I sent http request with Java Program (using HttpUrlConnection) to web site and download files from there.
The website is "https" and use certificates.
When I try to run my code it take exception:
cause javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I tried to go this web site with my Browser(Mozilla).And when I check the certificates,There are three certificates.The site contain these certs.
DigiCert High Assurance EV Root CA
-DigiCert High Assurance CA-3
-thecompanycert (Issued by DigiCert High Assurance CA-3)
And I check my trustsroe with keytool. The truststore only has the Root CA.
Is it enough or I have to import the other 2 certificate? Or only -thecompanycert?
What is the risks of adding intermediate certificates to the java truststore?
Am I have to do this?
Can anyone help about that?
解决方案
Given that that CA and intermediate CA are already present in the default truststore in recent Java version you shouldn't need to import them unless you are using an older Java version. In any case it depends on how much you trust the CA but Java and most browsers already trust it.
扫一扫
394
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
