dev@glassfish.java.net

Re: SSL connection error

From: V B Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Thu, 22 Jan 2009 15:09:19 +0530

Karthik Sudarshan wrote:

> Hi all,
> I'm using Glassfish v2 and when I access my web application via
> https on the default port (8181), via, a test client I get the
> exception below. Does anyone have any idea of what I'm missing? When I
> access from the browser, the browser gives an error saying the
> certificate is self signed (which is the case by default), and I have
> to add an exception in the browser and after that everything is fine.
>
> I'm also attaching the client that I'm using to test it with the mail.
> It would be great if someone can throw some light on this.
>
make sure you set the System Property javax.net.ssl.trustStore property
in your client code before making the connection. The value of the
property should be a java keystore which has the self-signed certificate
of the server. You can point it to domains/domainx/config/cacerts.jks
for example.

rgds.

> -Karthik
>
> Exception in thread "main" javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
>
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
>
> at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
>
> at
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
>
> at
> sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)
> at
> sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:404)
>
> at
> sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:408)
> at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
> at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
> at com.sun.portal.mirage.webdav.client.Test.main(Test.java:35)
> Caused by: sun.security.validator.ValidatorException: PKIX path
> building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
> at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
>
> at sun.security.validator.Validator.validate(Validator.java:203)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
>
> at
> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
>
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
>
>
>
>
>------------------------------------------------------------------------
>
>/*
> * To change this template, choose Tools | Templates
> * and open the template in the editor.
> */
>
>package com.sun.portal.mirage.webdav.client;
>
>import java.io.BufferedReader;
>import java.io.InputStreamReader;
>import java.io.OutputStreamWriter;
>import java.io.Writer;
>import java.net.Socket;
>import javax.net.ssl.SSLSocketFactory;
>
>/**
> *
> * @author Karthik
> */
>public class Test {
> public static final String TARGET_HTTPS_SERVER = "localhost";
> public static final int TARGET_HTTPS_PORT = 8181;
>
> public static void main(String[] args) throws Exception {
>
> Socket socket = SSLSocketFactory.getDefault().
> createSocket(TARGET_HTTPS_SERVER, TARGET_HTTPS_PORT);
> try {
> Writer out = new OutputStreamWriter(
> socket.getOutputStream(), "ISO-8859-1");
> out.write("GET / HTTP/1.1\r\n");
> out.write("Host: " + TARGET_HTTPS_SERVER + ":" +
> TARGET_HTTPS_PORT + "\r\n");
> out.write("Agent: SSL-TEST\r\n");
> out.write("\r\n");
> out.flush();
> BufferedReader in = new BufferedReader(
> new InputStreamReader(socket.getInputStream(), "ISO-8859-1"));
> String line = null;
> while ((line = in.readLine()) != null) {
> System.out.println(line);
> }
> } finally {
> socket.close();
> }
> }
>
>}
>
>
>
>------------------------------------------------------------------------
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.