Box JDK And SSL Troubleshooting

I'm writing this and trying to be fairly specific as I can in the hopes that it saves some people out there some time.

There are a number of articles and threads regarding the Box JDK having connection issues but I thought I would write something with very specific steps that I took to get through this. As we all know, connection issues can be a pain when first moving a custom Java component to a new system/environment. To be honest, I am not an expert in SSL configuration but I have had to get up to speed when SSL connection errors occur. (just enough to solve my issue..not enough to make me an SSL ninja) My personal observations and experience is on a personal or sandbox workstation the configuration is often as such these errors don't come up. In more restrictive environments, I have encountered SSL challenges. That said, the error that comes up looks like:

com.box.sdk.BoxAPIException: Couldn't connect to the Box API due to a network error...
...
...
Caused By: javax.net.ssl.SSLHandshakeException...
Exception: PKIX path building failed...
BuilderException: unable to find valid certification path to requested target...
...

I had to monkey around for awhile and do much reading but the two main reasons I could come up with for this error on my system were either 1) a firewall (local or external) was blocking access to the Box API (api.box.com, app.box.com) OR 2) on this particular system I needed to import an SSL certificate into my local java truststore.

The following might not be your case but it was mine. I figured that I can save you some time right away and give you the specific steps then you can either have the issue fixed or at least fail quickly and try something else.

That said, to rule out 1) I found it easy to download and install the Box CLI (as I was running windows) configure it with an API key and perform some simple operations. For example I simply tried a couple of basic commands (e.g. "box folders list-items 0", "box users list"). That seemed to work and was quick-and-easy. OK so no firewall issues then.

For 2) I had to do a little more reading and playing around (remember, I'm not an SSL genius) but what I specifically did was the following:

• Opened a browser and went to https://apps.box.com, checked that the cert was *.box.com and downloaded it
• Opened a command window (remember that I am using Win) and imported this cert into my trust store using the command

{JAVA_HOME}\bin\keytool.exe -importcert -keystore cacerts -file {path to your downloaded Box cert}
Note that a) in Windows you might need to run the command window as administrator and b) I was using the default settings for the truststore that were installed with the JRE, for example the truststore file "cacerts"

• I was asked for the truststore password (in my case was the JRE default of "changeit"), then typed "y" to confirm
• The cert was imported successfully

It was after the above set of steps that my issue went away.(oh happy days!) Again, because I hadn't had to import the cert into my other environments, it wasn't clear to me why I had to do this. Hope this helps and good luck!