Security Network - Connect to SSL Server Failed with Invalid Certificate

Connect to SSL Server Failed with Invalid Certificate

Q

Why am I getting the ValidatorException error when connecting to an SSL server?

✍: FYIcenter

A

You are getting a ValidatorException error when connecting to an SSL server, because the server certificate can not be trusted for one of the following possible reasons:

The root CA of the server certificate is unknown.
The server certificate has been expired.
Many other reasons.

You can play with SslServerCmd.java and SslClientCmd.java given in previous tutorials to see the ValidatorException error:

1. Open a command window and run SslServerCmd.java on your local host:

\fyicenter>\local\jdk-1.8.0\bin\java SslServerCmd

USAGE: java SslServerCmd [port [clientAuth]]
Listening: port=8080, clientAuth=No

2. Open another command window and run SslClientCmd.java on your local host:

\fyicenter>\local\jdk-1.8.0\bin\java SslServerCmd

Exception in thread "main" javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target
   at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
   at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
...

In this case, the server certificate is signed by yourself as the root CA. The client program SslServerCmd.java cannot trust it, because the root CA in not listed in the default trusted root CA list.

Owner: CN=fyicenter.com, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR
Issuer: CN=fyicenter.com, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR

⇒Examples for jsse.jar - Java Secure Socket Extension

⇒⇒FAQ for jsse.jar - Java Secure Socket Extension

2018-06-27, 550👍, 0💬

SslServerCmd.java - SSL Server Command Example
How to create an SSL server program to run like a command? In order to create an SSL server program, you need to do the following: 1. Load the keystore file that contains the server certificate. Remember to specify the keystore password as shown below: KeyStore ks = KeyStore.getInstance("JKS"); ks.l... 2018-06-27, 651👍, 0💬

What Is Client Certificate Authentication
What Is Client Certificate Authentication? Client Certificate Authentication is an extra layer of security protection added to the normal SSL socket communication. In a normal SSL socket communication: The client is asking for the server to show server certificate. The client validates the server ce... 2018-06-27, 613👍, 0💬

Connect to SSL Server Failed with Invalid Certificate
Why am I getting the ValidatorException error when connecting to an SSL server? You are getting a ValidatorException error when connecting to an SSL server, because the server certificate can not be trusted for one of the following possible reasons: The root CA of the server certificate is unknown. ... 2018-06-27, 551👍, 0💬

Create SSL Server Certificate with "keytool"
How to create an SSL Server Certificate with JDK "keytool"? I want to run a SSL socket server program. "keytool" from the JDK package is a nice tool to create public and private key pairs. It also allows you that create self-sign server certificates that you can use as SSL server certificates. Here ... 2018-06-27, 526👍, 0💬

All rights in the contents of this web site are reserved by the individual author. FYIcenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.