java.security.cert.CertificateException: Couldn't find trusted certificate

[Marcus]

I had the following code to connect to a site on a server. The server is using https, which causes the error

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Couldn't find trusted certificate

I have saved the certificate for reference and I assume to I need to tell the program to look at that but this will happen every time there is a new certificate

Changing the HttpURLConnection object to HttpsURLConnection throws up a 'java.lang.ClassCastException' error coz its an abstract class..

Java Code:

java.util.Properties propSy = System.getProperties();
         propSy.put("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
       
         System.setProperties(propSy);
         java.security.Security.insertProviderAt(new sun.security.provider.Sun(),2);
         java.security.Security.addProvider(new sun.security.provider.Sun());
         java.security.Security.insertProviderAt(new com.sun.net.ssl.internal.ssl.Provider(),1);
         
 
         System.setProperty("javax.net.ssl.trustStore", "keystore_filename");
 
         java.security.Provider myprov = java.security.Security.getProvider("SunJSSE");
 
 
 	HttpsURLConnection c;
 
 		try {
 			URL url = new URL ( rptUrl );
 			c = (HttpsURLConnection)url.openConnection();
 			
 			//set cache and request method settings
 		    c.setUseCaches(false);
 
 		    //set other headers
 		    c.setRequestProperty ("Content-Type", "application/pdf");
 		    
 		    //connect to the server..
 		    c.connect();
 		}

Any ideas? Thanks.

Marcus:cool:

[Daniel]

One problem people have with Java and SSL is that the certificate manager will reject any self signed certificates.

This is common when you are doing development or are using an internal certificate that you don't want to pay money for from a commercial certificate authority.

One way to handle this is to simply accept any certificate, regardless of what it has in it. Below is a simple program to do just that, it reads a URL and, regardless of what the certificate says, prints out the contents of the URL.

Java Code:

package com.xigole.util.ssl;
 
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLConnection;
 
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 
 public class SelfSignedCertTest {
 	public static void main(String[] argv) {
 		if (argv.length != 1) {
 			System.err.println("usage: SelfSignedCertTest hostname");
 			System.exit(1);
 		}
 
 		TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
 			public java.security.cert.X509Certificate[] getAcceptedIssuers() {
 				return null;
 			}
 
 			public void checkClientTrusted(
 					java.security.cert.X509Certificate[] certs, String authType) {
 			}
 
 			public void checkServerTrusted(
 					java.security.cert.X509Certificate[] certs, String authType) {
 				System.out.println("authType is " + authType);
 				System.out.println("cert issuers");
 				for (int i = 0; i < certs.length; i++) {
 					System.out.println("\t" + certs[i].getIssuerX500Principal().getName());
 					System.out.println("\t" + certs[i].getIssuerDN().getName());
 		  	   }
 			}
 		} };
 
 		try {
 			SSLContext sc = SSLContext.getInstance("SSL");
 			sc.init(null, trustAllCerts, new java.security.SecureRandom());
 			HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
 		} catch (Exception e) {
 			e.printStackTrace();
 			System.exit(1);
 		}
 
 		URL url = null;
 		try {
 			url = new URL("https", argv[0], 443, "/");
 		} catch (MalformedURLException mue) {
 			mue.printStackTrace();
 			System.exit(1);
 		}
 
 		try {
 			URLConnection connection = url.openConnection();
 
 			InputStream is = connection.getInputStream();
 			byte[] buffer = new byte[1024];
 			int bytesRead = 0;
 
 			while ((bytesRead = is.read(buffer)) != -1)
 				System.out.println(new String(buffer, 0, bytesRead));
 		} catch (IOException ioe) {
 			ioe.printStackTrace();
 			System.exit(1);
 		}
 	}
 }

Greetings.

Daniel:o

[Eric]

I attach a zip file with a build.xml so that you can build the program with ant.

Greetings.

Eric

[kevina]

Dear Eric and all members, am unable to run the selfsign.zip codes...am having same errors with other java applications using SSL.

In my codes itself, import.javax.net; import.net.SSL; import javax.security.cert.X509Certificate; all these are underlined red and is not recognized!
It says cannot be resolved to a type..do i need to include any package and library?!

I have done some research and am getting lots of different things on EAServer Client machine, jaguar server and so on..am quite confused!

Please help!
Thanking you in advance and waiting for an early response!

kind Regards
kevina