SSL Connection from Java client

Question

I'm creating a Java client program that will be sending sensitive information to a Tomcat server. So I need to use SSL Connection so information will be encrypted.

I need to use self-signed untrusted certificate but having problems making connection from java client.

I have successfully setup Tomcat 5.5 to use SSL and tested it through Firefox, which displays warning of self-signed certificate.

I followed the Tomcat 5.5 SSL setup and they mentioned to create a keystore:

keytool -genkey -alias tomcat -keyalg RSA

Then I did an export of the above:

keytool -export -keystore .keystore -alias tomcat -file localhost.cer

Then I did an import of the above certificate into client machine:

keytool -import -alias tomcat -file localhost.cer -keystore "C:\Program Files"\Java\jdk1.6.0_17\jre\lib\security\cacerts"

But when running client I get:

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This is the client code:

URL url = new URL("https://localhost:8443");
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(sslsocketfactory);
InputStream inputstream = conn.getInputStream();

Now I just started playing with these certificates today and I'm new to keystores, so please be patient.

Can someone please explain how to export and import the certificate created in Tomcat to client machine?

Thank you.

Answer 1

Atlassian has good instructions on how to fix this.

http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services

Another approach is to install less unforgiving certificate validators, but that should only be done as a last resort.