{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 小情绪 Triste * 的问题《Error when connecting to URL - PKIX path building》','https://www.manongdao.com/q-417137.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to connect to a webpage to gather information, and I am using jsoup to parse the HTML. However, whenever I try to connect to the URL to download the source, I get an error saying something about the PKIX build path. I've looked around, and everything I've found says to add the website's CA Root certificate to my truststore, which I did, but the problem persists (The CA Root cert was already there). I am able to connect to the website through a web browser, but not through a URL class. Here is the most basic code I could write which would produce the error.
public class URLConnectStart {
public static void main(String[] args) {
try {
URL u = new URL("https://ntst.umd.edu/soc/");
u.openStream();
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
Here is the error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at java.net.URL.openStream(Unknown Source)
at URLConnectStart.run(URLConnectStart.java:14)
at URLConnectStart.main(URLConnectStart.java:8)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 16 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 22 more
Info from chrome regarding the website's cert
Any help would be appreciated. This is not a critical application, so security is not all that important, but if I can maintain security I would rather do so. Regardless, all I want to be able to do is download the HTML for this website through code.
Thank you.
You can manually install certificates to java keystore.
First command to clear if any alias is present ( I prefer to run this from JAVA_HOME in windows so the path are relative to this. if you are running from out side please change the path accordingly.
Now we need to install the certificate
Default password to keystore is changeit
If you have number of certificate add this commands to a text file each of that and save it as bat extension and put to JAVA_HOME\bin or any where you like. Make sure the path mentioned is relative.
if your jre is outside jdk , then provide the path to that.
The website does not provide an intermediate certificate that is required to complete the certificate chain. Some user agents/ browsers have a functionality called AIA chasing where they download the necessary intermediates but the Java client isn't one of them.
If you are the site admin, the correct way to address this is to supply the intermediate certificate so that the complete chain is sent. Even if you are an end user, do consider contacting the website to fix this issue. Folks using the Android browsers will also be unable to access this site without accepting a security warning due to this issue.
In the meantime, if you'd like to address this in your client, you can download the missing intermediate cert and add it to your Java certificate store.