I am trying to establish a one way SSL connection to mail.google.com through java. I supposed mail.google.com is the same as gmail, so I created a certificate for gmail.com using the instructions provided here .
I created the cert as follows -
$ openssl s_client -connect smtp.gmail.com:465
Then I copied the
-----BEGIN CERTIFICATE-----
...
...
-----END CERTIFICATE-----
section into a file called "gmail.cert".
After that, I created my own keystore using the following command, setting the password to "password" -
$ keytool -import -alias smtp.gmail.com -keystore simpleKS.jks -file gmail.cert
I used the Java code provided at this link, with minor modifications:
System.setProperty("javax.net.ssl.trustStore", "simpleKS.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "password");
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
//connect to google
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslSock = (SSLSocket) factory.createSocket("mail.google.com",443);
System.out.println("Sending request...");
//send HTTP get request
BufferedWriter wr = new BufferedWriter(new OutputStreamWriter(sslSock.getOutputStream(), "UTF8"));
wr.write("GET /mail HTTP/1.1\r\nhost: mail.google.com\r\n\r\n");
wr.flush();
System.out.println("Reading response...");
// read response
BufferedReader rd = new BufferedReader(new InputStreamReader(sslSock.getInputStream()));
String string = null;
while ((string = rd.readLine()) != null) {
System.out.println(string);
System.out.flush();
}
rd.close();
wr.close();
// Close connection.
sslSock.close();
The class file and the keystore (and all other files) are in the same directory, so I am pretty sure it is not an issue with finding the actual keystore file.
However, when I execute this code, I get
Sending request...
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
What am I doing wrong?
Guess this is because the certs differ a bit for each protocol used see . So you might have to play arround with openssl to convert the cert to be used for another protocol.
Your error message states the same, it doesn't find a cert for mail.google.com since you only provided one for smtp.gmail.com.
(disclaimer i'm no ssl guru, just trying to point in a hopefully right direction)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.