Authorize.net updated their production certificates, and now our SSL code is generating the following exception:
Exception javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
According to this blog post from Authorize.net , we need to install new root certs on our server. We did this, but the exception persists. So now the suspicion is that new certs weren't installed to the right keystore. How do we see which keystore is being used by the code?
Here's the code below:
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) factory.createSocket(addr,443);
And yes, we should use Stripe instead, but this site was built long before Stripe came around. :(
Solution is to add that certificate to java cacerts file so that it got permanently accepted.
Step 1 : Get root certificate of https://www.wikipedia.org (or any url you want to access)
Thats it! you got your root certificate!
Step 2 : Get that certificate added to java cacerts file.
keytool –import –noprompt –trustcacerts –alias ALIASNAME -file /PATH/TO/YOUR/DESKTOP/CertificateName.cer -keystore /PATH/TO/YOUR/JDK/jre/lib/security/cacerts -storepass changeit
That is it! you got your problem resolved.
PLEASE NOTE
Do confirm that the jre which is giving you this PKIX error(JRE used by KAFKA) that is where you are performing STEP 2. If you would try with another jre problem would be as it is.
Do use only one jre which is inside JDK it decreases chance to have issues.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.