ssl - SSLHandshakeException while connecting to HTTPS from java code -


we have self signed certificate in development environment of our legacy application. application accessible (with cert error - ca root certificate not trusted because not in trusted root certification authorities store.) browser when accessed java code (using httpsurlconnection), gives sslhandshakeexception.

after going through many stackoverflow questions (including telling java accept self-signed ssl certificate) , articles available on internet, followed below steps no luck yet:

  1. exported certificate browser (mycert.cer)
  2. imported mycert.cer in jvm truststore using command: keytool -import -alias myapp -file mycert.cer -keystore cacerts -storepass changeit

after running this, checked if added using keytool -list -keystore cacerts

even after adding certificate in java truststore, https java code gives me javax.net.ssl.sslhandshakeexception: received fatal alert: handshake_failure

any pointers on appreciated.

please note: self -signed certificate created long , dont have details how created.

some more details: java version - java 1.6 complete error trace:

javax.net.ssl.sslhandshakeexception: received fatal alert: handshake_failure     @ com.sun.net.ssl.internal.ssl.alerts.getsslexception(alerts.java:174)     @ com.sun.net.ssl.internal.ssl.alerts.getsslexception(alerts.java:136)     @ com.sun.net.ssl.internal.ssl.sslsocketimpl.recvalert(sslsocketimpl.java:1822)     @ com.sun.net.ssl.internal.ssl.sslsocketimpl.readrecord(sslsocketimpl.java:1004)     @ com.sun.net.ssl.internal.ssl.sslsocketimpl.performinitialhandshake(sslsocketimpl.java:1188)     @ com.sun.net.ssl.internal.ssl.sslsocketimpl.starthandshake(sslsocketimpl.java:1215)     @ com.sun.net.ssl.internal.ssl.sslsocketimpl.starthandshake(sslsocketimpl.java:1199)     @ sun.net.www.protocol.https.httpsclient.afterconnect(httpsclient.java:434)     @ sun.net.www.protocol.https.abstractdelegatehttpsurlconnection.connect(abstractdelegatehttpsurlconnection.java:166)     @ sun.net.www.protocol.http.httpurlconnection.getinputstream(httpurlconnection.java:1195)     @ java.net.httpurlconnection.getresponsecode(httpurlconnection.java:379)     @ sun.net.www.protocol.https.httpsurlconnectionimpl.getresponsecode(httpsurlconnectionimpl.java:318)  javax.net.ssl.sslhandshakeexception: received fatal alert: handshake_failure     @ sun.reflect.nativeconstructoraccessorimpl.newinstance0(native method)     @ sun.reflect.nativeconstructoraccessorimpl.newinstance(nativeconstructoraccessorimpl.java:39)     @ sun.reflect.delegatingconstructoraccessorimpl.newinstance(delegatingconstructoraccessorimpl.java:27)     @ java.lang.reflect.constructor.newinstance(constructor.java:513)     @ sun.net.www.protocol.http.httpurlconnection$6.run(httpurlconnection.java:1514)     @ java.security.accesscontroller.doprivileged(native method)     @ sun.net.www.protocol.http.httpurlconnection.getchainedexception(httpurlconnection.java:1508)     @ sun.net.www.protocol.http.httpurlconnection.getinputstream(httpurlconnection.java:1162)     @ sun.net.www.protocol.https.httpsurlconnectionimpl.getinputstream(httpsurlconnectionimpl.java:234)  caused by: javax.net.ssl.sslhandshakeexception: received fatal alert: handshake_failure     @ com.sun.net.ssl.internal.ssl.alerts.getsslexception(alerts.java:174)     @ com.sun.net.ssl.internal.ssl.alerts.getsslexception(alerts.java:136)     @ com.sun.net.ssl.internal.ssl.sslsocketimpl.recvalert(sslsocketimpl.java:1822)     @ com.sun.net.ssl.internal.ssl.sslsocketimpl.readrecord(sslsocketimpl.java:1004)     @ com.sun.net.ssl.internal.ssl.sslsocketimpl.performinitialhandshake(sslsocketimpl.java:1188)     @ com.sun.net.ssl.internal.ssl.sslsocketimpl.starthandshake(sslsocketimpl.java:1215)     @ com.sun.net.ssl.internal.ssl.sslsocketimpl.starthandshake(sslsocketimpl.java:1199)     @ sun.net.www.protocol.https.httpsclient.afterconnect(httpsclient.java:434)     @ sun.net.www.protocol.https.abstractdelegatehttpsurlconnection.connect(abstractdelegatehttpsurlconnection.java:166)     @ sun.net.www.protocol.http.httpurlconnection.getinputstream(httpurlconnection.java:1195)     @ java.net.httpurlconnection.getresponsecode(httpurlconnection.java:379)     @ sun.net.www.protocol.https.httpsurlconnectionimpl.getresponsecode(httpsurlconnectionimpl.java:318)      ... 1 more 

it have been better if post sslhandshakeexception stack trace. however, if getting thing this:

javax.net.ssl.sslhandshakeexception: sun.security.validator.validatorexception: pkix path building failed: sun.security.provider.certpath.suncertpathbuilderexception: unable find valid certification path requested target

then please have below urls. these useful:

a. http://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/

b. http://code.google.com/p/java-use-examples/source/browse/trunk/src/com/aw/ad/util/installcert.java

if getting thing this:

javax.net.ssl.sslhandshakeexception: java.security.cert.certificateexception: no subject alternative names present

use -ext san=ip:<ip address>, san (subject alternative name) while creating keystore. supported jdk 1.7 onwards.


Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -