Hi Arne,

As you and Brian noted, the web server seems to have an expired certificate. When it's trying to establish a secure connection, the Java code won't use any exceptions that you've made in your web browser.

If it's not practical to replace the expired certificate and you want to accept any certificate that the web server presents, you'll need to make Java use a different X509TrustManager.

Here are the basic steps that I think would be required:

1. Create a new class called AcceptAllCertsProtocolSocketFactory, based on org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory. Its source is included in the LabKey Java API source code.
2. Create a new class called AcceptAllCertsTrustManager that implements javax.net.ssl.X509TrustManager and has the following methods:

                        public java.security.cert.X509Certificate[] getAcceptedIssuers()
                        {
                            return new java.security.cert.X509Certificate[0];
                        }

                        public void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates, String string)
                        {}

                        public void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates, String string)
                        {}

3. Modify AcceptAllCertsProtocolSocketFactory to use AcceptAllCertsTrustManager instead of EasyX509TrustManager.
4. Create your org.labkey.remoteapi.Connection.
5. Call setAcceptSelfSignedCerts(false) on it to unregister the SSL configuration that it has done by default.
6. Call org.apache.commons.httpclient.protocol.Protocol.registerProtocol("https", new Protocol("https", (ProtocolSocketFactory)(new AcceptAllCertsProtocolSocketFactory ()), 443)); to make your code use your custom trust manager.

I haven't verified that this exact code works, but I've done the same thing in other scenarios. Note that this completely disables one of the big security benefits of SSL, so use it very cautiously.

Thanks,
Josh