CODEWITHSUNDEEP
javafirefoxsslhttps
user4052054
user4052054

Reputation: 378

Java rejects ssl certificate, but Firefox accepts it

I have this code:

URL url = new URL("https://berlinbuzzwords.de/sites/berlinbuzzwords.de/files/media/documents/julien_nioche-low_latency_scalable_web_crawling_on_apache_storm.pdf");
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.connect();

and it fails with 

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I know I can add the certificate to the JVM and solve this problem, but Firefox accepts this url, and even says it is secure. So, why does this happen? Is it okay to add the certificate if Firefox accepts it?

Upvotes: 0

Views: 205

Answers (1)

Steffen Ullrich
Steffen Ullrich

Reputation: 123380

If you analyze this site with SSLLabs it looks mostly fine. But one of the information might be important:

This site works only in browsers with SNI support.

If you use a software which does not support Server Name Indication (SNI) it will instead return a certificate for www.re-publica.de and also fails to include the necessary intermediate certificates. Thus the validation fails.

My guess is that you are using a version of Java which does not support SNI yet (like Java 6).

Another option would be that the necessary root CA is not installed. The ultimate trust anchor for this certificate is StartCom Certification Authority, which you can download here.

Upvotes: 1

Related Questions