If you have troubles connecting to https site, the issue might be with certs. In order to test that, use this handy SSLPoke (https://gist.github.com/krinkere/8a4b526cf37a66261a7f560d81078cdb)
java SSLPoke server 443
you should get something like when connection is unsucessful
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
In order to install cert
openssl s_client -connect server:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/server.crt
The cert was saved into /tmp/server.crt. Now let's add it to the keystore of Java
/jre/bin/keytool -import -alias server -keystore /jre/lib/security/cacerts -file server.crt
See the list of certs: /jre/bin/keytool -list -v -keystore /jre/lib/security/cacerts
positive test cert / keytool:
java SSLPoke server 443
you should get this:
Successfully connected
No comments:
Post a Comment