Connecting to a secure server in Java using Apache Commons HttpClient 3.1 throwing ValidatorException
I am trying to connect to a secure server using Apache Commons HttpClient 3.1
.
The problem is that whenever an app connects to it, you get
sun.security.validator.ValidatorException.
Here is the stacktrace :
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path check failed: java.security.cert.CertPathValidatorException: subject / issuer name integrity check failed javax.net.ssl.SSLHandshakeException: sun.security.validator .ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: subject / issuer Failed to validate name integrity at com.sun.net.ssl.internal.ssl.Alerts.getSSLException (Alerts.java:174) on com. sun.net.ssl.internal.ssl.SSLSocketImpl.fatal (SSLSocketImpl.java:1611) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE (Handshaker.java:187) at com.sun.net. ssl.internal.ssl.Handshaker.fatalSE (Handshaker.java:181) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate (ClientHandshaker.java:1035) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage (ClientHandshaker.java:124) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop (Handshaker.java:516) at com.sun.net. ssl.internal.ssl.Handshaker.process_record (Handshaker.java:454) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord (SSLSocketImpl.java:884) at com.sun.net.ssl.internal. ssl.SSLSocketImpl.performInitialHandshake (SSLSocketImpl.java:1112) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord (SSLSocketImpl.java:623) at com.sun.net.ssl.internal.ssream.AppOutputStream write (AppOutputStream.java:59) at java.io.BufferedOutputStream.flushBuffer (BufferedOutputStream.java:65) at java.io.BufferedOutputStream.flush (BufferedOutputStream.java:123) at org.apache.commons.httpclient.methoethonthosing ...writeRequestBody (EntityEnclosingMethod.java:506) at org.apache.commons.httpclient.HttpMethodBase.writeRequest (HttpMethodBase.java:2114) at org.apache.commons.httpclient.HttpMetaphod96: .commons.httpclient.HttpMethodDirector.executeWithRetry (HttpMethodDirector.java:398) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod (HttpMethodDirector.executeMethod (HttpMethodDirector.java:17ap1) atpMethodDirector.java:17ap1.com : 397) at org.apache.commons.httpclient.HttpClient.executeMethod (HttpClient.java:323) at balanceschecker.connector.Connector.conn (Connector.java:27) at balanceschecker.connector.Connector.RawPost (Connector.java: 99) at balanceschecker.connector.Connector.Post (Connector.java:111) in balanceschecker.login.Login.Login (Login.java:87) at balanceschecker.Main.main (Main.java:21) Cause: sun.security.validator.ValidatorException: PKIX path check failed: java.security.cert.CertPathValidatorException: subject / issuer Failed to verify name integrity at sun.security.validator.PKIXValidator.doValidate (PKIXValidator.java:251) at sun.security.validator.PKIXValidator.doValidate (PKIXValidator.java:234) at sun.security.validator.PKIXValidate (PKIXValidator.java:158) at sun.security.validator.Validator.validate (Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate (X509TrustManagerImpl.java:126) on com. sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted (X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted (X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate (ClientHandshaker.java:1014) ... 21 more Subject: subject: java.security.ExceptionPcert: java.security.ExceptionPerceptionPerception / issuer chain validation failed at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate (PKIXMasterCertPathValidator.java:139) at sun.security.provider.certpath.PKIXCertPathValidator.doValidate (PKIXCertPathValidator.doValidate (PKIXCertPathValidator.doValidate) (PKIXCertPathValidator.doValidate) (PKIXCertPathValidator.doValidate .certpath.PKIXCertPathValidator.engineValidate (PKIXCertPathValidator.java:178) at java.security.cert.CertPathValidator.validate (CertPathValidator.java:250) at sun.security.validator.PKIXValidate 28 morecheckServerTrusted (X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate (ClientHandshaker.java:1014) ... 21 more Caused by: java.security.cert.CertPath: subject name /Exception chain validation failed at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate (PKIXMasterCertPathValidator.java:139) at sun.security.provider.certpath.PKIXCertPathValidator.doValidate (PKIXCertPathValidator.doValidate (PKIXCertPathValidator.doValidate) .PKIXCertPathValidator.engineValidate (PKIXCertPathValidator.java:178) at java.security.cert.CertPathValidator.validate (CertPathValidator.java:250) at sun.security.validator.PKVIXValidator.checkServerTrusted (X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate (ClientHandshaker.java:1014) ... 21 more Caused by: java.security.cert.CertPath: subject name /Exception chain validation failed at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate (PKIXMasterCertPathValidator.java:139) at sun.security.provider.certpath.PKIXCertPathValidator.doValidate (PKIXCertPathValidator.doValidate (PKIXCertPathValidator.doValidate) .PKIXCertPathValidator.engineValidate (PKIXCertPathValidator.java:178) at java.security.cert.CertPathValidator.validate (CertPathValidator.java:250) at sun.security.validator.PKVIXValidator.internal.ssl.ClientHandshaker.serverCertificate (ClientHandshaker.java:1014) ... 21 more Cause: java.security.cert.CertPathValidatorException: subject / issuer name chain check failed at sun.security.provider.certpath.PKIXVatealCertPath PKIXMasterCertPathValidator.java:139) at sun.security.provider.certpath.PKIXCertPathValidator.doValidate (PKIXCertPathValidator.java:326) at sun.security.provider.certpath.PKIXCertPathineValidator .CertPathValidator.validate (CertPathValidator.java:250) at sun.security.validator.PKIXValidator.doValidate (PKIXValidator.java:246) ... 28 moreinternal.ssl.ClientHandshaker.serverCertificate (ClientHandshaker.java:1014) ... 21 more Cause: java.security.cert.CertPathValidatorException: subject / issuer name chain check failed at sun.security.provider.certpath.PKIXVatealCertPath PKIXMasterCertPathValidator.java:139) at sun.security.provider.certpath.PKIXCertPathValidator.doValidate (PKIXCertPathValidator.java:326) at sun.security.provider.certpath.PKIXCertPathineValidator .CertPathValidator.validate (CertPathValidator.java:250) at sun.security.validator.PKIXValidator.doValidate (PKIXValidator.java:246) ... 28 moreCertPathValidatorException: subject / issuer name chain validation failed at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate (PKIXMasterCertPathValidator.java:139) at sun.security.provider.certpath.PKalCertPathValidate (PKIXMasterCertPathValidator.java:139) at sun.security.provider.certpath.PValCertPathValidator .security.provider.certpath.PKIXCertPathValidator.engineValidate (PKIXCertPathValidator.java:178) at java.security.cert.CertPathValidator.validate (CertPathValidator.javaalator:250) at sun.security.validator:250) at sun.security.validator ) ... 28 moreCertPathValidatorException: subject / issuer name chain validation failed at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate (PKIXMasterCertPathValidator.java:139) at sun.security.provider.certpath.PKalCertPathValidator.java:139) at sun.security.provider.certpath.PKalCert32 .security.provider.certpath.PKIXCertPathValidator.engineValidate (PKIXCertPathValidator.java:178) at java.security.cert.CertPathValidator.validate (CertPathValidator.javaalator:250) at sun.security.validator:250) at sun.security.validator ) ... 28 moredoValidate (PKIXCertPathValidator.java:326) at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate (PKIXCertPathValidator.java:178) at java.security.cert.CertPathValidator.validator .PKIXValidator.doValidate (PKIXValidator.java:246) ... 28 moredoValidate (PKIXCertPathValidator.java:326) at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate (PKIXCertPathValidator.java:178) at java.security.cert.CertPathValidator.validator .PKIXValidator.doValidate (PKIXValidator.java:246) ... 28 more
Here is the code I am using (edited and condensed)
installAllTrustManager ();
PostMethod post = new PostMethod (server_path);
NameValuePair [] data = new NameValuePair {
new NameValuePair ("Username", username),
new NameValuePair ("Password", password)
};
post.setRequestBody (data);
post.getParams (). setParameter (HttpMethodParams.RETRY_HANDLER, new DefaultHttpMethodRetryHandler (3, false));
try {
HttpClient hc = new HttpClient ();
int result2 = hc.executeMethod (post);
if (result2! = HttpStatus.SC_OK) {
throw new IOException ("HTTP Status Not OK:" + result2);
}
return post.getResponseBodyAsStream ();
} finally {
post.releaseConnection ();
}
I have looked at the site's certificates and they are still valid for a year. Then I tried to bypass the certificate validation using the code shown in How to Bypass Trusted Host and Certificate Validation in Java , however the exception is still thrown.
What am I doing wrong?
How can I connect to the server successfully?
source to share
This error means that it cannot verify the certificate chain. Possible reasons:
- The root CA is not trusted by your JRE.
- The certificate is signed by an intermediate certificate, but the server does not send it along with the certificate.
Here's how to get a list of the root certificate,
keytool -list -keystore $JAVA_HOME/lib/security/cacerts -v
I don't know which Java way to check if an intermediate certificate has been sent. I am using openssl for this,
openssl s_client -host example.com -port 443
Will show you all the certificate sent by the server. Pay attention to the "Certificate Chain".
source to share