SSL connection using Java standalone app

Posted by Marquinio on Stack Overflow See other posts from Stack Overflow or by Marquinio
Published on 2010-05-19T21:03:02Z Indexed on 2010/05/19 21:20 UTC
Read the original article Hit count: 279

Filed under:

ssl

|

standalone

|

java

|

encryption

|

tls

I have created a standalone executable JAR program that needs to send private information over a SSL connection.
I was not able to establish the SSL connection using certificates. Was getting this:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path `building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target`

So I found some code somewhere that creates a trust manager that does not validate certificate chains:

// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
            new X509TrustManager() {
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
                public void checkClientTrusted(
                    java.security.cert.X509Certificate[] certs, String authType) {
                }
                public void checkServerTrusted(
                    java.security.cert.X509Certificate[] certs, String authType) {
                }
            }
        };

That did the trick and I was able to establish SSL connection without any certificates.

My concern is if the data will still be encrypted when exchanging private information. This is an execute JAR file that clients will be downloading to their computers.

So is a certificate really necessary for this case?

Thanks.

Developer IT