ssl - SSLHandshakeException while connecting to HTTPS from java code -
we have self signed certificate in development environment of our legacy application. application accessible (with cert error - ca root certificate not trusted because not in trusted root certification authorities store.) browser when accessed java code (using httpsurlconnection), gives sslhandshakeexception.
after going through many stackoverflow questions (including telling java accept self-signed ssl certificate) , articles available on internet, followed below steps no luck yet:
- exported certificate browser (mycert.cer)
- imported mycert.cer in jvm truststore using command: keytool -import -alias myapp -file mycert.cer -keystore cacerts -storepass changeit
after running this, checked if added using keytool -list -keystore cacerts
even after adding certificate in java truststore, https java code gives me javax.net.ssl.sslhandshakeexception: received fatal alert: handshake_failure
any pointers on appreciated.
please note: self -signed certificate created long , dont have details how created.
some more details: java version - java 1.6 complete error trace:
javax.net.ssl.sslhandshakeexception: received fatal alert: handshake_failure @ com.sun.net.ssl.internal.ssl.alerts.getsslexception(alerts.java:174) @ com.sun.net.ssl.internal.ssl.alerts.getsslexception(alerts.java:136) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.recvalert(sslsocketimpl.java:1822) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.readrecord(sslsocketimpl.java:1004) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.performinitialhandshake(sslsocketimpl.java:1188) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.starthandshake(sslsocketimpl.java:1215) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.starthandshake(sslsocketimpl.java:1199) @ sun.net.www.protocol.https.httpsclient.afterconnect(httpsclient.java:434) @ sun.net.www.protocol.https.abstractdelegatehttpsurlconnection.connect(abstractdelegatehttpsurlconnection.java:166) @ sun.net.www.protocol.http.httpurlconnection.getinputstream(httpurlconnection.java:1195) @ java.net.httpurlconnection.getresponsecode(httpurlconnection.java:379) @ sun.net.www.protocol.https.httpsurlconnectionimpl.getresponsecode(httpsurlconnectionimpl.java:318) javax.net.ssl.sslhandshakeexception: received fatal alert: handshake_failure @ sun.reflect.nativeconstructoraccessorimpl.newinstance0(native method) @ sun.reflect.nativeconstructoraccessorimpl.newinstance(nativeconstructoraccessorimpl.java:39) @ sun.reflect.delegatingconstructoraccessorimpl.newinstance(delegatingconstructoraccessorimpl.java:27) @ java.lang.reflect.constructor.newinstance(constructor.java:513) @ sun.net.www.protocol.http.httpurlconnection$6.run(httpurlconnection.java:1514) @ java.security.accesscontroller.doprivileged(native method) @ sun.net.www.protocol.http.httpurlconnection.getchainedexception(httpurlconnection.java:1508) @ sun.net.www.protocol.http.httpurlconnection.getinputstream(httpurlconnection.java:1162) @ sun.net.www.protocol.https.httpsurlconnectionimpl.getinputstream(httpsurlconnectionimpl.java:234) caused by: javax.net.ssl.sslhandshakeexception: received fatal alert: handshake_failure @ com.sun.net.ssl.internal.ssl.alerts.getsslexception(alerts.java:174) @ com.sun.net.ssl.internal.ssl.alerts.getsslexception(alerts.java:136) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.recvalert(sslsocketimpl.java:1822) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.readrecord(sslsocketimpl.java:1004) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.performinitialhandshake(sslsocketimpl.java:1188) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.starthandshake(sslsocketimpl.java:1215) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.starthandshake(sslsocketimpl.java:1199) @ sun.net.www.protocol.https.httpsclient.afterconnect(httpsclient.java:434) @ sun.net.www.protocol.https.abstractdelegatehttpsurlconnection.connect(abstractdelegatehttpsurlconnection.java:166) @ sun.net.www.protocol.http.httpurlconnection.getinputstream(httpurlconnection.java:1195) @ java.net.httpurlconnection.getresponsecode(httpurlconnection.java:379) @ sun.net.www.protocol.https.httpsurlconnectionimpl.getresponsecode(httpsurlconnectionimpl.java:318) ... 1 more
it have been better if post sslhandshakeexception stack trace. however, if getting thing this:
javax.net.ssl.sslhandshakeexception: sun.security.validator.validatorexception: pkix path building failed: sun.security.provider.certpath.suncertpathbuilderexception: unable find valid certification path requested target
then please have below urls. these useful:
b. http://code.google.com/p/java-use-examples/source/browse/trunk/src/com/aw/ad/util/installcert.java
if getting thing this:
javax.net.ssl.sslhandshakeexception: java.security.cert.certificateexception: no subject alternative names present
use -ext san=ip:<ip address>, san (subject alternative name) while creating keystore. supported jdk 1.7 onwards.
Comments
Post a Comment