ValidatorException connecting to self-signed locally running HTTPS service

[rubin55]

RESTClient 3.5.1 snapshot, tested with 3.5.0 also.

I'm getting a ValidatorException, even though I tell rest-client to not do hostname verification and to ignore self-signed certificates. The service is a locally running IBM WebSphere 8.5. See below for the backtrace!

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.wiztools.restclient.HTTPClientRequestExecuter.execute(HTTPClientRequestExecuter.java:417) at org.wiztools.restclient.ui.RESTViewImpl$3.run(RESTViewImpl.java:339) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105) at org.apache.http.ssl.SSLContextBuilder$TrustManagerDelegate.checkServerTrusted(SSLContextBuilder.java:298) at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:922) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ... 20 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ... 28 more

[HassanBakri]

Me too it would be great to disable Certificate Path Creation
Because Some Enterprise Require Connection Under SSL and no need for Signed Certificate From CA

[subwiz]

There seems to be solution: http://stackoverflow.com/questions/24720013/apache-http-client-ssl-certificate-error

Will look into it..

[subwiz]

Reporters: can you please take the latest code and let me know if my fix fixes the problem? Based on your advice, I will change the UI messages.

[subwiz]

This should hopefully fix it.

[kamalmul]

How do I download this latest version to test?

[subwiz]

I built it and uploaded in the temporary location: https://dl.dropboxusercontent.com/u/2505020/restclient-ui-fat-3.5.1-SNAPSHOT.jar

[kamalmul]

It is working now! Awesome!
Thank you Subwiz!

[subwiz]

:)

[rubin55]

Hi, I just did a pull of master, checked with git lola that the commit is in there (#4a3ca8b) and did a dist-build; however, I don't see the option as you put it in the screenshot but only the old "Trust self-signed certificate?". I'm on Linux, using GTK. Am I doing something obviously wrong? I also checked to run but I get the same backtrace also.

[subwiz]

I re-uploaded the build to: https://dl.dropboxusercontent.com/u/2505020/restclient-ui-fat-3.5.1-SNAPSHOT.jar You may take it from here!

[rubin55]

I got it and it works! But, why doesn't it work if I build from master?

[subwiz]

I'm not sure. I moved to Gradle recently (from Maven), and it is working fine for me.