javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate- Java Error

Question

Can someone please tell what is really going on here?. I am trying to establish an SSL connection to a Server. after running my application with the Djavax.ne.debug command, i get this.

C:\Inetpub\asp\AbujaElectricityAdapter\AEDCJava>java -Djavax.net.debug=ssl BankC
ollectSSLCon
Trying to connect to Ontech
adding as trusted cert:
  Subject: CN=Asif Hassan, OU=TSS, O=ONtec, L=CPT, ST=WP, C=ZA
  Issuer:  CN=Asif Hassan, OU=TSS, O=ONtec, L=CPT, ST=WP, C=ZA
  Algorithm: DSA; Serial number: 0x31d201e4
  Valid from Tue Feb 14 08:22:37 WAT 2017 until Fri Feb 12 08:22:37 WAT 2027

adding as trusted cert:
  Subject: CN=Obafemi Omotayo, OU=Software Development, O=AEDC, L=Wuse, ST=Abuja
, C=NG
  Issuer:  CN=Obafemi Omotayo, OU=Software Development, O=AEDC, L=Wuse, ST=Abuja
, C=NG
  Algorithm: DSA; Serial number: 0x7b983874
  Valid from Tue Feb 21 16:06:55 WAT 2017 until Sat Jan 18 16:06:55 WAT 2042

trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for T
LSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLS
v1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TL
Sv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv
1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for T
LSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLS
v1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TL
Sv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv
1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1470987136 bytes = { 136, 110, 117, 78, 31, 172, 80, 106, 19
8, 65, 237, 76, 52, 71, 214, 1, 99, 51, 108, 117, 187, 48, 209, 136, 139, 111, 2
01, 200 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_
128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC
_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA2
56, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, T
LS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_
WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_12
8_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SH
A256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TL
S_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_
DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_
ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3
DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_ED
E_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
 TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp19
2r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1
, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, s
ect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512wit
hRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224with
ECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
***
main, WRITE: TLSv1.2 Handshake, length = 193
main, READ: TLSv1.2 Handshake, length = 1581



*** ServerHello, TLSv1.2





RandomCookie:  GMT: 1470987140 bytes = { 51, 89, 182, 239, 215, 20, 88, 6, 1, 16
8, 210, 16, 185, 178, 162, 92, 226, 31, 126, 76, 85, 141, 129, 179, 137, 95, 125
, 162 }
Session ID:  {88, 173, 124, 132, 238, 101, 132, 241, 144, 29, 179, 161, 98, 67,
162, 193, 186, 215, 96, 116, 162, 68, 247, 117, 156, 47, 154, 79, 235, 96, 73, 2
05}
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256]
** TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=Asif Hassan, OU=TSS, O=ONtec, L=CPT, ST=WP, C=ZA
  Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3

  Key:  Sun DSA Public Key
    Parameters:DSA
        p:     fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6
512669
    455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
    6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
    83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
        q:     9760508f 15230bcc b292b982 a2eb840b f0581cf5
        g:     f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d
078267
    5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
    3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
    cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b fecf492a

  y:
    144715b2 d033c1e9 0cdab863 f2272660 833a95e4 fe3443cc 74508df6 b9655c8f
    9209939a 6f1616b3 46e03eb6 77a55cfb d062c204 5379d9ed b1194c03 9baa385a
    6fe7f0bd 77c06cef ea4c2557 324c9a09 4bc35b18 e3a19c76 5952350c a0038fd9
    015ec0ff a4747bac d37502de b74ad16f ba67b31e 5fb6c1c4 0dbcfbec 14247107

  Validity: [From: Tue Feb 14 08:22:37 WAT 2017,
               To: Fri Feb 12 08:22:37 WAT 2027]
  Issuer: CN=Asif Hassan, OU=TSS, O=ONtec, L=CPT, ST=WP, C=ZA
  SerialNumber: [    31d201e4]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C0 E6 F4 7F CD 91 A4 0A   F4 A3 89 7B B5 71 2F 90  .............q/.
0010: 5A E8 19 9D                                        Z...
]
]

]
  Algorithm: [SHA1withDSA]
  Signature:
0000: 30 2C 02 14 45 3B 91 D3   91 9B A0 B8 5B 3C 47 78  0,..E;......[<Gx
0010: 5B CD D8 AC 70 86 27 70   02 14 50 0A 06 43 1F 64  [...p.'p..P..C.d
0020: 3D 18 8C D5 B3 04 41 5A   CA C7 48 B5 BC 49        =.....AZ..H..I

]
***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=Asif Hassan, OU=TSS, O=ONtec, L=CPT, ST=WP, C=ZA
  Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3

  Key:  Sun DSA Public Key
    Parameters:DSA
        p:     fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6
512669
    455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
    6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
    83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
        q:     9760508f 15230bcc b292b982 a2eb840b f0581cf5
        g:     f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d
078267
    5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
    3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
    cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b fecf492a

  y:
    144715b2 d033c1e9 0cdab863 f2272660 833a95e4 fe3443cc 74508df6 b9655c8f
    9209939a 6f1616b3 46e03eb6 77a55cfb d062c204 5379d9ed b1194c03 9baa385a
    6fe7f0bd 77c06cef ea4c2557 324c9a09 4bc35b18 e3a19c76 5952350c a0038fd9
    015ec0ff a4747bac d37502de b74ad16f ba67b31e 5fb6c1c4 0dbcfbec 14247107

  Validity: [From: Tue Feb 14 08:22:37 WAT 2017,
               To: Fri Feb 12 08:22:37 WAT 2027]
  Issuer: CN=Asif Hassan, OU=TSS, O=ONtec, L=CPT, ST=WP, C=ZA
  SerialNumber: [    31d201e4]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C0 E6 F4 7F CD 91 A4 0A   F4 A3 89 7B B5 71 2F 90  .............q/.
0010: 5A E8 19 9D                                        Z...
]
]

]
  Algorithm: [SHA1withDSA]
  Signature:
0000: 30 2C 02 14 45 3B 91 D3   91 9B A0 B8 5B 3C 47 78  0,..E;......[<Gx
0010: 5B CD D8 AC 70 86 27 70   02 14 50 0A 06 43 1F 64  [...p.'p..P..C.d
0020: 3D 18 8C D5 B3 04 41 5A   CA C7 48 B5 BC 49        =.....AZ..H..I

]
*** Diffie-Hellman ServerKeyExchange
DH Modulus:  { 253, 127, 83, 129, 29, 117, 18, 41, 82, 223, 74, 156, 46, 236, 22
8, 231, 246, 17, 183, 82, 60, 239, 68, 0, 195, 30, 63, 128, 182, 81, 38, 105, 69
, 93, 64, 34, 81, 251, 89, 61, 141, 88, 250, 191, 197, 245, 186, 48, 246, 203, 1
55, 85, 108, 215, 129, 59, 128, 29, 52, 111, 242, 102, 96, 183, 107, 153, 80, 16
5, 164, 159, 159, 232, 4, 123, 16, 34, 194, 79, 187, 169, 215, 254, 183, 198, 27
, 248, 59, 87, 231, 198, 168, 166, 21, 15, 4, 251, 131, 246, 211, 197, 30, 195,
2, 53, 84, 19, 90, 22, 145, 50, 246, 117, 243, 174, 43, 97, 215, 42, 239, 242, 3
4, 3, 25, 157, 209, 72, 1, 199 }
DH Base:  { 247, 225, 160, 133, 214, 155, 61, 222, 203, 188, 171, 92, 54, 184, 8
7, 185, 121, 148, 175, 187, 250, 58, 234, 130, 249, 87, 76, 11, 61, 7, 130, 103,
 81, 89, 87, 142, 186, 212, 89, 79, 230, 113, 7, 16, 129, 128, 180, 73, 22, 113,
 35, 232, 76, 40, 22, 19, 183, 207, 9, 50, 140, 200, 166, 225, 60, 22, 122, 139,
 84, 124, 141, 40, 224, 163, 174, 30, 43, 179, 166, 117, 145, 110, 163, 127, 11,
 250, 33, 53, 98, 241, 251, 98, 122, 1, 36, 59, 204, 164, 241, 190, 168, 81, 144
, 137, 168, 131, 223, 225, 90, 229, 159, 6, 146, 139, 102, 94, 128, 123, 85, 37,
 100, 1, 76, 59, 254, 207, 73, 42 }
Server DH Public Key:  { 186, 117, 208, 124, 95, 6, 63, 209, 125, 175, 168, 243,
 5, 251, 134, 91, 224, 137, 114, 22, 96, 151, 54, 126, 81, 23, 6, 112, 92, 101,
126, 245, 78, 144, 40, 122, 225, 29, 59, 126, 208, 14, 51, 103, 105, 169, 229, 8
9, 19, 200, 181, 42, 90, 36, 73, 208, 145, 243, 35, 156, 245, 143, 155, 159, 17,
 201, 46, 174, 195, 166, 134, 181, 114, 192, 100, 90, 172, 199, 125, 241, 130, 9
5, 134, 103, 21, 140, 51, 168, 95, 35, 199, 60, 76, 127, 23, 90, 125, 141, 10, 2
32, 44, 210, 156, 235, 77, 80, 232, 69, 229, 203, 20, 236, 113, 0, 30, 161, 223,
 61, 46, 185, 10, 16, 73, 116, 82, 106, 186, 55 }
Anonymous
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA,
 SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA,
SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Cert Authorities:
<CN=Obafemi Tayo, OU=Software Development, O=AEDC, L=ABUJA, ST=ABUJA, C=NG>
<CN=Asif Hassan, OU=TSS, O=ONtec, L=CPT, ST=WP, C=ZA>
*** ServerHelloDone
Warning: no suitable certificate found - continuing without client authenticatio
n
*** Certificate chain
<Empty>
***
*** ClientKeyExchange, DH
DH Public key:  { 247, 224, 134, 253, 178, 159, 138, 122, 95, 253, 98, 90, 25, 6
1, 201, 186, 85, 23, 168, 34, 162, 127, 81, 26, 233, 175, 7, 179, 246, 83, 124,
31, 75, 71, 217, 2, 252, 142, 86, 110, 124, 153, 217, 90, 34, 154, 141, 20, 13,
114, 145, 103, 174, 183, 98, 39, 179, 41, 97, 162, 176, 169, 3, 128, 114, 112, 1
9, 53, 245, 142, 149, 185, 137, 45, 221, 13, 176, 27, 191, 96, 145, 200, 230, 25
3, 174, 155, 98, 80, 142, 124, 183, 75, 197, 227, 60, 104, 33, 54, 102, 217, 214
, 149, 152, 54, 25, 188, 154, 34, 203, 162, 223, 254, 100, 128, 5, 191, 8, 147,
35, 87, 134, 26, 36, 207, 224, 246, 171, 147 }
main, WRITE: TLSv1.2 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 96 CB 24 A4 43 8D 48 91   1F E9 E6 0E 2D 8C 56 F2  ..$.C.H.....-.V.
0010: AC F8 00 41 8F C1 FC A8   70 43 22 54 0E D3 74 D3  ...A....pC"T..t.
0020: 7D 17 FD A2 B4 68 06 E7   62 A0 16 E2 66 F9 CD 81  .....h..b...f...
0030: 95 7E A5 4D D9 15 8A 14   C2 D5 3A CA EC 89 24 5C  ...M......:...$\
0040: 2A 95 A5 0C 49 4A 0E 50   5C 39 8C 6B DB 22 79 ED  *...IJ.P\9.k."y.
0050: 76 1C 8B CD 9A 98 AE A3   44 C6 D7 39 FB C3 A8 F7  v.......D..9....
0060: B2 9A 3E 5A 62 3B F7 46   A8 B6 39 5E 59 88 09 96  ..>Zb;.F..9^Y...
0070: 35 33 D7 78 D6 C3 E3 50   A6 26 00 F8 3B 7D 67 85  53.x...P.&..;.g.
CONNECTION KEYGEN:
Client Nonce:
0000: 58 AD 7C 80 88 6E 75 4E   1F AC 50 6A C6 41 ED 4C  X....nuN..Pj.A.L
0010: 34 47 D6 01 63 33 6C 75   BB 30 D1 88 8B 6F C9 C8  4G..c3lu.0...o..
Server Nonce:
0000: 58 AD 7C 84 33 59 B6 EF   D7 14 58 06 01 A8 D2 10  X...3Y....X.....
0010: B9 B2 A2 5C E2 1F 7E 4C   55 8D 81 B3 89 5F 7D A2  ...\...LU...._..
Master Secret:
0000: 57 45 80 87 C2 97 FF 71   E9 D9 0E E6 07 15 99 22  WE.....q......."
0010: 8F E6 52 1C 20 44 0D 86   4D 32 26 DA 00 A1 34 3F  ..R. D..M2&...4?
0020: DC 8D 14 DD AF 3F CE 72   89 8E C6 6D 19 1B 8A BB  .....?.r...m....
Client MAC write Secret:
0000: C9 DE 5D D5 E6 3F E1 99   73 5B CD E3 48 8B 9C EB  ..]..?..s[..H...
0010: 61 60 C8 DD F7 2A 01 36   5B 63 89 9C A2 38 23 EE  a`...*.6[c...8#.
Server MAC write Secret:
0000: 41 B8 54 79 FB 83 BB CB   7D 24 B3 6E E6 40 91 7D  A.Ty.....$.n.@..
0010: 7B DB 26 9C CD 27 2D F0   20 CD C7 47 B5 E9 FC 0D  ..&..'-. ..G....
Client write key:
0000: D2 85 C4 4B D0 90 60 C7   BF 89 A7 06 45 89 26 BA  ...K..`.....E.&.
Server write key:
0000: 06 F9 E4 7F AB F8 49 07   C1 71 06 2B 42 96 74 04  ......I..q.+B.t.
... no IV derived for this protocol
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 124, 167, 126, 187, 213, 206, 195, 199, 116, 220, 223, 149 }
***
main, WRITE: TLSv1.2 Handshake, length = 80
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT:  fatal, bad_certificate
%% Invalidated:  [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256]
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal al
ert: bad_certificate
Connection Failed

Can someone please look at this debug trace and tell me what is really going on between my client and the server. am kinda new to SSL programming.

Thanks

Answer 1

You're using a self signed certificate and it is not trusted. To get it work, your code should trust this. You can do it by adding it to trust store or by trusting all certificates and removing host validation.

This gives an example of how to trust all certificates - not recommended for a production code, but good enough for experiments and learning.

And this can teach you how to import one certificate to Java trust store.

Even if you import certificate to trust store, you still need to ignore host name validation as your cert is issued to "Asif Hassan" while your host name is: "Ontech" . Below code from first link is needed.

sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);