SSL handshake exceptions for HTTPS links about linter HOT 4 CLOSED

This doesn't occur for all HTTPS. A number of sites are working properly.

Verisign works fine:
https://www.verisign.com/ { PARSE OK: true ALIASES: NONE DEST URL: https://www.verisign.com/ PAGE TITLE: VeriSign Authentication Services - The leading Provider of SSL. Products include SSL, SSL Certificates, Extended Validation (EV SSL), VeriSign Trust Seal, Malware Scan & Code Signing. DESCRIPTION: VeriSign Authentication Services provides solutions that allow companies & consumers to engage in communications & commerce online with confidence. VeriSign Authentication Services include SSL Certificates, Extended Validation SSL, two-factor authentication, identity protection, code signing & public key infrastructure (PKI). FAV ICON: https://cdn.verisign.com/authweb/global/assets/shared/images/favicon.ico PROVIDER NAME: verisign.com PROVIDER URL: https://www.verisign.com } in 1.0000 s

This sketchy website does not:
https://www.mediaoffer.nl/ { PARSE OK: false PARSE ERROR: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ALIASES: NONE DEST URL: https://www.mediaoffer.nl/ PAGE TITLE: null DESCRIPTION: null FAV ICON: null PROVIDER NAME: mediaoffer.nl PROVIDER URL: https://www.mediaoffer.nl } in 0.0000 s

An explanation of this error:
"This simply means that the web server or the URL you are connecting to does not have a valid certificate from an authorized CA."
http://www.java-samples.com/showtutorial.php?tutorialid=210

I don't know a ton about certificates and CAs, but this certificate appears valid in Chrome, so maybe Java just doesn't know where to get it. Digging around online, I've seen a ton of examples that involve manually downloading and installing missing certificates into the keystore. Possibly we just need to connect to a different CA? Not totally clear on this.

Super Easy Solution
By far the easiest solution is to just trust all certificates:
http://exampledepot.com/egs/javax.net.ssl/TrustAll.html

We're not transferring anything secret, so I don't really see a downside to this method.

from linter.

Using InstallCert Java app:
http://nodsw.com/blog/leeland/2006/12/06-no-more-unable-find-valid-certification-path-requested-target

from linter.

Confirmed. -- Just trust all of the content right now.

My only forward-looking thought is to try and replicate Embedly's "safe" value, which is intended to indicate which sites are safe or not. Looking at SSL stuff might be part of that algorithm, but it doesn't matter because we have no use for that right now or anytime in the near future.

from linter.

Accepting all certificates, verified output of sketchy website:

https://www.mediaoffer.nl/ { PARSE OK: true ALIASES: NONE DEST URL: https://www.mediaoffer.nl/ PAGE TITLE: Playstation 3, Xbox 360, PC, Wii, PSP, Nintendo DS games en Blu-ray films | Mediaoffer DESCRIPTION: Bij Mediaoffer kunt u terecht voor Playstation 3 games, Xbox 360 games, PC games, Wii games, PSP games, Nintendo DS games, Blu-ray films en Accessoires. Mediaoffer: De beste games tegen de laags FAV ICON: https://www.mediaoffer.nl/favicon/favicon.ico PROVIDER NAME: mediaoffer.nl PROVIDER URL: https://www.mediaoffer.nl } in 2.0000 s

from linter.