Solution:
You require to include the origin cert to the keystore as well.
I caught this error at the time I removed these 2 lines. In case you know your keystore has the right certs, ensure that your code is glancing at the right keystore.
System.setProperty("javax.net.ssl.keyStore", <keystorePath>));
System.setProperty("javax.net.ssl.keyStorePassword",<keystorePassword>));
I also required this VM argument: -Djavax.net.ssl.trustStore=/app/certs/keystore.jk
See here for more details: https://stackoverflow.com/a/34311797/1308453
Take steps that the server certificate is signed and valid, you just require to open the connection as usual:
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
URL google = new URL("https://www.google.com/");
URLConnection yc = google.openConnection();
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
}
}
Note that the URL has the HTTPS schema to imply the use of SSL.
In case the server's certificate is signed however you are accessing employing a different IP address/domain name than the one in the certificate, you can bypass hostname verification with this:
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName,SSLSession session) {
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
I the certificate is not signed then you require to include it to the keystore used by the JVM (useful commands).
On sys_properties form, fixed the value of glide.httpclient.protocol.myhttps.class and glide.httpclient.protocol.myhttps.port, to empty. In case this does not perform, match your reciprocal authentication profile value accordingly to the establishment for your end-point.
At one time you have uploaded the CA-signed certificate to the example of your end-point, and you have created separate certificate records for them, you must only update the key-store reference field on the existing myhttps protocol profile. In case you make another protocol profile for the testing or the production environment, you might run into link errors at the time attempting to link to the target system. Hence, with a view to preventing few unexpected behavior, retain just one protocol profile called myhttps, and only update the references to the CA-signed key-store. Further, ensure that the key-store file name assures only small letters, as you might end up having authentication issues.