Simple Java Web Service client over HTTPS

Question

Hi all,

I am connecting to a simple XML over HTTPS web service and getting a security exception. My question is whether you think the cause of this is the cert on the web server, so I should talk to the server admin or if my client code should be handling this. I would love to hear if anyone has encountered and solved this issue. Is the solution found on client side or server side? Below is the exception.

Caused by: sun.security.validator.ValidatorException: Violated path length constraints
at sun.security.validator.SimpleValidator.checkBasicConstraints(SimpleValidator.java:243)
at sun.security.validator.SimpleValidator.checkExtensions(SimpleValidator.java:158)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:143)
at sun.security.validator.Validator.validate(Validator.java:202)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA12275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)

Thanks for any advice.

Answer 1

From the stack trace, I would guess that it's a problem with the server's certificate (the trace originates from "checkServerTrusted" calls). You might want to try connecting to the URL with a web browser such as Firefox to see if you get an SSL error with more details.

Answer 2

It's probably worth testing the client side first with openssl

openssl s_client -connect yourserver.com:443

Check out the man page for further options.

What happens when you access it with a web browser? Firefox should provide you quite some information on the server cert.

While it does not seem like you after client cert authentication this examples does show you how to use a custom SSLSocketFactory. It can also be set statically - if you don't have access to the connection.