3

Previously, I could successfully send request to a web service and receive response but it now returns the following exception. Based on other answers I need to renew the certificate but I need to know why I am receiving this exception now. The other issue is that, I could find the address of my java_home but I can not renew the certificate.

Exception:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed

Code

URI uri = new URI("https", "xml.example.com", "/service/ServiceRequest.do", 
                           "serverName=www.example.com&xml=" 
                           ...
                           +" ", null);

            URL page = uri.toURL();
            HttpsURLConnection conn = (HttpsURLConnection) page.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);
            conn.setDoInput(true);
            conn.connect();
Improve this question
1
  • One reason for that error is that the certificate is not (yet) valid or expired. Which can also happen if the clock of the server or client is wrong. Commented Nov 5 at 10:20

1 Answer 1

Reset to default
8

The problem is that you are trying to talk to a server whose SSL Certificate has expired. The reason you are getting the exception is because the Java SSL code is checking the certificate chain, and has noticed the problem. A SSL certificate that has expired is not trustworthy ... and is not trusted by the default certificate validator.

I can not renew the certificate ...

Renewing the certificate is up to the owner of the website. If that is not you, then there is nothing you can do ... apart from bypassing validation of the certificate, which is bad for SSL connection security.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

all right thank, I thought something is wrong with me. My view is based on stackoverflow.com/questions/9619030/…
That Q&A is addressing a different SSL problem. That server is presenting a certificate that is probably valid. However, the server is not also presenting the root and intermediate certificates as well. (Or it is presenting them in the wrong order). The end result is that the client is unable to check that the certificate is valid. The solutions in that case are different to your case, though one of them does involve the server admin fixing their server to behave properly.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.