How do I import a certificate with a Java HttpsURLConnection

Question

I want to access a webservice hosted over https from Websphere Application Server. I am using the following way to make the https connection.

  HttpsURLConnection connection= (HttpsURLConnection) new URL(wcfUrl).openConnection();
  connection.setDoOutput(true);
  connection.setDoInput(true);
  connection.setAllowUserInteraction(false);
  connection.setInstanceFollowRedirects(false);
  connection.setRequestMethod("POST");
  connection.setRequestProperty("foo",userId );
  connection.setRequestProperty("bar", pwd);
  connection.setRequestProperty("Content-Type","application/xml");
  connection.connect(); 

When I try to run this code I get the following error *com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error * After I imported the signer certificate in my local server(As explained in this link http://pic.dhe.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=%2Fcom.ibm.websphere.base.doc%2Finfo%2Faes%2Fae%2Ftsec_sslretrievesignersport.html) I was able to to connect to the remote server (where the service is deployed over https). Can I do the same thing through java code without importing the signer certificate?

Answer 1

You don't. You can't import data designed to verify the security of the connection over the connection whose security you're trying to verify. It doesn't make sense. The certificate has to be imported offline. Otherwise you are just creating security breaches.