Hi Oleg, Thanks for response…I don’t know if I’m seeing this up right.
Does anyone have the steps handy to have a Tomcat and HttpClient communicate with each other using self signed keys? -Matt > On Feb 15, 2016, at 5:47 AM, Oleg Kalnichevski <ol...@apache.org> wrote: > > On Fri, 2016-02-12 at 17:53 -0500, Matt Chambers wrote: >> I’m not sure if I’m daft or just missing something super obvious, but I’m >> trying to setup HttpClient to connect to a Spring Boot server using a self >> signed cert, pretty much all day. Works fine via Chome, Python’s >> ‘requests’ module, and Objective-C but no matter what I do, this exception >> haunts me. >> > > Are you sure the server authenticates with a self-signed certificate (no > CA) and not with a certificate signed by a non-standard CA? > > Oleg > >> java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target >> at >> com.zorroa.archivist.sdk.client.ExceptionTranslator.translate(ExceptionTranslator.java:9) >> ~[archivist-sdk-0.17.0.jar:na] >> at com.zorroa.archivist.sdk.client.Http.post(Http.java:39) >> ~[archivist-sdk-0.17.0.jar:na] >> at >> com.zorroa.archivist.sdk.client.archivist.ArchivistClient.registerAnalyst(ArchivistClient.java:57) >> ~[archivist-sdk-0.17.0.jar:na] >> at >> com.zorroa.analyst.service.RegisterServiceImpl.runOneIteration(RegisterServiceImpl.java:45) >> ~[classes/:na] >> at >> com.google.common.util.concurrent.AbstractScheduledService$1$1.run(AbstractScheduledService.java:174) >> [guava-18.0.jar:na] >> at com.google.common.util.concurrent.Callables$3.run(Callables.java:95) >> [guava-18.0.jar:na] >> at >> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) >> [na:1.8.0_65] >> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) >> [na:1.8.0_65] >> at >> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) >> [na:1.8.0_65] >> at >> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) >> [na:1.8.0_65] >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) >> [na:1.8.0_65] >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) >> [na:1.8.0_65] >> at java.lang.Thread.run(Thread.java:745) [na:1.8.0_65] >> Caused by: javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target >> >> I’ve basically tried 1000 different combinations of HttpClient setup and >> versions, but this is how I’m setting it up currently: >> >> this.client = HttpClients.custom() >> .setConnectionManager(new PoolingHttpClientConnectionManager()) >> .setSSLSocketFactory(new >> SSLConnectionSocketFactory(SSLContexts.custom() >> .loadTrustMaterial(null, new TrustSelfSignedStrategy()) >> .build())) >> .setSSLHostnameVerifier(new NoopHostnameVerifier()) >> .build(); >> >> Any help would be greatly appreciated. >> >> -Matt >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > <mailto:httpclient-users-unsubscr...@hc.apache.org> > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > <mailto:httpclient-users-h...@hc.apache.org>