How to avoid SSLHandshakeException while connecting to HTTPS urls
Have you acquired a javax.web.ssl.SSLHandshakeException although making an attempt to hook up to a URL which is SSL encrypted? You want to hook up to a internet page or a Cleaning soap Net Services from your Java application but it is throwing the beneath exception:
Exception in thread “main” javax.web.ssl.SSLHandshakeException: sunlight.safety.validator.ValidatorException: PKIX route constructing unsuccessful: sunlight.safety.service provider.certpath.SunCertPathBuilderException: not able to discover valid certification route to asked for target
The error claims the connection could not be founded owing to a certificate validation error. You might be asking yourself why some urls are working although some not. To have an understanding of this you require to know what is SSL and how SSL operates.
What is Protected Socket Layer?
- 1 What is Protected Socket Layer?
- 2 Why Java throwing javax.web.ssl.SSLHandshakeException for some SSL web sites?
- 3 How to avoid SSLHandshakeException?
- 4 How to insert SSL certificate to the Java Truststore?
- 5 Connecting to a HTTPS web page with URLConnection
SSL stands for Protected Socket Layer which is a protocol in which the facts transfer involving a Net Customer(e.g. internet browser) and a Net Server takes spot in an encrypted format. Written content encrypted by the server is decrypted by the client using a public-non-public essential pair.
Important pairs is made up of a public essential and a non-public essential, information encrypted with just one essential can be decrypted with the other. All modern-day browsers consists of a established of nicely regarded certificates issued by certificate authorities(CA), which makes the encryption-decryption possible for HTTPS web sites.
Why Java throwing javax.web.ssl.SSLHandshakeException for some SSL web sites?
As in browser, JRE also is made up of a trustsore where by all trustworthy CA certificates are stored. This truststore is stored in a file named cacerts positioned at
How to avoid SSLHandshakeException?
There are lots of methods to conquer SSLHandshakeException, some are specified beneath:
- Incorporating certificate to Java have confidence in store manually
- Incorporating certificate to Java have confidence in store programmatically
- Use personalized have confidence in store
- Transform off certificate validation
Safest possibility is to insert the certificate to Java have confidence in store manually to avoid any safety issues.
How to insert SSL certificate to the Java Truststore?
It is a two stage system, very first download the certificate, then insert the certificate to the truststore.
1. Downloading the certificate
To start with, open up the url in your browser(actions may well differ relies upon on the browser), then simply click on the lock icon on the navigation bar, then simply click on Certification Information. Now go to Specifics tab, there you will see a Duplicate to File button. Clicking on this will give you a certificate export wizard where by you require to pick out certificate format as DER encoded binary X.509. Give a file name say mycertificate.cer and help save the file.
two. Incorporating certificate to the Java truststore
This is a easy stage, go to
keytool -import -alias alias -keystore ../lib/safety/cacerts -file mycertificate.cer
Enter the default keystore password ‘changeit'(changeme on Mac) for the prompt ‘Enter keystore password:’.
Then enter ‘yes’ for the prompt ‘Trust this certificate? [no]:’ and press enter essential.
If every little thing goes nicely, you will get a message ‘Certificate was added to keystore’ which confirms your certificate is added to the Java truststore successfylly!
Connecting to a HTTPS web page with URLConnection
Beneath method will now perform with out any SSL handshake exception:
URL url = new URL("https://safe.skunkworks.web.au") URLConnection con = url.openConnection() con.hook up() InputStream in = con.getInputStream() InputStreamReader inputstreamreader = new InputStreamReader(in) BufferedReader bufferedreader = new BufferedReader(inputstreamreader) String string = null although ((string = bufferedreader.readLine()) != null) Method.out.println(string)
That is it, now you learnt how to hook up to a SSL secured url from a Java application!
These who want to hook up to a mail server over SSL using Java Mail API, use the beneath residence to authenticate over SSL: