Even now & then I run into this issue, so adding here for my own reference and everyone else.
If you are getting following error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExceptionThis means the server you are trying to connect to use self generated certificate, to solve this issue you need to tell JRE/JDK to trust the certificate.
To do that you need to import the SSL certificate into your JRE.
In my case I am trying to connect to SMTP over SSL, a quick service for “download smtp certificate” gave me http://notepad2.blogspot.co.uk/2012/04/import-gmail-certificate-into-java.html
To download certificate for HTTP, you can use Firefox and Internet explorer, by clicking the secure icon in address bar.
so to download the certificate for SMTP run following in console:
openssl s_client -connect smtp.gmail.com:465Although I downloaded the certificate using port 465 but my java configuration only works on port 587 for SMTP with TLS enabled.
which outputs the certificate, e.g.
-----BEGIN CERTIFICATE----- .......... -----END CERTIFICATE-----you can save the certificate into a file e.g.
nano smtp.gmail.com.certnow import the certificate using:
keytool -import -trustcacerts -alias smtp.gmail.com -file /path/to/smtp.gmail.com.certSay “yes” to the command prompt, now you should be able to connect.
This will import the certificate to the default keystore, for me it under the home directory. As in the above command I didn’t specify a keystore, I use the same keystore e.g “~/.tomcat” for my tomcat configurations.
Also import the certificate to your JRE/JDK keystore using:
keytool -import -trustcacerts -alias smtp.gmail.com -file /path/to/smtp.gmail.com.cert -keystore $JAVA_HOME/jre/lib/security/cacerts