Thursday, December 19, 2013

Java : Unable to generate SAMLArt for HTTPS from Java

Unable to Create SAMLArt for https from Java:

The error was 

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetcom.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
java.io.BufferedOutputStream.flushBuffer(Unknown Source)

java.io.BufferedOutputStream.flush(Unknown Source)

Explanation about the issue :
  • The issue is because of certificate unavailability in keystore of the server. 
  • one can view the keystore contents from the command prompt. This command has to be executed from "%JAVA_HOME%/jre/bin path

    keytool -list -keystore "%JAVA_HOME%/jre/lib/security/cacerts"
  • The certificate must be available in the list provided from the above, to confirm there will be an entry with Fingerprint (MD5) value which should be identical of Fingerprint (MD5) value of the certificate.
  • Properties of the certificate can be visible from webserver.
  • If the certificate is not visible then one has to manually import the certificate using keytool commands.

    keytool -import -noprompt -trustcacerts -alias <AliasName> -file <certificate> -keystore <KeystoreFile> -storepass <Password>
  • One can list the keystore contents using the command mentioned in the above points, now the certificate has to be available.
  • Once this is done then World Wide Web has to be restarted to effect the change.
Entire details on how to set up https successfully will be found the document below


No comments:

Post a Comment