javax.net.ssl.Sslhandshakeexception only on Glassfis 4

Asked

Viewed 69 times

-1

I made a routine for online payments in Cielo, JSF , the tests I did with Tomcat 9, with Windows 10 ran 100%, but when I put in production in Glassfish 4, the system when redirecting to the Cielo page comes with this error.

javax.net.ssl.SSLHandshakeException: 
  sun.security.validator.ValidatorException: 
    PKIX path building failed:
      sun.security.provider.certpath.SunCertPathBuilderException: 
        unable to find valid certification path to requested target.

I believe it is not the code but some OS(Open Suse) or Glassfish certificate configuration.

  • you placed the ssl certificate on the server?

  • No, the system does not have Ssl certificate. Or you speak of the Ssl of the site that I will access?

  • This error you are getting is that your library did not find certification on your server. most likely the directory that is on your development machine is different from the server, or else there is not even the file in the server yet.

2 answers

1

Well, I put the application to bypass SSL by calling this function before the POST.

Uteis.ignorarSSL();
WebResource webResource = client.resource(url);

public static void ignorarSSL() throws Exception{
    //Cria um gerenciador de confiança que não valide cadeias de certificados
    TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager(){
        public X509Certificate[] getAcceptedIssuers(){return null;}
        public void checkClientTrusted(X509Certificate[] certs, String authType){}
        public void checkServerTrusted(X509Certificate[] certs, String authType){}
    }};

    //Instala o gerenciador de confiança
    try {
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, trustAllCerts, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
        ;
    }

}

0

In order for the VM that your Java process/server/application runs to connect with ANY https host, the certificate from that host needs to be present in the Keystore of the same. As you mentioned glassfish, I am placing a link with step by step.

Just to reinforce, this is not an OS problem, this is a known step and should always be done on any server (only varies the step by step).

  • 1

    Okay, I’ll try, but with Tomcat it wasn’t necessary.

  • 1

    still error, even adding the certificate to the cacerts.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.