Stop Apache Commons VFS from trying to use SSL

Question

I am trying to get data from the http://openexchangerates.org API using Apache Commons VFS. I am getting errors that imply that it is trying to use SSL validation - not something I have available via my plan with the website. Is there a way that I can 'force' VFS to use http rather than https?

The pertinent points of the huge stack trace are included below - more info can be provided if required:

org.apache.commons.vfs2.VFS.getManager().resolveFile("http://openexchangerates.org/api/latest.json?api_id=MY_APP_ID")
org.apache.commons.vfs2.FileSystemException: Could not connect to HTTP server on "openexchangerates.org".

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Answer 1

The website sends a redirect to the https version. It therefore does not support http. The http client will follow this redirect automatically and you need to configure it for proper verification.

Here is, how I checked this:

$ curl -v http://openexchangerates.org/api/latest.json?api_id=MY_APP_ID
* Connected to openexchangerates.org (185.24.96.251) port 80 (#0)
> GET /api/latest.json?api_id=MY_APP_ID HTTP/1.1
> User-Agent: curl/7.30.0
> Host: openexchangerates.org
> Accept: */*

< HTTP/1.1 301 Moved Permanently
< Date: Mon, 05 Jan 2015 23:37:18 GMT
< Server: Apache
< Location: https://openexchangerates.org?missing_app_id=true