Unable to connect to HTTPS urls using java

Question

i want to read secure urls (HTTPS) using java. I am trying the following. Its giving me

public static void main(String[] arg) {
    try {
        URL url = new URL("http://www.google.com");
        System.out.println("Connecting to www.google.com");
        URLConnection ucon = url.openConnection();
        System.out.println("Connectied to www.google.com");
        System.out.println("Retrieving contents from www.google.com");
        String htmlContents = getResponseData(ucon);
        System.out.println("Retrieved contents from Yahoo! as follows");
        System.out.println(htmlContents);
    } catch (Exception e) {
        e.printStackTrace();
    }
}

this gives me following output.

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1584)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1116)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1100)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:960)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
    at ReadHtml.getResponseData(ReadHtml.java:24)
    at ReadHtml.main(ReadHtml.java:13)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
    at sun.security.validator.Validator.validate(Validator.java:203)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
    at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
    ... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
    ... 18 more

please give me suggestion what can resolve the error. NOTE: I wont be able to get certificates. So please dont give answer as get a certificate for security.

Any kind of guidance will be appreciated. Thanks

Answer 1

Try this code:

public static void main(String[] arg) throws Exception {
    String url = "https://google.com";

    SSLContext ctx = SSLContext.getInstance("TLS");
    ctx.init(null, new TrustManager[] { new TrustManager() }, null);
    SSLContext.setDefault(ctx);

    HttpsURLConnection conn = (HttpsURLConnection) new URL(url).openConnection();
    conn.setHostnameVerifier(new HostVerifier());
    conn.setRequestMethod("GET");
    conn.connect();
    System.out.println("Response: " + conn.getResponseCode());
}

private static class HostVerifier implements HostnameVerifier {
    @Override
    public boolean verify(String paramString, SSLSession paramSSLSession) {
     return true;
    }
}

private static class TrustManager implements X509TrustManager {

    @Override
    public X509Certificate[] getAcceptedIssuers() {
    return null;
    }

    @Override
    public void checkServerTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString)
        throws CertificateException {

    }

    @Override
    public void checkClientTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString)
        throws CertificateException {
    }
}

Answer 2

It seems that the problem is that you don't have that certificate in your truststore, if you can't add it in your truststore, check this page.

Answer 3

the validation can be turned off for the running process by configuring the HostenameVerifier and DefaultSSLSocketFactory

see http://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/

be aware that you may introduce security risks with this approach!