Certificates can be tricky to debug because they do not always give you a helpful error messages. To be able to turn the JVM debug mode on can be a great help. I will here show two methods to enable debug mode for SSL:
As an VM option
java -Djavax.net.debug=ssl:handshake myprogram
Or as a system property (in your code):
System.setProperty("javax.net.debug", "ssl:handshake");
Hope it will help you track down that nasty SSL bug 🙂
Tested on OSX 10.15.6, Java 1.8.0_252
You are trying to connect to a server over SSL and you get the following error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:198) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1967) ...
This means that your computer does not trust the remote computer. The remote computer serves a certificate that your computer is unable to find a trusted source for. Could be that the remote certificate is selfsigned or uses a CA that you computer does not know
One solution: Add the remote computers certificate into your truststore:
1. Get the remote computer certificate using OpenSSL:
openssl s_client -connect <remote computer adress> <remote computer port>
This will present the remote computers certificate (BEGIN CERTIFICATE to END CERTIFICATE). Copy this to a file (Preserve BEGIN and END rows)
2. Add the remote certificate to your java truststore
sudo keytool -import -alias remote_computer_cert -file <remote computer cert> -keystore /Library/Java/JavaVirtualMachines/adoptopenjdk-8.jdk/Contents/Home/jre/lib/security/cacerts
3. Done – connect again – the error should be gone
Tested on OSX v10.15.6, OpenSSL 2.8.3 (LibreSSL) and Java 1.8.0_252 (OpenJDK)
From time to time I need to check so that a function correctly logs error messages to the application log. Here is one solution using Logback in a Spring application
import ch.qos.logback.classic.Logger;
import ch.qos.logback.classic.spi.LoggingEvent;
import ch.qos.logback.core.Appender;
import org.mockito.ArgumentMatcher;
import org.slf4j.LoggerFactory;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
@Test
public void shouldWriteErrorMessageToLog() {
Logger l = (Logger) LoggerFactory.getLogger(Logger.ROOT_LOGGER_NAME);
Appender mockAppender = mock(Appender.class);
l.addAppender(mockAppender);
/*
* Call function that is expected to write to the application log
*/
verify(mockAppender).doAppend(argThat(new ArgumentMatcher() {
@Override
public boolean matches(final Object argument) {
return ((LoggingEvent)argument).getMessage().contains("FooBar");
}
}));
}
Tested with Spring Boot v2.2.4 and TestNG v6.11
