PKIX 路径构建在 Eclipse 中失败

Question

i'm working with Liferay and i'm using eclipse, and running a client/server model, using an encrypted socket (SSL).

Currently, my application is running the client/server connection ok when I run the application in batch mode but when i try to start the server in Eclipse the application is giving me error

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

I already use the InstallCert.java and copy the jssecacerts into

%JAVA_HOME%/jdk_version/jre/lib/security

but is still giving me errors. I've also checked the certificate (keytool -v -list) and installed manually in the root CAs trusted. What can be the problem? Thanks!

Answer 1

Please refer this answer for your reference.

No need of passing any VM arguments after you successfully installed certificate of the site which is giving you PKIX error!

But key is to find JRE which is giving you this error! So make sure about 2 things:

1. you install certificate to cacerts file of JRE which Eclipse is using
2. certificate is root certificate

Answer 2

在eclipse中运行时，尝试在VM参数中传递certifacate路径

-Djavax.net.ssl.trustStore="PATH_TO_jssecacerts"

Answer 3

tried and tested method. if you face this certificate issue with eclipse plugin installation do below steps:

1. note the url of the plugin site you are facing issue.

2. hit that url in browser.

3. go to lock symbol on left side and click to view certificate

4. go to details and do file export in Base 64.

5. better to save cert in eclipse directory.

6. open cmd with administrator

7. go to jdk directory you are using to run eclipse and find keytool

8. run below command keytool -keystore ..\lib\security\cacerts -import -alias example2 -file <path_to_expotrted cert in step 4> use password - changeit

9. go to eclipse.ini and add below commands -Djavax.net.ssl.trustStore=C:\Program Files\Java\jdk-11\lib\security\cacerts

10. make sure to restart eclipse after every plugin site certificate added to keystore.

Answer 4

SOLVED: Certificate issue with eclipse plugin installation Follow these steps:

Understand eclipse uses JRE certs to connect. So you need to add your plugin(website) certificates to JRE/lib/security/cacerts

1. Open the URL or your plugin in browser and click below

Link Open

Get Certificate

Download

Save

Save it as .cer file

2. Goto your JRE path: C:\Program Files (x86)\Java\jre1.8.0_333\lib\security and open command promt here and enter the command keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias marketPlaceAPI -file "C:\Users**\Downloads\Programs\marketPlaceAPI.cer"

Enter Keystore command

3. Goto your Eclipse Ini file: and under -VmArgs add Update Eclipse.ini file

This is all, your certificates are added in JRE and in eclipse you have said to use these certs.

Answer 5

I have solved this issue in my eclipse after struggling for almost a day. Please find solution here https://stackoverflow.com/a/73034945/7611709