Web service using SSL
Using web services with Javais really easy, that is until you start using SSL to secure them. In a recent application I was developing I needed to access a web service that used SSL from a JSE Wing client. The certificate was bought, server set up and when I connected...
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Marvellous! After spending some time in Google I found the error was raised because the JVM was unable to recognize the certificate as a valid one. The only solution was to create a keystore where I would save the certificate for the application, which I achieved with the steps explained in this post. We will use the installcert code to generate the local keystore. We compile the code and then run:
java InstallCert www.domain.com
first time it will show us one error (the mentioned SSLHandshakeException) and ask us if we want to add that certificate to the keystore. Once added we can run the program again to see that instead of the error it tells us the certificate has been recognised. Once done, copy the generated file (jssecacerts) to a folder of your application (I chose conf folder). Then add this line on your application:
System.setProperty("javax.net.ssl.trustStore", "conf/jssecacerts");
this will register our keystore with the application and allow Java to acknowledge the certificate. This approach has one obvious inconvenient: if the certificate changes like it will when renewed, we will need to register it again in our local keystore, which is not ideal, but at least solves the issue temporally.
