Configure a Java HTTP Client to Accept Self-Signed Certificates

From NovaOrdis Knowledge Base
Revision as of 10:22, 9 December 2017 by Ovidiu (talk | contribs) (→‎Procedure)
Jump to navigation Jump to search

Internal

Overview

If a Java client is attempting to connect to a HTTPS server configured with self-signed SSL certificates, the Java client will fail with: 

...
sun.security.validator.ValidatorException: PKIX path building failed: \
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This article provides a solution to this problem. The solution consist in obtaining the HTTPS server's public key, importing it into a local truststore and configuring the Java client to use the local truststore.

Procedure

Obtain the HTTPS Server's Public Key

Use openssl s_client as described here. The response will include the server's public key in PEM format.

Retrieved from "https://kb.novaordis.com/index.php?title=Configure_a_Java_HTTP_Client_to_Accept_Self-Signed_Certificates&oldid=34726"