i am trying to get issue details from jira server using my username and password but i am getting an ssl error saying unable to validate certificate
so how to validate certificate
url: http:local/8080/frr/hello
Getting error:
nested exception is
org.springframework.web.client.ResourceAccessException: I/O error on
GET request for"https://jira.example.com/rest/api/2/issue/id":
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target; nested exception is
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target] with root cause
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
my Service.class code
@Controller
public class Service{
@RequestMapping("/hello")
public String Data(ModelMap model){
RestTemplate restTemplate = new RestTemplate();
ResponseEntity<String> result = restTemplate.exchange("https://jira.example.com/rest/api/2/issue/id", HttpMethod.GET, new HttpEntity<String>(createHeaders("username", "password")), String.class);
model.addAttribute("message", result);
return "helloworld";
}
RestTemplate restTemplate = new RestTemplate();
HttpHeaders createHeaders( String username, String password ){
HttpHeaders header = new HttpHeaders();
String auth = username + ":" + password;
byte[] encodedAuth = Base64.encodeBase64(auth.getBytes(Charset.forName("US-ASCII")) );
String base64Creds = "Basic " + new String( encodedAuth );
header.add("Authorization", "Basic " + base64Creds);
return header;
}
}
Best Answer
The problem you are facing is that your application cannot validate the external server you are trying to connect to as its certificate is not trusted.
What happening in short is:
If this Jira instance is on-premise (hosted by your company) then having a self-signed certificate is not at all unlikely. In this case the certificate is not issued by a known CA, so if you wish to trust it, you need to manually register it.
First obtain the certificate:
Then import it into your own keystore:
Note: the commands above are for Unix environment. Under Windows I would suggest using similarly openssl from command line, but there are also GUI tools available for the same purpose.