coding in the server part?

Let me show you the error code:

_____________________________________________________________________________
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259)
    at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:214)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:160)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:136)
    at sdk.connection.Connection.execute(Connection.java:44)
    at sdk.services.BookService.login(BookService.java:116)
    at BookStore.main(BookStore.java:26)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
    ... 29 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
    ... 35 more

Process finished with exit code 0

The server part should be without errors, since I'm the only one with these errors in the group. Here is a screenshot that shows the packages, keystore etc. https://gyazo.com/434de62ce02a4c40030c983b7759a071

Also I am able to use the DTOObject in postman or advanced rest to check if there is a connection to the server. And there is.

The client: Here is a snippet of the login method, currently just running it from main method as a test: https://gyazo.com/0d9ca4cedc10d7b70a241f7d007ff39d

Looking forward to see if there's any answer, since every solution so far from other post is too complicated for me to understand. I'm a java rookie, and programmering is not the main part about my bachelor.

Please ask questions if needed, I will answer them the best way possible.

Best regards, Daniel

Taufiq Rahman
  • 5,600
  • 2
  • 36
  • 44
Daniel N
  • 11
  • 2
  • Is the certificate self-signed? If it is then you have to add it to cacerts file. See this http://stackoverflow.com/questions/4062307/pkix-path-building-failed-unable-to-find-valid-certification-path-to-requested – pringi Nov 24 '16 at 13:38
  • Thank you for such a fast response! I'm sorry but I'm not sure. I have a keystore.jks file on the server and in the config part I am defining the SSL_KEY and SSL_PWD. Like this: "SSL_KEY":"resources/keystore.jks", "SSL_PWD":"brugtbog", ___ So, you're link is great and thanks. But the conclusion should be that I have to add this to keystore.jks? How am I working with the .jks file System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key"); System.setProperty("javax.net.ssl.trustStorePassword","qwerty"); – Daniel N Nov 24 '16 at 13:41
  • Open the server URL in a browser (ex: Firefox). See the certificate. – pringi Nov 24 '16 at 13:52
  • https://support.mozilla.org/en-US/kb/secure-website-certificate – pringi Nov 24 '16 at 13:53
  • See this then: http://stackoverflow.com/questions/2893819/telling-java-to-accept-self-signed-ssl-certificate – pringi Nov 24 '16 at 13:54
  • Thanks, ill try to look at your links etc. Thanks!! – Daniel N Nov 24 '16 at 13:54
  • This might take a while before I text back so I just wanted to thank you again. Most likely, in 2 hours i'll ask another newbie question – Daniel N Nov 24 '16 at 13:59
  • @pringi You should post that as an answer as that is the problem. More generally, the server's certificate is not trusted on the client. The reason may be that the server certificate is self-signed, or signed by a CA not trusted by the client. The solution is to trust on the client whatever signed the server cert, by for example importing the server cert as a trusted root on the client (but mind the implications for the client, and also the fact that if it's a chain that signed it, you have to import each cert from the chain, not just the server cert itself). – Gabor Lengyel Nov 24 '16 at 23:48

0 Answers0