Solve "unable to find valid certification path to requested target" by Installing Certificate to JDK - Java Spring Boot RestTemplate

 This is the case when I'm trying to hit a web service in my Spring Boot application using RestTemplate. The solutions I found on the internet and stack overflow is to disable SSL certificate checking, which is actually not recommended if you're trying to access a secured service (using HTTPS). The workaround I found is to install the certificate from the web service itself into our JDK (inject certificate).

First we need to get the certificate. There are two ways though, the first is to save the certificate from the browser. The second is asking politely to service provider.

Get Certificate: Save from Browser

To use this step, first access the URL of the service. Example if the service is "https://secured-service.example.com/hit-me/to-send-something", then you just need to enter the main domain (https://secured-service.example.com) in the browser.

Then, use this following steps:

  1. I assumed you're using Google Chrome or newest chrome-based Edge, click the lock button on the left side of the address you enter.
  2. Click "Certificate"
  3. Go to the Details tab
  4. Click the "Copy to File..." button
  5. A new wizard will appear. Click next
  6. Choose your certificate format. I suggest using DER, but it depends.
  7. Browse the location for you to export, and continue until done.

Now, you've got the certificate. You can skip the next "Get Certificate" step, unless you can't get or export the certificate from the browser.

Get Certificate: Asking Politely

Honestly, I didn't found another method. Feel free to search google or stackoverflow if you really can't ask from the web service provider. But this is the best method I found, as the certificate will 100% match with the web service certificate. Just don't forget to email them politely, or if you're working at the same office, you could just schedule a meeting with some of the web services' representative. After you get all of the certificate you need from them, let's go to the next step.

Importing .cer to JDK (inject method)

This is a better step rather than disabling your SSL validation in Java. Just enter this command in CMD:

[Path\To\JDK]\bin\keytool.exe -import - noprompt -trustcacerts -alias [alias_name] -file [path\to\file.cert] -keystore [Path\to\JDK]\jre\lib\security\cacerts -storepass [password]

Example:

"C:\Program Files\Java\jdk1.8.0_231\bin\keytool.exe" -import -noprompt -trustcacerts -alias MyAlias -file folder\name_of_cert.cer -keystore "C:\Program Files\Java\jdk1.8.0_231\jre\lib\security\cacerts" -storepass password

You can define another keystore, or create new one by not including from "-keystore" onwards. But using JDK default keystore is recommended especially if your project is using installed JDK, not JDK from your IDE (eclipse or IntelliJ Idea). The default JDK keystore password is changeit .

If you have multiple certificates, repeat above command multiple times by changing the alias name and the path of certificate. The rest are the same. Each certificate must have different or unique alias name.

Test it in your Spring Boot App

Now, you could try run it again in your Spring Boot and hit the web service. It should be working now. If it's not, maybe you're using different certificate provided by the web services, or the "save from browser" method just won't work for you. Try to asking the web service provider politely for the certificate. If the web service have invalid certificate in the browser, or there's noted "The connection is not secured" but it's an HTTPS, it means the certificate they provide is invalid or expired. If that happened to you, disabling SSL validation is not a big problem.

That's all. I won't guarantee this method would work for anyone than myself, but it worth a try. Any questions you could comment or just contact me in the contact me page. Thank you and have a nice day! 

 

Comments

Post a Comment

Feel free to ask in comment, but I won't guarantee that I will answer it quickly as this blog is just my notepad and I opened it whenever I need to.

Popular posts from this blog

How To Prevent Default Save to Onedrive at Save Dialog - Microsoft Office 2019

Image
 If you're a student or someone who often create new documents on Microsoft Word or Excel or Powerpoint and save it using CTRL+S, you often deal with something that makes you can't just press enter to continue saving it: the dialog shows the OneDrive location as default. Source: Microsoft.com So you will take some extra steps to browse for a folder, or as simple as choosing My Documents, then proceed to save the document. But what if you prefer just pressing CTRL+S then ENTER but the location is automatically set to My Documents? Here's the simple extra steps to make you reduce the extra steps in saving the document. Office 2016 Update or Office 365 The Microsoft Support page here described a simple way to change default location in the new save dialog. When the save dialog appears, you just need to click the drop down on the location, then choose a folder and click at the " Set As Default Location " folder. That way, even you click "Cancel" after doing ...
Read more

How to Increase Apache Tomcat Heap Memory Size

Apache Tomcat commonly used to run web apps, commonly made by Java or Spring Boot. It's trusted and well known for it's realibility and easy to maintain. But ever wonder somehow you got Out of Memory Error from your web app? And how to deal with it? Disclaimer: Not all Out of Memory means that you need to increase your heap size. Please make sure that you didn't use too much explicit objects that could have memory leaks, or check wether your un-optimized code causes this. Increasing Heap Memory from your Java installation might not help much. Each instance have it's own limiter on using Heap Sizes. So does Apache Tomcat. But is it a bad news? No, it's not a bad news at all. In fact, Apache Tomcat has a GUI to help you set the memory used by Apache Tomcat easily. To do this, please follow this step: Go to your Apache Tomcat install directory then go to the BIN folder (if you're using Tomcat 9, the path sould be  C:\Program Files\Apache Software Foundation\Tomcat...
Read more