Reputation: 543
I installed OpenJDK 10. What I did was just unpack it, set the PATH variable and the JAVA_HOME variable.
Java even rejects the certificate of google.de (and all others I tried). I tested this by some dummy class that tries to connect. Outcome is:
C:\Users\Alexander\Downloads>java SSLPoke google.de 443
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:290)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:343)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:226)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:133)
at java.base/sun.security.ssl.ClientHandshaker.checkServerCerts(ClientHandshaker.java:1947)
at java.base/sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1777)
at java.base/sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:264)
at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1098)
at java.base/sun.security.ssl.Handshaker.processRecord(Handshaker.java:1026)
at java.base/sun.security.ssl.SSLSocketImpl.processInputRecord(SSLSocketImpl.java:1137)
at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1074)
at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at java.base/sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1402)
at java.base/sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:733)
at java.base/sun.security.ssl.AppOutputStream.write(AppOutputStream.java:67)
at java.base/sun.security.ssl.AppOutputStream.write(AppOutputStream.java:81)
at SSLPoke.main(SSLPoke.java:31)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 18 more
Found a lot on the net how to add special certs to java but i think in my java installation something is wrong in general.
So my question is what could cause such a thing???
Upvotes: 4
Views: 2443
Reputation: 44980
You should verify root certificates inside the cacerts
keystore. The file is stored in JAVA_HOME/jre/lib/security/cacerts
(or JAVA_HOME/lib/security/cacerts
in newer Java versions). As per OpenJDK 10 Now Includes Root CA Certificates post you can use keytool
command to count them:
>jdk-10\bin\keytool -cacerts -list | find "Certificate" /c
Enter keystore password: changeit
80
Most likely your Java installation is corrupted and you should reinstall. Do note that OpenJDK is provided by multiple vendors and it could be that you are using an installer which doesn't install the root certificates.
Upvotes: 1
Reputation: 543
Ended up installing oracle jdk 10 (also 10.0.2) and that works
C:\Users\Alexander\Downloads>java "SSLPoke" google.de 443
Successfully connected
Upvotes: 0