Open chunyeow opened 3 years ago
1) I could bypass/ignore the checking of SSL cert (not advisable due to security concern) in my java code. OR 2) The machine that used to call the API has to add the missing cert into their java cacert.jks (jre/lib/security/cacerts) by using keystore explorer or similar tool.
In my current system, everytime we integrate with a new courier API we will add the necessary cert into relevant servers. If the "courier-middleware" app is meant to be used by every common users on their own pc, then 1) solution might be suitable due to security is not concerned.
Please let me know If any of the solution is applicable, otherwise I have to dig further for alternative solution.
@yzl2250
Please attached the necessary intermediate certificate for our testing on approach 2. Also you may include the code as according to approach 1.
At the same time, how your docker image going to resolve this issue? The intermediate certificate is not there also, right?
1) Please download the keystore explorer from the following link: https://keystore-explorer.org/
2) Locate the cacert file (..../java_XXX/jre/lib/security/cacerts) and open it (password is 'changeit') with keystore explorer and import the trusted certificate that I've attached.
3) Might need to restart your java to take effect. Restarting pc will work too.
I didn't face this issue with my pc, need to try with another pc to replicate it. Will keep you updated once I update my code to include approach 1.
FYI, I downloaded the cert from (https://www.jtexpress.my/rates.php) via this way.
Thanks.
Released the courier-middleware-beta version (bypass SSL cert checking), may refer to the Wiki for test step
@yzl2250
Where is your code that you have commited. I don't see it in the current github repository.
@yzl2250
Share your code over the main branch by pushing you code. BTW, I have come out with the patch to fix your docker image using automatically download the intermediate certificate.
@chunyeow I've committed my code. Thanks for the patch fix.
The following error due to the intermediate certificate not properly installed in J&T website. How are you going to bypass this checking to solve this issue in your code?
{"unifiedRateDataList":[{"courier":"J&T Express","error":"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"},{"courier":"CityLink Express","rate":13}]}
Any better alternative to this?