错误的Java连接HTTPS和SSL证书

Question

I have a problem to connect with SSL in Java.

I use java 1.7.80 and SO : ubuntu 14.04

My problem is the certificate, even certificates. I have four elements that must be concatenated using the pkcs12 format.

testservizi.fattura.it.cer --> certificate that identifies the remote server

SDI-11036210158 --> certificate client

CAEntratetest.cer --> certificate CA

private.key --> private key

1) Step - convert the file cer into file pem

$ openssl x509 -in CAEntratetest.cer -outform PEM -out CAEntratetest.pem
$ openssl x509 -in SDI-11036210158.cer -inform DER -out SDI-11036210158.pem -outform PEM
$ openssl x509 -in testservizi.fatturapa.it.cer -inform DER -out testservizi.fatturapa.it.pem -outform PEM

2) Step - union pem files for create chain certificate

$ cat CAEntratetest.pem SDI-11036210158.pem testservizi.fatturapa.it.pem > sum_cert.pem

3) Step - create p12 file

$ openssl pkcs12 -export -in sum_cert.pem -inkey private.key -out sogei_auth.p12 -name sogei_auth

Ok. My first test is to import the p12 file in the browser (Mozilla Firefox) to verify the operation. The import is successful and at this point I enter the url

https://testservizi.fatturapa.it/ricevi_file

and he answered:

Hello! This is an Axis2 Web Service!

..perfect works!!

Now I have to make it work with java and I create a test client

import java.io.File;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils;

public class TestHTTPSClient {

    public static void main(String[] args) throws Exception {
        SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial(new File("C:/testSSL/sogei_auth.p12"), "changeit".toCharArray()).build();
        SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext);
        CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
        try {
            HttpGet httpget = new HttpGet("https://testservizi.fatturapa.it/ricevi_file");
            System.out.println("executing request " + httpget.getRequestLine());
            CloseableHttpResponse response = httpclient.execute(httpget);
            try {
                HttpEntity entity = response.getEntity();
                System.out.println("----------------------------------------");
                System.out.println(response.getStatusLine());
                EntityUtils.consume(entity);
            } finally {
                response.close();
            }
        } finally {
            httpclient.close();
        }
    }
}

2) Change format keystore in java.security , otherwise you can not read the file p12

keystore.type=jks

change into

keystore.type=pkcs12

3) Start testing in java and I answered with an error

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
..
.
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 26 more

can you help me...

Answer 1

you may store in jre cacerts file for permanently solve this issue if runtime certification stuff is not required! Check this answer for installing certificate to cacerts...

and remove all certification related code form your source! Please clarify if you want to do this runtime only not manually.