I am trying to get response code for this site "https://www.ssfcu.org/en-us/Pages/default.aspx". The code snippet is:
try{
HttpURLConnection connection = pingUrl(location);
responseCode = connection.getResponseCode();
}catch(Exception e) {
}
public HttpURLConnection pingUrl(String url) throws Exception{
int count = 0;
HttpURLConnection conn = null;
conn = (HttpURLConnection) new URL(url).openConnection();
conn.setRequestMethod("GET");
conn.setConnectTimeout(2000);
conn.setInstanceFollowRedirects(false);
conn.setReadTimeout(10000);
conn.connect();
Thread.sleep(1000);
return conn;
}
But I am getting an exception:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
How can I resolve this?
An old COMODO root certificate expired on May 30.
https://www.reddit.com/r/linux/comments/gshh70/sectigo_root_ca_expiring_may_not_be_handled_well/
Don't know if this affects www.ssfcu.org, but you might try importing updated certs to your java keystore:
https://crt.sh/?d=1720081 and https://crt.sh/?d=1199354openssl x509 -in 1720081.crt -outform der -out 1720081.derkeytool -import -file 1720081.der -keystore your-keystore -alias Comodo (or alias UserTrust for 1199354)Your keystore is in your JRE_HOME directory in the file lib/security/cacerts. You'll need root privilege to edit the cacerts file.
Edit: I looked closer and Comodo isn't involved in www.sfcu.org's certificate chain, but the instructions above are correct as long as you can identify the root or intermediate certificate that has expired. We coincidentally ran into an issue with linkedin.com today. Like www.ssfcu.org, they too use a certificate chain from DigiCert, so perhaps they had some certs expire recently, too.