My app is getting this error when accessing a HTTPS resource (using appengine-java-sdk-1.9.63):
javax.net.ssl.SSLHandshakeException: Could not verify SSL certificate for URL: https://some.where/
at com.google.appengine.api.urlfetch.URLFetchServiceImpl.convertApplicationException(URLFetchServiceImpl.java:175)
at com.google.appengine.api.urlfetch.URLFetchServiceImpl.fetch(URLFetchServiceImpl.java:45)
at com.google.apphosting.utils.security.urlfetch.URLFetchServiceStreamHandler$Connection.fetchResponse(URLFetchServiceStreamHandler.java:543)
at com.google.apphosting.utils.security.urlfetch.URLFetchServiceStreamHandler$Connection.getInputStream(URLFetchServiceStreamHandler.java:422)
at com.google.apphosting.utils.security.urlfetch.URLFetchServiceStreamHandler$Connection.getResponseCode(URLFetchServiceStreamHandler.java:275)
at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:656)
at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:629)
at org.jsoup.helper.HttpConnection.execute(HttpConnection.java:261)
at org.jsoup.helper.HttpConnection.get(HttpConnection.java:250)
What can be done so GAE would not check of SSL since in my current purpose for the app, it does not care if it connects via HTTP or HTTPS, so in my case I just want to disable SSL check.
Update:
I am running the application from Windows (Linux does not throw the error above)
Already I have modifiied the dev_appserver.cmd like this:
java -Ddeployment.security.TLSv1.1=false -Ddeployment.security.TLSv1.2=false -cp "%~dp0\..\lib\appengine-tools-api.jar" ^
com.google.appengine.tools.KickStart ^
com.google.appengine.tools.development.DevAppServerMain %*
Also in the application itself this is set:
FetchOptions fetchOptions = FetchOptions.Builder.doNotValidateCertificate();
HTTPRequest request = new HTTPRequest(getUrl, HTTPMethod.GET, fetchOptions)
What could be wrong with Windows that it throws the error whereas in Linux there is no problem?
The solution that worked for this problem is to update the JDK of the machine. Then after upgrading from Java 7 to Java 8, the SSLHandshakeException is not being thrown anymore.
Thus, problem solved.
Related
I am not able to run Java Play 2.5 application locally.I am using Mac OSX Sierra, before I was using Windows 10 and had no problems. If I try to use application through https://localhost:9000 I always receive error in chrome:
his site can’t provide a secure connection
On Mozilla:
An error occurred during a connection to localhost:9000. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
Safari:
safari cant open the page because Safari cant establish secure connection to the server.
I am sure there is an issue with autogenerated self signed certificated by Play but I do not know how to solve it...
I tried http and it works, but my application forces https.
Use http://localhost:9000
I doubt you are set up to use HTTPS locally
Hope you are doing well.I know there are many answers alike to the issue that i am going to ask but still no one seems to help.
Please help!!!
Issue:-
I am trying to connect to a secure website(HTTPS) using WebScarab, so that i can capture the traffic.Http is working fine for me.
For this i am using WebScarab as a proxy.
'client.getHostConfiguration().setProxy("127.0.0.1", 8008);'
but everytime i gets an exception (
SunCertPathBuilderException
) as stated above.
I have tried adding the website certificate to the Java using Keytool utility also.
I then added a proxy (reverse) entry in WebScarab (127.0.0.1 , 443) and changed the program to use it as a proxy server.
'client.getHostConfiguration().setProxy("127.0.0.1", 443);'
Then i got the following exception :-
org.apache.commons.httpclient.ProtocolException: The server stbeehive.oracle.com failed to respond with a valid HTTP response.
I also tried creating a .p12 certificate (for the website which i want to connect to) and importing it to WebScarab.
But inspite of all these methods i am not able to get the proper response.
I am using WebScarab as a proxy for firefox to capture its traffic and it is working fine (for both http and https).
Please help me as i have run out of ideas now :(
Are you using WebScarab or WebScarab-NG?
Please try WebScarab "classic", rather than the -NG variant. NG was a failed experiment, and no real effort was put into validating the client-side certificate functionality.
Also, what version of Java are you using, what operating system, 32 bit or 64-bit, etc, etc
Regards,
Rogan
There is a simple scan call going to dynamo from my code which works fine in Java 6 and not in Java 7. The amazon forums mention this problem and recommend disabling certificate verification, which seems risky to me. Does anyone know what changed between Java 6 & 7 to cause this issue?
3-Jul-2012 3:51:27 PM com.amazonaws.http.AmazonHttpClient executeHelper
WARNING: Unable to execute HTTP request: peer not authenticated
If it works with one JRE and not another, the problem is likely that you don't have the correct CA cert installed in your 1.7 JRE keystore. See this post for details:
http://welocally.com/?p=1358
You can also just connect to the http:// version of the Dynamo endpoint and so avoid ssl altogether (and get a nice performance boost as a result).
Currently at a loss for authenticating with a Microsoft Project Server 2007 instance running on IIS with Integrated Windows Authentication enabled from a Java 1.6(u19) client running on linux, RHEL 5.5.
Note: The client works on my Windows workstation.
I initially was trying to implement a JAX-WS call and found that I could not retrieve the WSDL due to authentication errors, specifically a 401.2, followed by a 500. So I simplified it to a Java class that:
Creates an Authenticator and sets it as the default with a user name/password in AD that has permissions to the project server site
Create a java.net.URL object
Create a java.net.HttpURLConnection and invoke getInputStream
It is at this point where a failure occurs.
With HttpURLConnection debugging turned on I can see:
the initial authentication failure (401.2) returned from the server with "negotiate" and "NTLM" included in the response.
the client creating an NTLM token and sending it back to the server
the server returning with a 500 status code
On the Windows server in the logs, I can see that there is no user name included in the log file only for my requestion and only a "-" which I believe means "anonymous".
My thought is that Project Server isn't liking the NTLM token that is being passed and choking. Based on the many postings on this, NTLM (v1 & v2) are suppose to be supported within Java 1.6.
Any help would be greatly appreciated...
UPDATE 6/20/12: narrowed the issue down to a local security policy setting for Network security: Minimum session security for NTLM SSP based (including RPC) servers. The setting that causes the Java client to fail is Require NTLMv2 security. The goes against what is claimed for NTLM support with the 1.6 JDK..
Some references:
Java HTTP Authentication
Blog showing Java Authenticator Impl
A while back when i had this problem, i ended up using a scheme created by somebody else.
http://devsac.blogspot.com/2010/10/supoprt-for-ntlmv2-with-apache.html
Worked for me when i had to get image files from and iis server with ntlm.
Snippet using the code above..
AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, org.xyz.JCIFS_NTLMScheme.class);
HttpClient client = new HttpClient();
client.getState().setCredentials(AuthScope.ANY, new NTCredentials(userName, password, "", strDomain));
GetMethod get = new GetMethod(strImageFile);
get.setDoAuthentication(true);
client.executeMethod(get);
I have a webapp that sends a SOAP request to a 3rd party server. When the request is made on my local computer it works without a problem, but when I deploy my application to my server I get an error with the following causes:
com.sun.xml.messaging.saaj.SOAPExceptionImpl: java.security.PrivilegedActionException: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Message send failed
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: algorithm check failed: MD2withRSA is disabled
I've searched around but I can't find anything relevant to my situation. It's probably worth noting that the request I'm making is to an https url. My computer is running Windows XP and the server is running Slackware Linux. Any ideas what might be causing the server to reject the request?
Check your Java versions on your local machine, and your server.
From here, it seems the jvm 6u17 disabled MD2 as it is insecure, and whatever you connect to is using MD2
MD2withRSA is highly vulnerable and therefore deactivated in Sun... aeh Oracle's JVM. You should ask the owner of the remote service, whether his server supports more secure encryption methods (I think, older Apache HTTPd versions do offer MD2withRSA by default...). In order to resolve this problem without forcing the provider to change the method, you may use your own implementation of the X509TrustManager that accepts the old method.
A Google search on "MD2withRSA" showed this URL as the first hit, that seems to point to a change in a certain Java version. Probably the verasiuons on your local computer and the server do not match.
Newer Java 7 (version 1.7) allows re-enabling MD2 via $JAVA_HOME/jre/lib/security/java.security file. Download and install Java 7 and modify java.security file in text editor as follows
1) Remove MD2 from following property
jdk.certpath.disabledAlgorithms= # MD2
2) Ensure following property is commented out
# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
3) Restart java application
Warning: MD2 is disabled by default in Jdk 7 because it is insecure. However, it can be enabled as described above to support older deployments.