Home
> Java > Avoiding the “javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed” error
Avoiding the “javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed” error
This post has moved here: http://javaskeleton.blogspot.com/2011/01/avoiding-sunsecurityvalidatorvalidatore.html
Categories: Java
https, ssl, SSLHandshakeException, ValidatorException
Thanks for sharing this!
One question:
Will this trust all servers ONLY in this class? Or does it affect everything running in the same JVM?
Hi Arne,
This will affect all newly created SSL Sockets in the JVM. If you only want to apply it to one connection, you can use the setSSLSocketFactory method on the HttpsURLConnection class instead. I don’t think there’s a way to just tie it to one class.
Thanks for your answer. Thats exactly what i’m looking for. I have one connection i’d want to bypass the certificate validation.
I took a look at the setSSLSocketFactory and the SSLSocketFactory, but with my limited skills im unable to pinpoint exactly what needs to be set for it to do what i want.
If you’d like to point me even further in the right direction, that would be great!
Thanks
Sure, it’s actually just one line that needs to be changed. The line
SSLContext.setDefault(ctx);
needs to be removed, since this sets the default for ALL new sockets.
You will need to add the following line instead:
conn.setSSLSocketFactory(ctx.getSocketFactory());
this will get a socket factory from the context you initialized and apply it only to that one connection. Here’s the final code:
public static void main(String[] args) throws NoSuchAlgorithmException, KeyManagementException, MalformedURLException, IOException {
X509TrustManager tm = new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkServerTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString) throws CertificateException {
}
@Override
public void checkClientTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString) throws CertificateException {
}
};
SSLContext ctx = SSLContext.getInstance(“TLS”);
ctx.init(null, new TrustManager[] { tm }, null);
HttpsURLConnection conn = (HttpsURLConnection) new URL(“serverAddress:port”).openConnection();
conn.setSSLSocketFactory(ctx.getSocketFactory());
conn.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String paramString, SSLSession paramSSLSession) {
return true;
}
});
conn.connect();
}
Thanks Mathias!
This works perfectly.