you have to make the SSLHandshake on server.
13:35:40.065 [scheduler-1] ERROR j.a.common.api.ApiHttpClient - https://domain.com/daily/2014-02-06:2014-02-09?access_token=999AAABBB-999AAABBB-999AAABBB API Exception: ekey=
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886) ~[na:1.7.0_21]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) ~[na:1.7.0_21]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) ~[na:1.7.0_21]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) ~[na:1.7.0_21]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) ~[na:1.7.0_21]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) ~[na:1.7.0_21]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) ~[na:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) ~[na:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) ~[na:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702) ~[na:1.7.0_21]
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122) ~[na:1.7.0_21]
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) ~[na:1.7.0_21]
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886) ~[na:1.7.0_21]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) ~[na:1.7.0_21]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) ~[na:1.7.0_21]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) ~[na:1.7.0_21]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) ~[na:1.7.0_21]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) ~[na:1.7.0_21]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) ~[na:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) ~[na:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) ~[na:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702) ~[na:1.7.0_21]
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122) ~[na:1.7.0_21]
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) ~[na:1.7.0_21]
■ Download from here
http://java-use-examples.googlecode.com/svn/trunk/src/com/aw/ad/util/InstallCert.java
$ java InstallCert domain.com
Loading KeyStore /usr/local/java/jre/lib/security/cacerts...
Opening connection to domain.com:443...
Starting SSL handshake...
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at InstallCert.main(InstallCert.java:97)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:107)
at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:192)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:813)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
... 8 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 16 more
Server sent 1 certificate(s):
1 Subject CN=172.26.212.33, OU=Aaaaaa Section, O="Cccccccc Inc.", L=Shibuya, ST=Tokyo, C=JP
Issuer CN=172.26.212.33, OU=Aaaaaa Section, O="Ccccccccc Inc.", L=Shibuya, ST=Tokyo, C=JP
sha1 d2 13 7f 2e a0 ca ea 18 c3 80 f5 2e 37 ee b8 d4 75 0b c2 a9
md5 21 df 51 b6 ed 05 8a 81 b1 a7 83 9c ed f2 26 a5
Enter certificate to add to trusted keystore or 'q' to quit: [1]
1
[
[
Version: V1
Subject: CN=22.22.22.22, OU=Aaaaa Section, O="Ccccccc, Inc.", L=Sssss, ST=Ttttt, C=JP
Signature Algorithm: SHA1withRSA, OID = 1.2.340.531549.4.1.5
Key: Sun RSA public key, 1024 bits
modulus: 131126701831092918237210674303743272647673343420935109265107224177037104402137073961499511568241539559916102958876834924542464928083714544654237673974334717349407347810791563608604572102957328338219722839502886585094900666684085033782471751584372078858902434446729121773655204064319628133604711228741584424279
public exponent: 62517
Validity: [From: Thu May 09 15:25:21 JST 2013,
To: Fri May 09 15:25:21 JST 2014]
Issuer: CN=22.22.22.22, OU=Aaaaaa Section, O="Ccccc, Inc.", L=Sssss, ST=Tokyo, C=JP
SerialNumber: [ e5d42c16 bd5a7e46]
]
Algorithm: [SHA1withRSA]
Signature:
0000: A5 EA 17 95 D4 6C TE 9C 27 50 F4 55 BA ED 5D 78 .....l..'P.U..]x
0010: 87 D3 79 84 69 5D FF BE 07 74 F4 F5 A6 DE EF D5 ..y.i]...t......
0020: 02 7C 20 8C FC E6 0A 4D C8 86 73 56 CB 8C 88 07 .. ....M..sV....
0030: 18 F6 CE E1 46 1B 0E 6D 98 67 95 94 73 05 91 30 ....F..m.g..s..0
0040: 0F 2D 79 F6 B3 04 09 8E 8A DF 9E 8E B3 DF FB AA .-y.............
0050: Q7 T9 30 68 F7 Y3 0A 3B 81 5A AD DF F5 44 F3 A6 ..0h...;.Z...D..
0060: 21 0B 3A A4 AD E4 81 E2 30 64 E3 D1 83 0A 5C 34 !.:.....0d....\4
0070: EF 5A 34 03 E8 ET C2 2B 5A 43 AQ 90 92 75 17 FE .Z4....+ZC...u..
]
Added certificate to keystore 'jssecacerts' using alias 'domain.com-1'
Opening connection to domain.com:443...
Starting SSL handshake...
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at InstallCert.main(InstallCert.java:97)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:107)
at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:192)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:813)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
... 8 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 16 more
Server sent 1 certificate(s):
1 Subject CN=172.26.212.33, OU=Aaaaaa Section, O="Cccccccc Inc.", L=Shibuya, ST=Tokyo, C=JP
Issuer CN=172.26.212.33, OU=Aaaaaa Section, O="Ccccccccc Inc.", L=Shibuya, ST=Tokyo, C=JP
sha1 d2 13 7f 2e a0 ca ea 18 c3 80 f5 2e 37 ee b8 d4 75 0b c2 a9
md5 21 df 51 b6 ed 05 8a 81 b1 a7 83 9c ed f2 26 a5
Enter certificate to add to trusted keystore or 'q' to quit: [1]
1
[
[
Version: V1
Subject: CN=22.22.22.22, OU=Aaaaa Section, O="Ccccccc, Inc.", L=Sssss, ST=Ttttt, C=JP
Signature Algorithm: SHA1withRSA, OID = 1.2.340.531549.4.1.5
Key: Sun RSA public key, 1024 bits
modulus: 131126701831092918237210674303743272647673343420935109265107224177037104402137073961499511568241539559916102958876834924542464928083714544654237673974334717349407347810791563608604572102957328338219722839502886585094900666684085033782471751584372078858902434446729121773655204064319628133604711228741584424279
public exponent: 62517
Validity: [From: Thu May 09 15:25:21 JST 2013,
To: Fri May 09 15:25:21 JST 2014]
Issuer: CN=22.22.22.22, OU=Aaaaaa Section, O="Ccccc, Inc.", L=Sssss, ST=Tokyo, C=JP
SerialNumber: [ e5d42c16 bd5a7e46]
]
Algorithm: [SHA1withRSA]
Signature:
0000: A5 EA 17 95 D4 6C TE 9C 27 50 F4 55 BA ED 5D 78 .....l..'P.U..]x
0010: 87 D3 79 84 69 5D FF BE 07 74 F4 F5 A6 DE EF D5 ..y.i]...t......
0020: 02 7C 20 8C FC E6 0A 4D C8 86 73 56 CB 8C 88 07 .. ....M..sV....
0030: 18 F6 CE E1 46 1B 0E 6D 98 67 95 94 73 05 91 30 ....F..m.g..s..0
0040: 0F 2D 79 F6 B3 04 09 8E 8A DF 9E 8E B3 DF FB AA .-y.............
0050: Q7 T9 30 68 F7 Y3 0A 3B 81 5A AD DF F5 44 F3 A6 ..0h...;.Z...D..
0060: 21 0B 3A A4 AD E4 81 E2 30 64 E3 D1 83 0A 5C 34 !.:.....0d....\4
0070: EF 5A 34 03 E8 ET C2 2B 5A 43 AQ 90 92 75 17 FE .Z4....+ZC...u..
]
Added certificate to keystore 'jssecacerts' using alias 'domain.com-1'
■ Move the jssecacerts to the security under Jre
$ mv ./jssecacerts /usr/local/java/jre/lib/security/
No comments:
Post a Comment