jdk.certpath.disabledAlgorithms=MD2 (javax.net.ssl.SSLHandshakeException) - java

My code was working fine with out any exception, i recently connected to a server , in my code i just changed the server host name, username and password. i got the following exception
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
When i googled , i found that we have to change the file Java\jre7\lib\security\java.security i referred this link click here.
But if we develop a client application this solution is not good enough. Is there any better way to resolve this problem.
Any help is appreciable

Related

Java error Caused by: Javax.net.ssl.SSLHandhakeException: Java.security.cert.CertificateExpiredException

We are having a problem with absorbing data from several FTP servers (hosted by a third paty) Our system is unable to absorb any files from the FTP servers while we are able to reach them via FileZilla. Other systems are able to reach them and place the files on the path, but our system will not pick them up and gives an error:
Caused by: Javax.net.ssl.SSLHandhakeException: Java.security.cert.CertificateExpiredException
enter image description here
Is someone able to advise us as all parties are saying it is not caused by them;
The Website hosting says its not caused by them, the FTP hosting says its not caused by them, and the developpers are also saying it is not caused by them :(
Certificate Expired Exception. This is thrown whenever the current
Date or the specified Date is after the notAfter date/time specified
in the validity period of the certificate.
Check if your application server and FileZilla try to access the same server.
If so, then you might need to update the certificate in the trust store of your application server. (The certificate might have been added to the machine from which you are using FileZilla - as far as I understand these 2 are different machines).
The error is clear about the certificate expiration. Hence, either FileZilla is ignoring that error, or it's using another certificate. So you have 2 options: either ask your developers to ignore the certificate as well, or to ask for updating the certificate on the other side.
In the end, it turned out the Root SSL certificate of the FTP host was indeed expired. This seems to be a rare situation.

com.ibm.jsse2.util.j: Certificate chaining error while accessing a page through https in notes agent

I have following situation - I want to get page content using https request and java agent. However, I'm getting following error message:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: Certificate chaining error
I already imported internet certificates to my local notes cacerts file, but nothing changed.
However, when I'm running same code in Eclipse, using keystore with certificates downloaded from page I try to receive and it works fine.
I'm out of ideas, any suggestions will be appreciated!
===EDIT===
Dmytro Pastovenskyi's answer helped me, but additionally to get rid of protocol_version exception I had to use following code, setting version of TLS used:
System.setProperty("https.protocols", "TLSv1");
It seems nessesary to establish connection to some sites using 1.6 IBM JAVA.
I had same issue some times before.
It looks like IBM Domino server more strict when it check certificates. Our administrator who at the beginning said that chain is correct later found an issue with chain (and yes, it worked for .NET/JAVA and other platform, just not with Domino). Try to find some online tools that verify chain.
Before chain is fixed you can simply disabled certificate validation. I've an article how to do it (+ some other articles that may help you). Have a look here: Disabling certificate validation in Java

Java Salesforce Integration Error

I'm trying to connect to salesforce from a java application. I was earlier getting a login error as follows which was resolved by setting the appropriate proxy settings.
com.sforce.ws.ConnectionException: Failed to send request to https://login.salesforce.com/services/Soap/c/29.0
Now, I'm getting the following error:
com.sforce.ws.ConnectionException: Failed to send request to https://ap1.salesforce.com/services/Soap/m/29.0/00D90000000q0ZR
at com.sforce.ws.transport.SoapConnection.send(SoapConnection.java:121)
at com.sforce.soap.metadata.MetadataConnection.describeMetadata(MetadataConnection.java:281)
at integration.IntegrationClass.describeMetadata(IntegrationClass.java:80)
at integration.IntegrationClass.main(IntegrationClass.java:26)
Caused by: java.net.ConnectException: Connection refused: connect
Any ideas on how to resolve this error? Thanks!
UPDATE: I tried the code at my home (free from the restrictions of the office firewalls et al :) ) and found that the code ran successfully. Any ideas about changes that I should make to do the same at the company. As I already said, I added the config.setProxy(host, port) which allowed me to successfully log in, but not access the application. I have also enabled proxy from eclipse using Preferences -> General -> Network Connections. What am I missing?
Thanks a lot for your help. Cheers!
Ok, I got the solution and it's kinda silly, but since I didn't spot it anywhere else inspite of seeing similar questions, I'm going to post the solution.
The ConnectorConfig config = new ConnectorConfig(); is used multiple times; in my case, it is first used to login using new EnterpriseConnection(config)).login(username, password); and next to obtain a metadata connection using new MetadataConnection(config);. Since I'm creating 2 ConnectorConfig objects, I would need to use the setProxy method on both, which I...forgot. Hope this solution helps other people having the same problem.
Cheers!

SSL On Server Doesn't Work, On Local Machine Works Fine

This is more of a general java SSL question than anything...
I am using CXF to connect to a secure web service. When I run it on my local Windows development machine, it connects and works, however, once I deployed it to my application server (glassfish 3.1) it no longer works. I get this:
Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://vendorUrl: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1458)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1443)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:659)
I've tried adding the cert to the domain\config\cacerts.jks file, to the lib\security\cacerts file, etc. but since that has been asked many times I'm not asking why that isn't working (though, I'd like to know why).
What has me confused is, why would this work on my local dev machine without adding anything to any keystores? I mean, I didn't connect to their URL's via a browser, I didn't add anything - it just worked, the first time, from Eclipse. Why?
What has me confused is, why would this work on my local dev machine
without adding anything to any keystores? I mean, I didn't connect to
their URL's via a browser, I didn't add anything - it just worked, the
first time, from Eclipse.
The information you post are not helpful (this is the least I can say).
What you are saying could happen in only 2 cases:
1) The server uses a certificate signed by a trusted CA already in java's truststore cacert (e.g. Verisign)
2) You have enabled the anonymous ciphers suites
Since when you deploy it in a different machine you have handshake exception complaining about validation, I guess we can rule out (1).
From what you describe it seems that (2) is not possible either, since you haven't enabled anonymous ciphers suites.
So.... please update your post with more accurate information. Also debugging info from the good and bad case

How to solve sun.security.provider.certpath.SunCertPathBuilderException?

I have written some code to connect to my mail server and read emails. I am using POP3 using SSL connection. I have also added SSL certificate to the java keystore. But still i am getting the same exception. Please help. Thanks in advance.
Possible cause this exception would be the cert from the keystore does not match the cert from the server.
Checkout these link might be helpful to you:
Unable to Connect to SSL Services due to PKIX Path Building Failed sun.security.provider.certpath.SunCertPathBuilderException
How to handle invalid SSL certificates with Apache HttpClient?
I got the same error, I disabled always scan encrypted connections in the settings of my antivirus software, and it worked.
I have groovy script, and I was using #Grab(group='org.apache.commons', module='commons-collections4', version='4.2')
I could not runt it because of an error Error grabbing Grapes -- [unresolved dependency: org.apache.commons#commons-collections4;4.2: not found]
Using -Divy.message.logger.level=4 I saw I was having the following problem:
Server access error at url https://repo1.maven.org/maven2/org/apache/commons/commons-collections4/4.2/commons-collections4-4.2.pom (javax.net.ssl.SSLException: Received fatal alert: protocol_version)
My qick fix was to use JDK8 instead of JDK7 it seems that JDK8 has updated certificates and it worked

Categories