NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
After 6.2.2, all Java SSL handshakes fail.
Hi I have been trying to troubleshoot a problem I have with filebot on our ReadyNas. At first I thought it was a FileBot thing, but it's not. Ever since I upgraded to 6.2.2, all outbound SSL handshakes are failing from Java.
I have installed/uninstalled/reinstalled (alot) java 1.7 jdk using apt-get. I have googled a heap, and the servers I am trying to connect to for testing do not use self signed certs. Even so I have tried to import them manually. I have uninstalled ca-certificates and ca-certificates-java, I have set the $JAVA_HOME, unset it, left it as default (blank) after apt-get. I'm out of ideas.
Whether running basic FileBot command (filebot -script fn:sysinfo) or using a test class HTTPSClient.java, I get the same error, which is
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I am using HTTPSClient to try to connect to docs.google.com, godaddy.com, microsoft.com, facebook.com, etcetera. Mainstream secure sites.
I am not sure what to do from here, any tips?
The HTTPSClient.java is a class I found while googling, it's contents are as follows:
I have installed/uninstalled/reinstalled (alot) java 1.7 jdk using apt-get. I have googled a heap, and the servers I am trying to connect to for testing do not use self signed certs. Even so I have tried to import them manually. I have uninstalled ca-certificates and ca-certificates-java, I have set the $JAVA_HOME, unset it, left it as default (blank) after apt-get. I'm out of ideas.
Whether running basic FileBot command (filebot -script fn:sysinfo) or using a test class HTTPSClient.java, I get the same error, which is
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I am using HTTPSClient to try to connect to docs.google.com, godaddy.com, microsoft.com, facebook.com, etcetera. Mainstream secure sites.
I am not sure what to do from here, any tips?
The HTTPSClient.java is a class I found while googling, it's contents are as follows:
import java.net.*;
import java.io.*;
import java.security.*;
import javax.net.ssl.*;
public class HTTPSClient {
public static void main(String[] args) {
if (args.length == 0) {
System.out.println("Usage: java HTTPSClient host");
return;
}
int port = 443; // default https port
String host = args[0];
try{
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
Writer out = new OutputStreamWriter(socket.getOutputStream());
// https requires the full URL in the GET line
out.write("GET / HTTP/1.0\\r\\\n");
out.write("\\r\\n");
out.flush();
// read response
BufferedReader in = new BufferedReader(
new InputStreamReader(socket.getInputStream()));
int c;
while ((c = in.read()) != -1) {
System.out.write(c);
}
out.close();
in.close();
socket.close();
}catch (IOException e) {
System.err.println(e);
}
}
}
1 Reply
Replies have been turned off for this discussion
- Sounds like the same problem I just found. You likely just need to downgrade your ca-certificates package as I did in this post.
http://www.readynas.com/forum/viewtopic.php?f=35&t=78975&p=456647#p456647
I'm not sure if it was something in the overall 6.2.2 upgrade, or the ca-certificate netgear package that removed all the old CA certs. But that would definitely result in any SSL handshakes failing for certs which aren't signed by Verisign or Entrust (the only 2 CAs the netgear package installs).
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
