Archive for March, 2009

I was trying to access a secure web site using Apache HttpClient API. However, it was failing giving me the following exception

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

In apache HttpClient website, it states that “HttpClient provides full support for HTTP over Secure Sockets Layer (SSL) or IETF Transport Layer Security (TLS) protocols by leveraging the Java Secure Socket Extension (JSSE).

I tried their example of accessing a secure website and it worked. However the website I was trying to access is still failing.

After debugging the problem I came across a good article. In the article, the author mentioned that the above exception comes in the following case “when trying to open an SSL connection to a host using JSSE. What this usually means is that the server is using a test certificate (possibly generated using keytool) rather than a certificate from a well known commercial Certification Authority such as Verisign or GoDaddy. Web browsers display warning dialogs in this case, but since JSSE cannot assume an interactive user is present it just throws an exception by default.

That was not exactly my case. I was not getting a warning from the web browser. The web site I was trying to access was using a commercial certificate but it was not a very well known. It was from a regional authority and not an international authority. Any key store comes with a default set of certificates from well known authorities.

So, I ran the program mentioned in the article. A file called jssecacerts was generated which includes the certificate. I have placed the file in the JAVA_HOME\jre\lib\security directory. Finally I was able to access the secure web site successfully.

Read Full Post »