SSL connection from Java

Question

I am trying to make a test SSL connection using the following Java code:

String httpsURL = "https://www.somehost.com";
URL myurl = new URL(httpsURL);
HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection();

InputStream ins = con.getInputStream();
InputStreamReader isr=new InputStreamReader(ins);
BufferedReader in =new BufferedReader(isr);

String inputLine;

while ((inputLine = in.readLine()) != null)
    System.out.println(inputLine);

in.close();

When I connect to Host A everything works fine - the connection is made and the response is received.

However when I connect to Host B, which is secured by a certificate that is issued by the same authority as Host A's, I receive the following exception:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Everything that I have read so far suggests that I need to install the certificates in my keystore, however if that were the solution then why does Host A work whilst Host B doesn't?

As a probably unhelpful aside - if I write a similar piece of C# code then the connection is successfully negotiated for both Hosts A and B - the same applies for navigating to the URL in the browser.

Answer 1

Can you explain what is "host A" and "host B" ? are they different URLs? You stated

the same applies for navigating to the URL in the browser

Did you ever add the certificate in your browser's trusted store? If so, your browser will never show an error.

Answer 2

Most likely causes are,

1. The Host B uses a self-signed certificate.
2. The certificate is signed by CA which is not in your trust store.
3. The cert is signed with an intermediate cert but Host B is misconfigured so it doesn't send the server cert with intermediate cert.

For #1, #2, you need to import the cert or the CA cert into your trust store.

For #3, tell host B to send the intermediate cert.