'java.security.cert.CertificateExpiredException: NotAfter' upon connecting secure web socket

Ravi Jain picture Ravi Jain · Mar 12, 2017 · Viewed 17.1k times · Source

I am trying to connect to a secured web socket to consume a API. Below is the source code. Hosting environment configuration is JRE 1.7 and Tomcat 7.

import java.net.URI;
import javax.websocket.ClientEndpoint;
import javax.websocket.CloseReason;
import javax.websocket.ContainerProvider;
import javax.websocket.OnClose;
import javax.websocket.OnMessage;
import javax.websocket.OnOpen;
import javax.websocket.Session;
import javax.websocket.WebSocketContainer;
import org.apache.log4j.Logger;

@ClientEndpoint
public final class SocketRateFeed 
{
    private static final Logger logger = Logger.getLogger(SocketRateFeed.class);
    private Session sessionWS;

    public static void startContainer()
    {
        try
        {
            URI wsURI = new URI("wss://websocket.abc.xyz/?api_key=qwerty&user_id=ASDF");
            WebSocketContainer container = ContainerProvider.getWebSocketContainer();
            container.connectToServer(new SocketRateFeed() , wsURI);
        }
        catch(Exception exp)
        {
                logger.error(exp.getMessage() , exp);
        }
    }

    ....other annotated methods
}

This is stack trace.

28-02-2017 11:24:37 localhost-startStop-1 ERROR SocketRateFeed.startContainer(30) : The HTTP request to initiate the WebSocket connection failed 
javax.websocket.DeploymentException: The HTTP request to initiate the WebSocket connection failed
    at org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:325)
    at org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:166)
............
Caused by: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WrapperFuture.get(AsyncChannelWrapperSecure.java:511)
    at org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:291)
    ... 17 more
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1395)
    at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:516)
    at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1193)
    at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1165)
    at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
    at org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WebSocketSslHandshakeThread.run(AsyncChannelWrapperSecure.java:371)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1702)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:281)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1477)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:213)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961)
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:901)
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:899)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1333)
    at org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WebSocketSslHandshakeThread.run(AsyncChannelWrapperSecure.java:397)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:350)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:283)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:138)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1464)
    ... 7 more
Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:159)
    at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:353)
    at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:191)
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279)
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:345)
    ... 13 more
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sat May 21 17:56:00 IST 2016
    at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)
    at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:576)
    at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:184)
    at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:136)
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133)
    ... 17 more

I would be very helpful if anyone can provide solution/workaround or bypass trick for this issue. Thanks.

Answer