I want to ignore self attested SSL certificate for testing

583 views
Skip to first unread message

RajAhm

unread,
Nov 30, 2011, 12:18:11 PM11/30/11
to play-framework
Hello

When I run following code,

HttpResponse response = wsu.newRequest("https://10.200.78.132:8080/
auth/v1.0", "utf-8").
setHeader( "X-Auth-User", "rajan").
setHeader("X-Auth-Key", "test").get();


I get exception which indicates that it is not a valid certificate and
I am aware of it

Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:
174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:
318)
... 21 more

Can I circumvent it ?

Thanks
Rajan

Matt Hildebrand

unread,
Nov 30, 2011, 12:25:29 PM11/30/11
to play-fr...@googlegroups.com
Instructing the JRE that hosts Play to trust the certificate should suffice.  The JRE's "keytool" command can arrange this; see the "-importcert" command.  The JRE's default keystore file (and hence the one into which you will want to import the certificate) is JRE_ROOT/lib/security/cacerts.  The default password for this file, which keytool will demand, is "changeit".

-Matt



--
You received this message because you are subscribed to the Google Groups "play-framework" group.
To post to this group, send email to play-fr...@googlegroups.com.
To unsubscribe from this group, send email to play-framewor...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/play-framework?hl=en.


RajAhm

unread,
Nov 30, 2011, 3:03:55 PM11/30/11
to play-framework
Thanks Matt.

I have added certificate and it has progressed further..but I am
getting following exception..Thanks in advance I appreciate it

Caused by: java.security.cert.CertificateException: No subject
alternative names present
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:
142)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:75)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:
264)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:
250)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:
1185)
... 15 more


Regards
Rajan

Matt Hildebrand

unread,
Nov 30, 2011, 3:21:00 PM11/30/11
to play-fr...@googlegroups.com
Hi Rajan -- The exception indicates that the host name does not match the subject of the certificate.  In other words, your application is attempting to connect to host "X", but the server is presenting an SSL certificate that was not apparently issued for host "X".  Further info is available on the web, notably here:

-Matt

RajAhm

unread,
Nov 30, 2011, 6:31:00 PM11/30/11
to play-framework
Thanks Matt. I appreciate it.

Regards
Rajan

On Nov 30, 12:21 pm, Matt Hildebrand <matt.hildebr...@gmail.com>
wrote:


> Hi Rajan -- The exception indicates that the host name does not match the
> subject of the certificate.  In other words, your application is attempting
> to connect to host "X", but the server is presenting an SSL certificate
> that was not apparently issued for host "X".  Further info is available on

> the web, notably here:http://stackoverflow.com/questions/3622788/self-signed-certificates-j...

Reply all
Reply to author
Forward
0 new messages