How to Solve Javax.Net.Ssl.Sslhandshakeexception Error

How to solve javax.net.ssl.SSLHandshakeException Error?

First, you need to obtain the public certificate from the server you're trying to connect to. That can be done in a variety of ways, such as contacting the server admin and asking for it, using OpenSSL to download it, or, since this appears to be an HTTP server, connecting to it with any browser, viewing the page's security info, and saving a copy of the certificate. (Google should be able to tell you exactly what to do for your specific browser.)

Now that you have the certificate saved in a file, you need to add it to your JVM's trust store. At $JAVA_HOME/jre/lib/security/ for JREs or $JAVA_HOME/lib/security for JDKs, there's a file named cacerts, which comes with Java and contains the public certificates of the well-known Certifying Authorities. To import the new cert, run keytool as a user who has permission to write to cacerts:

keytool -import -file <the cert file> -alias <some meaningful name> -keystore <path to cacerts file>

It will most likely ask you for a password. The default password as shipped with Java is changeit. Almost nobody changes it. After you complete these relatively simple steps, you'll be communicating securely and with the assurance that you're talking to the right server and only the right server (as long as they don't lose their private key).

How to fix javax.net.ssl.SSLHandshakeException even though i have already added the certificate

The issue is a couple of things first to fix the javax.net.ssl.SSLHandshakeException error you have to remove TLSV1 from the java.security file like harry was explaining above. Then you have to add the activation.jar file to your dependencies and it will work. If this didn't work try to follow these instructions

Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?

You need to add the certificate for App2 to the truststore file of the used JVM located at $JAVA_HOME\lib\security\cacerts.

First you can check if your certificate is already in the truststore by running the following command:
keytool -list -keystore "$JAVA_HOME/jre/lib/security/cacerts" (you don't need to provide a password)

If your certificate is missing, you can get it by downloading it with your browser and add it to the truststore with the following command:

keytool -import -noprompt -trustcacerts -alias <AliasName> -file   <certificate> -keystore <KeystoreFile> -storepass <Password>

Example:

keytool -import -noprompt -trustcacerts -alias myFancyAlias -file /path/to/my/cert/myCert.cer -keystore /path/to/my/jdk/jre/lib/security/cacerts/keystore.jks -storepass changeit

After import you can run the first command again to check if your certificate was added.

Sun/Oracle information can be found here.

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException error

Your client sits behind a firewall and does HTTPS-requests through a proxy that is dynamically generating SSL-certificates for the sites being contacted in order to eavsdrop on the data being exchanged. You can see that by the issuer of the "Google-certificate" you're checking:

Issuer: C=DE, CN=AXA-DE-Proxy-Issuing-CA17, OU=IF-NDSG, O=AXA Technology Services Germany

Java has its own root-CA-keystore where standard certificate checks are looking for trusted root CAs and your eavsdropper's root certificate is obviously missing there.

To get rid off this error and let the java client falsely assume that the certificate is signed by a trusted CA, you need to add the CAs root certificate to the root keystore of Java. Another solution is to establish the SSL-connection using your own TrustManager. You do that by using your own SSLContext where you set trust- and keymanagers yourself.

The former needs to be done with every Java installation, the latter works within in the application.

---

Related Topics