Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Java test HTTPS request to https://helloworld.letsencrypt.org/
// Based on java example: http://docs.oracle.com/javase/tutorial/networking/urls/readingWriting.html
// save as: URLConnectionReader.java
// compile using JDK: javac URLConnectionReader.java
// run: java URLConnectionReader
// good path: returns HTML
// bad path: throws an exception
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
URL oracle = new URL("https://helloworld.letsencrypt.org/");
URLConnection yc = oracle.openConnection();
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
}
}
@chrisDeFouRire

This comment has been minimized.

Show comment
Hide comment
@chrisDeFouRire

chrisDeFouRire Oct 30, 2015

Is it working for you ?

I'm getting errors, only for helloworld.letsencrypt.org and probably other letsencypt domains, my code works for other HTTPS servers...
I'm using Java8 / OSX

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I've even tried adding their root CA in the truststore but it doesn't work either...

Enabling ssl debug info shows
Unparseable CertificatePolicies extension due to java.io.IOException: No data available in policyQualifiers

I'm stuck now...

Is it working for you ?

I'm getting errors, only for helloworld.letsencrypt.org and probably other letsencypt domains, my code works for other HTTPS servers...
I'm using Java8 / OSX

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I've even tried adding their root CA in the truststore but it doesn't work either...

Enabling ssl debug info shows
Unparseable CertificatePolicies extension due to java.io.IOException: No data available in policyQualifiers

I'm stuck now...

@Firefishy

This comment has been minimized.

Show comment
Hide comment
Owner

Firefishy commented Dec 27, 2015

@chrisDeFouRire Letsencrypt is not in the default list of CAs in the Oracle Java JDK. Discussion here: https://community.letsencrypt.org/t/will-the-cross-root-cover-trust-by-the-default-list-in-the-jdk-jre/134

@Firefishy

This comment has been minimized.

Show comment
Hide comment
@Firefishy

Firefishy Jul 20, 2016

Confirmed working with Oracle JDK >= 8u101 (final release)

Owner

Firefishy commented Jul 20, 2016

Confirmed working with Oracle JDK >= 8u101 (final release)

@Firefishy

This comment has been minimized.

Show comment
Hide comment
@Firefishy

Firefishy Sep 1, 2016

Also Oracle JDK >= 7u111

Owner

Firefishy commented Sep 1, 2016

Also Oracle JDK >= 7u111

@VVD

This comment has been minimized.

Show comment
Hide comment
@VVD

VVD Sep 16, 2016

Error still here.
$ java -version
openjdk version "1.8.0_102"
OpenJDK Runtime Environment (build 1.8.0_102-b14)
OpenJDK 64-Bit Server VM (build 25.102-b14, mixed mode)

After copy /usr/local/linux-oracle-jdk1.8.0/jre/lib/security/cacerts to /usr/local/openjdk8/jre/lib/security/cacerts all work fine => OpenJDK have old cacerts without trust for letsencrypt.

VVD commented Sep 16, 2016

Error still here.
$ java -version
openjdk version "1.8.0_102"
OpenJDK Runtime Environment (build 1.8.0_102-b14)
OpenJDK 64-Bit Server VM (build 25.102-b14, mixed mode)

After copy /usr/local/linux-oracle-jdk1.8.0/jre/lib/security/cacerts to /usr/local/openjdk8/jre/lib/security/cacerts all work fine => OpenJDK have old cacerts without trust for letsencrypt.

@g0ddest

This comment has been minimized.

Show comment
Hide comment
@g0ddest

g0ddest Oct 25, 2016

java -version
java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)

Error still there.

g0ddest commented Oct 25, 2016

java -version
java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)

Error still there.

@yglodt

This comment has been minimized.

Show comment
Hide comment
@yglodt

yglodt Oct 31, 2016

This SO-answer shows how to import the letsencrypt security chain, which "solves" the issue, even on a Raspberry Pi with jre 1.8.0_65:

http://stackoverflow.com/a/35454903/272180

yglodt commented Oct 31, 2016

This SO-answer shows how to import the letsencrypt security chain, which "solves" the issue, even on a Raspberry Pi with jre 1.8.0_65:

http://stackoverflow.com/a/35454903/272180

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment