2

I am attempting to make a HTTPS connection to a website using HttpsURLConnection, and then perform a PUT request. When I try to create the OutputStreamWriter from HttpsURLConnection.getOutputStream(), the following exception is thrown:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target

The page has just gotten its certificate (issued by StartCom) - do I need to manually do something to make Java recognise the certificate is present now? I can connect to other pages of the same website with no difficulty, but they have a different certificate.

javanna
  • 59,145
  • 14
  • 144
  • 125
caroline
  • 291
  • 5
  • 12

2 Answers2

5

You can import the root certificate of StartCom yia the tool keytool (from JDK) into a Java Key Store (JKS) and then set the key store as "trusted store".

See section "Exporting and Importing Certificates" on:

http://java.sun.com/developer/technicalArticles/Security/secureinternet2/

Commands mentioned in that article:

Import certifificate to trustedcerts.jks:

keytool -import -keystore trustedcerts.jks -alias qusay -file server.crt

Start Java using custom tuststore:

java -Djavax.net.ssl.trustStore=trustedcerts.jks com.example.MyClass

Alternatively you can set the truststore at runtime:

System.setProperty("javax.net.ssl.trustStore","./trustedcerts.jks");
Robert
  • 39,162
  • 17
  • 99
  • 152
  • 1
    Thanks - for anyone else with the same issue, I saved the certificate locally, used the `keytool -import ...` command and added `System.setProperty("javax.net.ssl.trustStore", "path_to_keystore");` to my code. – caroline Jul 11 '11 at 10:40
0

Please also see this question: Import StartCom CA certificates in Windows JRE

It links to a script for importing StartCom certificates into your JDK trusted store.

Community
  • 1
  • 1
Andrey Taranov
  • 520
  • 4
  • 10