-
Enhancement
-
Resolution: Fixed
-
P4
-
8, 11, 17, 21
-
b16
-
generic
-
os_x
Simple HttpsURLConnection to https://github.com fails if use MacOS KeychainStore trustStore:
java -Djavax.net.ssl.trustStoreType=KeychainStore HttpsURLConnectionTest https://github.com
SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
It happens because the user KeychainStore does not contain the required intermediate CA certificate and Apple Provider does not return Root certificates.
On the other hand, Chrome and Safari apps successfully connect to github.com using MacOS KeychainStore
java -Djavax.net.ssl.trustStoreType=KeychainStore HttpsURLConnectionTest https://github.com
SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
It happens because the user KeychainStore does not contain the required intermediate CA certificate and Apple Provider does not return Root certificates.
On the other hand, Chrome and Safari apps successfully connect to github.com using MacOS KeychainStore
- csr for
-
JDK-8321045 Load anchor certificates from Keychain keystore
- Closed