Accommodate HTTPS Connections in HttpURLConnection

Question

I am using HttpURLConnection to do POST requests.

I read HttpsURLConnection extends HttpURLConnection with support for https-specific features such as SSL

If HttpsURLConnection use same methods in HttpURLConnection(parent class), it super calls the methods from HttpURLConnection.

        URL url = new URL(callBackUrl);
        HttpURLConnection connection = (HttpURLConnection) url.openConnection();
        connection.setDoInput(true);
        connection.setDoOutput(true);
        connection.setConnectTimeout(setConnectTimeout);
        connection.setReadTimeout(setConnectTimeout);
        connection.setRequestMethod("POST");
        connection.setRequestProperty("Content-Type", "application/json; charset=UTF-8");

        OutputStreamWriter os = new OutputStreamWriter(connection.getOutputStream());
        os.write(data.toString());

        os.flush();
        os.close();

        if (connection.getResponseCode() == HttpURLConnection.HTTP_OK) {
            BufferedReader br = new BufferedReader(new InputStreamReader((connection.getInputStream())));

            while ((output = br.readLine()) != null) {
                stringBuffer.append(output);

            }
        }

However, when I use a HTTPS Url, I keep getting the error below;

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_181]
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964) ~[na:1.8.0_181]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328) ~[na:1.8.0_181]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) ~[na:1.8.0_181]

Question, how do I handle both SSL and non SSL connection as is the case in PHP where when using CURL, you set ignore SSL check

curl_setopt($cHandler, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($cHandler, CURLOPT_SSL_VERIFYPEER, true);

I am on Linux, Spring framework and TomCat Web Server.

Anyone?

Answer 1

For the HTTPS things to work first, you would need to add your SSL Certificate into your Java's trust store... For that, you'll have to follow the following steps:

Generally your truststore file of the used JVM would be located at %JAVA_HOME%\\lib\\security\\cacerts .

You might first take a look if your certificate is already added to the truststore by running the following command:

keytool -list -keystore "%JAVA_HOME%/jre/lib/security/cacerts"

Once you confirm that it is not added to your Java trust store, you can use the following command to add it:

keytool -import -noprompt -trustcacerts -alias <AliasName> -file   <certificate> -keystore <KeystoreFile> -storepass <Password>

Once the following steps are done, you should be able to run your program without running into your HTTPS related issues.

Hope that helps!

EDIT-1 : The above method helps adding an SSL Certificate on a Windows environment. Please check the following article for a Linux variant...