Java and mysterious SSL certificate issue even though certification path is valid
Question
I'm having suspicious case with SSL connection.
Certificate path is valid, but it stops working after couple of hours within tomcat application. When I do restart of tomcat application it's working again.
I am connecting to https://android.googleapis.com .
Host android.googleapis.com has the following certificate chain
Subject: CN=*.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US
Subject: CN=Google Internet Authority G2, O=Google Inc, C=US
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Since it's ROOT CA is GeoTrust it should be working just fine without adding it to my trusted store.
Stack dump looks like this:
http-8090-6, SEND TLSv1 ALERT: fatal, description = certificate_unknown
http-8090-6, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E .......
http-8090-6, called closeSocket()
http-8090-6, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
http-8090-6, called close()
http-8090-6, called closeInternal(true)
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
...
at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:219)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:100)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:604)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:565)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:789)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:861)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1584)
at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 46 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 52 more
And this is whole network trace:
*** ClientHello, TLSv1
RandomCookie: GMT: 1427119884 bytes = { 32, 116, 13, 171, 110, 175, 191, 29, 167, 64, 218, 10, 42, 39, 239, 148, 92, 232, 0, 187, 83, 41, 158, 112, 77, 230, 127, 107 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 79
[write] MD5 and SHA1 hashes: len = 107
http-8090-6, WRITE: SSLv2 client hello message, length = 107
[Raw write]: length = 109
[Raw read]: length = 5
[Raw read]: length = 74
http-8090-6, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1427119884 bytes = { 169, 89, 61, 230, 86, 219, 246, 181, 117, 182, 73, 163, 123, 159, 140, 101, 9, 219, 7, 91, 102, 80, 229, 235, 140, 43, 175, 170 }
Session ID: {228, 214, 31, 142, 230, 65, 68, 159, 82, 48, 174, 186, 64, 225, 167, 1, 92, 212, 150, 124, 103, 17, 91, 53, 38, 51, 145, 15, 101, 60, 114, 99}
Cipher Suite: SSL_RSA_WITH_RC4_128_SHA
Compression Method: 0
***
%% Created: [Session-625, SSL_RSA_WITH_RC4_128_SHA]
** SSL_RSA_WITH_RC4_128_SHA
[read] MD5 and SHA1 hashes: len = 74
[Raw read]: length = 5
[Raw read]: length = 3164
http-8090-6, READ: TLSv1 Handshake, length = 3164
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=*.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 24000908991916098496876413836423865147420754144890034973734444557449934671854892211479661184310809058799504252696393899851758831459499001982104016612941962136348031202160582847350381597900449459258131418939759896793523119325373324662540374144084538566367685059004110878223473156453841127743674749566197296597910629125480323087182424886412231271232878856151765223624016968109795169163690579559354210632065905390252671268436619584534551945699768649394103191136228473534529047690175304320356470934346917571726340573254390305379238378806407702539071391979907028373821255506822492653509861306234931022788700588664177461849
public exponent: 65537
Validity: [From: Wed Mar 11 17:08:11 CET 2015,
To: Tue Jun 09 02:00:00 CEST 2015]
Issuer: CN=Google Internet Authority G2, O=Google Inc, C=US
SerialNumber: [ 0e05e3b8 705f8f63]
Certificate Extensions: 8
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 6B 89 38 54 FE 95 5E 00 CB 0E 6A 0A E3 47 08 A2 k.8T..^...j..G..
0010: AF 98 F9 E0 ....
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 4A DD 06 16 1B BC F6 68 B5 76 F5 81 B6 BB 62 1A J......h.v....b.
0010: BA 5A 81 2F .Z./
]
]
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://pki.google.com/GIAG2.crl]
]]
[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: *.googleapis.com
DNSName: *.clients6.google.com
DNSName: *.cloudendpointsapis.com
DNSName: cloudendpointsapis.com
DNSName: googleapis.com
]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.1]
[] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
[8]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://pki.google.com/GIAG2.crt,
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://clients1.google.com/ocsp]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 20 42 B7 F0 3D 11 5D 4E 10 98 97 77 6B E3 DD 5E B..=.]N...wk..^
0010: E5 1E 75 AC 00 44 5A 10 52 31 E3 FC 08 DD 7F 74 ..u..DZ.R1.....t
0020: E8 87 F4 11 C8 5F 21 4F 41 4B 18 61 76 AB 1F A5 ....._!OAK.av...
0030: 7C 07 F4 DD 55 24 C3 38 9B FC DD 92 8A E9 5D F2 ....U$.8......].
0040: 4F 78 DA 7D A3 35 A1 30 AB 8A D6 A2 8B AE 62 15 Ox...5.0......b.
0050: 66 ED 8E 0D 93 C6 7A 0B 04 CA 00 39 A5 F4 48 15 f.....z....9..H.
0060: 67 C0 57 39 41 72 52 83 9B A4 46 88 A5 AC FB 84 g.W9ArR...F.....
0070: D6 45 6E 05 09 21 02 CF 23 16 D6 BF CB AB 84 30 .En..!..#......0
0080: A3 0F 53 77 82 B8 5C BD F6 3C 19 1D B3 75 FD 38 ..Sw..\..<...u.8
0090: 96 82 46 C9 EA 04 1B 6E 2F 8F 7C 7E 91 BC 1C D7 ..F....n/.......
00A0: 62 F4 82 DF 4F 8E E5 D4 42 4C 57 81 32 84 7B 73 b...O...BLW.2..s
00B0: 8C A8 5C F0 DE 9C 8E 70 E3 01 36 7A 19 82 CB 29 ..\....p..6z...)
00C0: 8D C7 0B 59 04 89 7A 7C 8F C6 43 E7 30 2D 73 ED ...Y..z...C.0-s.
00D0: 1F E9 C4 A2 AD 6A 3B 40 4C 47 F4 58 A8 10 2D 49 .....j;@LG.X..-I
00E0: 63 11 C1 99 09 85 AC 2A 56 49 5F 3C 4B 38 43 1C c......*VI_<K8C.
00F0: 51 C3 2D E5 B5 DD 03 08 FC E2 A5 60 4F C8 25 62 Q.-........`O.%b
]
chain [1] = [
[
Version: V3
Subject: CN=Google Internet Authority G2, O=Google Inc, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 19713895149719550196537065661910573762693934593220985668782860735427060889140793885919063737778303548724916253252606564904177491762533295616984617709378739783748100146882543612565825906799282133510087546060971220666055151463898734279731009956582933624646298029265838127046200538496591314458940937082185029845612274584845875286257057247598474925565775989866310636633768255501748172403430876460228793912189332026189491067186811703150477068536877439284697584041860237489395099402658887745588613142391209024263265842301844868193180477031165936332420984796347731387363914950895491332976177715889375379088870580457661428329
public exponent: 65537
Validity: [From: Fri Apr 05 17:15:55 CEST 2013,
To: Sun Jan 01 00:59:59 CET 2017]
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
SerialNumber: [ 023a76]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4A DD 06 16 1B BC F6 68 B5 76 F5 81 B6 BB 62 1A J......h.v....b.
0010: BA 5A 81 2F .Z./
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e
0010: B8 CA CC 4E ...N
]
]
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://g.symcb.com/crls/gtglobal.crl]
]]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.1]
[] ]
]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[6]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://g.symcd.com]
]
[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 27 8C CF E9 C7 3B BE C0 6F E8 96 84 FB 9C 5C 5D '....;..o.....\]
0010: 90 E4 77 DB 8B 32 60 9B 65 D8 85 26 B5 BA 9F 1E ..w..2`.e..&....
0020: DE 64 4E 1F C6 C8 20 5B 09 9F AB A9 E0 09 34 45 .dN... [......4E
0030: A2 65 25 37 3D 7F 5A 6F 20 CC F9 FA F1 1D 8F 10 .e%7=.Zo .......
0040: 0C 02 3A C4 C9 01 76 96 BE 9B F9 15 D8 39 D1 C5 ..:...v......9..
0050: 03 47 76 B8 8A 8C 31 D6 60 D5 E4 8F DB FA 3C C6 .Gv...1.`.....<.
0060: D5 98 28 F8 1C 8F 17 91 34 CB CB 52 7A D1 FB 3A ..(.....4..Rz..:
0070: 20 E4 E1 86 B1 D8 18 0F BE D6 87 64 8D C5 0A 25 ..........d...%
0080: 42 51 EF B2 38 B8 E0 1D D0 E1 FC E6 F4 AF 46 BA BQ..8.........F.
0090: EF C0 BF C5 B4 05 F5 94 75 0C FE A2 BE 02 BA EA ........u.......
00A0: 86 5B F9 35 B3 66 F5 C5 8D 85 A1 1A 23 77 1A 19 .[.5.f......#w..
00B0: 17 54 13 60 9F 0B E1 B4 9C 28 2A F9 AE 02 34 6D .T.`.....(*...4m
00C0: 25 93 9C 82 A8 17 7B F1 85 B0 D3 0F 58 E1 FB B1 %...........X...
00D0: FE 9C A1 A3 E8 FD C9 3F F4 D7 71 DC BD 8C A4 19 .......?..q.....
00E0: E0 21 23 23 55 13 8F A4 16 02 09 7E B9 AF EE DB .!##U...........
00F0: 53 64 BD 71 2F B9 39 CE 30 B7 B4 BC 54 E0 47 07 Sd.q/.9.0...T.G.
]
chain [2] = [
[
Version: V3
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 27620593608073140957439440929253438012688864718977347268272053725994928948867769687165112265058896553974818505070806430256424431940072485024407486246475597522063246121214348496326377341879755851197260401080498544606788760407243324127929930612201002157618691487713632251700065187865963692723720912135393438861302779432180613616167225206519123176430362410262429702404863434904116727055203524505580952824336979641923534005571504410997292144760317953739063178352809680844232935574095508445145910310675421726257114605895831426222686272114090063230017292595425393719031924942422176213538487957041730136782988405751614792953
public exponent: 65537
Validity: [From: Tue May 21 06:00:00 CEST 2002,
To: Tue Aug 21 06:00:00 CEST 2018]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 12bbe6]
Certificate Extensions: 6
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e
0010: B8 CA CC 4E ...N
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
]
]
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.geotrust.com/crls/secureca.crl]
]]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 2D 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 65 .-https://www.ge
0010: 6F 74 72 75 73 74 2E 63 6F 6D 2F 72 65 73 6F 75 otrust.com/resou
0020: 72 63 65 73 2F 72 65 70 6F 73 69 74 6F 72 79 rces/repository
]] ]
]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[6]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 76 E1 12 6E 4E 4B 16 12 86 30 06 B2 81 08 CF F0 v..nNK...0......
0010: 08 C7 C7 71 7E 66 EE C2 ED D4 3B 1F FF F0 F0 C8 ...q.f....;.....
0020: 4E D6 43 38 B0 B9 30 7D 18 D0 55 83 A2 6A CB 36 N.C8..0...U..j.6
0030: 11 9C E8 48 66 A3 6D 7F B8 13 D4 47 FE 8B 5A 5C ...Hf.m....G..Z\
0040: 73 FC AE D9 1B 32 19 38 AB 97 34 14 AA 96 D2 EB s....2.8..4.....
0050: A3 1C 14 08 49 B6 BB E5 91 EF 83 36 EB 1D 56 6F ....I......6..Vo
0060: CA DA BC 73 63 90 E4 7F 7B 3E 22 CB 3D 07 ED 5F ...sc....>".=.._
0070: 38 74 9C E3 03 50 4E A1 AF 98 EE 61 F2 84 3F 12 8t...PN....a..?.
]
***
http-8090-6, SEND TLSv1 ALERT: fatal, description = certificate_unknown
http-8090-6, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E .......
http-8090-6, called closeSocket()
http-8090-6, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
http-8090-6, called close()
http-8090-6, called closeInternal(true)
What could the the reason for this?
1 answers
solution1
0 2015-03-31 11:55:56
Oh, this was one hell of a ride :-)
I've tracked down the cause of this issue. Another web application messed up SSLSocketFactory and that was the reason why all other applications in that tomcat instance failed.
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(...);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(keyStore);
SSLContext sslctx = SSLContext.getInstance("SSL");
sslctx.init(null, tmf.getTrustManagers(), null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslctx.getSocketFactory());
The fix is to restore original SSLSocketFactory after doing the connection.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Java SSL “valid certification path” on Worklight Adapter
Java Certificate Client SSL: unable to find valid certification path to requested target
Java SSL - InstallCert recognizes certificate, but still “unable to find valid certification path” error?
Java SSL handshake exception - “unable to find valid certification path”
Java error, how do I know which is the missing certificate? “unable to find valid certification path to requested target”
Java 11 SSL exception: unable to find valid certification path to requested target
Automaticly resolve Java SSL errors? - Unable to find valid certification path to requested target
Property quarkus.http.ssl.certificate.key-store-file not working with unable to find valid certification path to requested target
Java unable valid SSL certificate
Intermittent SSL error: unable to find valid certification path to requested target
Related Tags