I have written some code to connect to my mail server and read emails. I am using POP3 using SSL connection. I have also added SSL certificate to the java keystore. But still i am getting the same exception. Please help. Thanks in advance.
Possible cause this exception would be the cert from the keystore does not match the cert from the server.
Checkout these link might be helpful to you:
Unable to Connect to SSL Services due to PKIX Path Building Failed sun.security.provider.certpath.SunCertPathBuilderException
How to handle invalid SSL certificates with Apache HttpClient?
I got the same error, I disabled always scan encrypted connections in the settings of my antivirus software, and it worked.
I have groovy script, and I was using #Grab(group='org.apache.commons', module='commons-collections4', version='4.2')
I could not runt it because of an error Error grabbing Grapes -- [unresolved dependency: org.apache.commons#commons-collections4;4.2: not found]
Using -Divy.message.logger.level=4 I saw I was having the following problem:
Server access error at url https://repo1.maven.org/maven2/org/apache/commons/commons-collections4/4.2/commons-collections4-4.2.pom (javax.net.ssl.SSLException: Received fatal alert: protocol_version)
My qick fix was to use JDK8 instead of JDK7 it seems that JDK8 has updated certificates and it worked
Related
After applying the latest Windows Updates I'm getting an:
Error 500--Internal Server Error
trying to access my URL using HTTP (not HTTPS!) protocol.
Looking in Weblogic logs, I found this error:
ServletContext#199346236[app:analytics module:analytics path:/analytics spec-version:2.5 version:11.1.1]] Root cause of ServletException.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
How can I solve this issue?
I don't know where I can find this expired certificate and if this is the real problem because I'm not using an HTTPS protocol trying to access my site.
You will have to find the location of your certificates first or your certificates are located in your keystore. If so, you can display content of your keystore and check which certificates you have.
Do you use Weblogic in combination with OSB? If yes, then the keystore is propably configured in your Enterprise Manager. If not, then your keystore is configured on Weblogic level which can be found at servers -> keystores tab
I don't know if this is the solution but let's try it out.
I am trying to implement the HTTPS on an internal web application which uses Play framework (version 2.5) as a Backend framework and Angular as Frontend and I have created a self signed certificate with Keytool following the Play framework documentation:
https://www.playframework.com/documentation/2.5.x/CertificateGeneration.
Then I save the '.crt' file in cacerts (java keystore) and provide the .jks when starting the application with these additional commands:
-Dplay.server.https.keyStore.path="path-to-jks-file"
and -Dplay.server.https.keyStore.password="the-password-here"
But after trying to make a request to the server I get an error:
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown (image below)
Although the handshake happens after that and the HTTPS works correctly. Any ideas how to solve this issue
Link to error image
I have fixed this issue now. The problem with Chrome Browser was on 'Subject Alternative Name' missing, which is required from Chrome 58+ and that caused the error during the tls handshake. After adding SAN property to the certificate the problem is gone.
I posted this answer to help anyone who might have the same problem...
My code connects to apns for push notification. Am using clevertap library from git(https://github.com/CleverTap/apns-http2). It uses okhttp for the connection. When I run code on IBM WAS 8.5.5 and am receiving SSLHandshakeException. Details below. Can you pls help me on how to address this? Am trying with Synchronous mode of sending push message. I use Java 1.7, WAS 8.5.5. Pls let me know if you need more details.
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ibm.jsse2.j.a(j.java:23)
at com.ibm.jsse2.j.a(j.java:21)
at com.ibm.jsse2.qc.b(qc.java:465)
at com.ibm.jsse2.qc.a(qc.java:451)
at com.ibm.jsse2.qc.h(qc.java:759)
at com.ibm.jsse2.qc.a(qc.java:353)
at com.ibm.jsse2.qc.startHandshake(qc.java:800)
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:299)
at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:268)
at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:160)
When I googled for the issue, it seems the issue is because of IBMJSSE2, the JSSE implementation used by Websphere, in not compatible with this solution.
The problem is that for this implementation, the cipher suite names may starts with SSL_ or TLS_ (IBM documentation), both accepted: but that is not true for OkHttp. But I could not find a work around that I can use to fix the problem.
I read that version 3.7 of the jar will fix the problem but am using 3.9.1 and still running into the same issue.
I have the certificate imported into WAS trust store. I also have TLS 1.2 in the environment.
I have following situation - I want to get page content using https request and java agent. However, I'm getting following error message:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: Certificate chaining error
I already imported internet certificates to my local notes cacerts file, but nothing changed.
However, when I'm running same code in Eclipse, using keystore with certificates downloaded from page I try to receive and it works fine.
I'm out of ideas, any suggestions will be appreciated!
===EDIT===
Dmytro Pastovenskyi's answer helped me, but additionally to get rid of protocol_version exception I had to use following code, setting version of TLS used:
System.setProperty("https.protocols", "TLSv1");
It seems nessesary to establish connection to some sites using 1.6 IBM JAVA.
I had same issue some times before.
It looks like IBM Domino server more strict when it check certificates. Our administrator who at the beginning said that chain is correct later found an issue with chain (and yes, it worked for .NET/JAVA and other platform, just not with Domino). Try to find some online tools that verify chain.
Before chain is fixed you can simply disabled certificate validation. I've an article how to do it (+ some other articles that may help you). Have a look here: Disabling certificate validation in Java
I'm trying to authenticate with a server over HTTPS. I'm having problems with the handshake. I think this is due to the fact that when I go to the URL in my browser, a popup box appears. If I cancel that, I can then go to a form which will allow me to login again. The server security is TAM.
Its actually at the start where I'm having problems. When I try to run this code:
HttpResponse response = httpclient.execute(httpget);
I get an IOException error stating that javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated. The sample code I'm using is from Apache HTTPClient docs. I've tried to also use the built in java authentication methods, but I get other problems with the handshake, saying the certificate isn't trusted.
Anyway, I'm pretty stuck at the moment, which is frustrating because I thought this type of stuff should be basic enough.
So, could someone be so kind as to direct me to some sample code for authentication over HTTPS?
Thanks.
EDIT:
Just to add another error I get when using the built in java http auth, relating to the certificate:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=XXX Internal Root CA, O=XXX Corporation, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
It seems you are missing server SSL certificates in jvm keystore, you need to import certificates using keytool. Here is one link on how to do. Here is another link (even though it is for Gmail, you may find steps useful)
The problem here is Windows. Or more specifically the WinInet API, apparently.
I can create a custom TrustManager that accepts all certs, and it can connect fine. Also, if I try my code without the hack on linux, then it works fine. So whatever way Windows handle the keystore is giving me problems.