Resolving Java SSLHandshakeException When Accessing an HTTPS PDF API

In the morning the author discovered that a third‑party interface used to fetch a PDF file started failing with an javax.net.ssl.SSLHandshakeException because the JVM did not trust the new HTTPS certificate.

The stack trace shows the handshake failure, and the root cause is that the default trust store does not contain the target site’s certificate after the provider switched from HTTP to HTTPS.

First solution (Attempt 1) uses the classic InstallCert.java utility: compile it with javac InstallCert.java , run java InstallCert www.example.com to generate a jssecacerts file, and place it into the JDK’s lib/security directory.

Because this approach is cumbersome for Docker or production environments, the author explored two alternative methods (Attempt 2): setting the system property javax.net.ssl.trustStore to the path of the generated keystore, or passing -Djavax.net.ssl.trustStore=… -Djavax.net.ssl.trustStorePassword=changeit on the JVM start‑up.

Both alternatives failed due to path, permission, or priority issues, prompting a third approach (Attempt 3) that disables certificate validation entirely by creating a custom TrustAnyTrustManager and TrustAnyHostnameVerifier , installing them into an SSLContext , and using the resulting HttpsURLConnection to read the PDF stream.

The final code snippet shows how to open the connection, bypass verification, read the input stream into a PdfReader , and close resources, providing a quick but insecure fix for the specific PDF‑fetching use case.