Java Client Certificates over HTTPS/SSL
When establishing HTTPS connections with remote servers, there may be scenarios where you need to present a client certificate for authentication. This requires the server's root certificate to be imported into a truststore, and the client certificate with its password to be configured correctly.
To overcome the javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed issue, you must import the server's root certificate into a truststore using the following command:
keytool -import -alias gridserver -file gridserver.crt -storepass $PASS -keystore gridserver.keystore
Next, set the following properties to specify the keystore and truststore information:
-Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.keyStore=clientcertificate.p12 -Djavax.net.ssl.trustStore=gridserver.keystore -Djavax.net.debug=ssl # very verbose debug -Djavax.net.ssl.keyStorePassword=$PASS -Djavax.net.ssl.trustStorePassword=$PASS
With this configuration, you can create an HttpsURLConnection and set the SSLSocketFactory to handle client certificate verification:
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
URL url = new URL("https://gridserver:3049/cgi-bin/ls.py");
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(sslsocketfactory);From there, you can read the response from the HTTPS connection as desired.
The above is the detailed content of How to Resolve javax.net.ssl.SSLHandshakeException When Using Java Client Certificates with HTTPS?. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
