Getting error: PKIX path building failed: unable to find valid certification path to requested target
Question
I'm trying to send a xml to another system via web service. But while trying to send i'm getting the following error. I've installed the certificate they gave to me. but still its not working.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
3 answers
solution1
4 2013-06-30 18:19:10
There are two possible sources for this error:
- either the opposite side is using genuinely untrusted certificate (self-signed or signed by untrusted CA),
- or the opposite side is not sending certificate validation chain (eg there is intermediate signing certificate along the way to your trusted CA, but this ceriticate is not present in the SSL handshake).
Solution for the first case is to add the untrusted CA (or the ceriticate itself) to your JRE truststore ( ${java.home}/lib/security/cacerts ) or better - create your own truststore (which will not get removed when upgrading Java) and provide that to your application via javax.net.ssl.trustStore JVM property.
Solution for the second case is either to go with the first case solution or better - convince the opposite side to send correct certificate chain.
solution2
0 2015-12-21 18:24:11
Add certificate to JRE truststore @ ${java.home}/lib/security/cacerts OR if you have your own trustStore & provide path to that in your application/JVM. For example one possible way could be
or via java code
import java.util.Properties;
...
Properties systemProps = System.getProperties();
systemProps.put("javax.net.ssl.keyStorePassword","passwordForKeystore");
systemProps.put("javax.net.ssl.keyStore","pathToKeystore.ks");
systemProps.put("javax.net.ssl.trustStore", "pathToTruststore.ts");
systemProps.put("javax.net.ssl.trustStorePassword","passwordForTrustStore");
System.setProperties(systemProps);
...
For more refer to details on RedHat site
May be it will help refer to question
solution3
0 2020-10-08 10:45:40
I have got this same problem now in 2020 so thought it might be helpful for someone who is facing this issue.
You can use below handshake method code before you are invoking the secure API -
public static void handshakeHttps() throws NoSuchAlgorithmException, KeyManagementException{
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}
};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
}
Let me know if after using this the issue persists.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.