PKIX path building failed error persists on Oracle JDK

Question

The problem

EDIT : The first version of this question gave the impression that my problem had something to do with Maven. I rephrased to put more focus on the JDK.

I get the sun.security.provider.certpath.SunCertPathBuilderException: PKIX path building failed when trying to contact any SSL-enabled service using Java. Answers to other relevant questions did not stop the error for me.

The error appears both with any Maven task, such as below...

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-clean-plugin:2.5:clean (default-clean) on project foundation-ddl: Execution default-clean of goal org.apache.maven.plugins:maven-clean-plugin:2.5:clean failed: Plugin org.apache.maven.plugins:maven-clean-plugin:2.5 or one of its dependencies could not be resolved: Failed to collect dependencies at org.apache.maven.plugins:maven-clean-plugin:jar:2.5 -> org.apache.maven:maven-plugin-api:jar:2.0.6: Failed to read artifact descriptor for org.apache.maven:maven-plugin-api:jar:2.0.6: Could not transfer artifact org.apache.maven:maven-plugin-api:pom:2.0.6 from/to example (https://example.com/artifactory/repo/): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]

...Or if I execute a jar that contacts a SSL service

$ java -jar atlassian-bamboo-agent-installer-5.9.7.jar http://...

INFO   | jvm 1    | 2016/03/09 10:59:21 | 2016-03-09 10:59:21,381 FATAL [WrapperSimpleAppMain] [AgentBootstrap] Exiting due to fatal exception.
INFO   | jvm 1    | 2016/03/09 10:59:21 | javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at com.atlassian.bamboo.agent.bootstrap.AgentContext.initFingerprint(AgentContext.java:118)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at com.atlassian.bamboo.agent.bootstrap.AgentContext.initServerSession(AgentContext.java:103)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at com.atlassian.bamboo.agent.bootstrap.AgentContext.run(AgentContext.java:94)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at com.atlassian.bamboo.agent.bootstrap.AgentBootstrap.run(AgentBootstrap.java:95)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at com.atlassian.bamboo.agent.bootstrap.AgentBootstrap.main(AgentBootstrap.java:41)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at java.lang.reflect.Method.invoke(Method.java:498)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:240)
INFO   | jvm 1    | 2016/03/09 10:59:21 |   at java.lang.Thread.run(Thread.java:745)
INFO   | jvm 1    | 2016/03/09 10:59:21 | Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

What I tried

1. These answers to: Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
   • https://stackoverflow.com/a/9619478/394397
   • https://stackoverflow.com/a/12524960/394397
2. I used InstallCert to visit the hosts on which I get the exception, and I added the certificates to the trust store successfully. To verifiy, IntelliCert prints No errors, certificate is already trusted , but that didn't stop the error.
3. The fact Step 2 didn't stop the error made me think (in the Maven case) that Maven was using a different truststore. I used the answer to ' How to change maven java home ' to make sure Maven was at least using the same Java instance I was thinking about (which is in Oracle JDK 1.8). This didn't change anything, so I'm now looking at the JDK.

The well-known ways to fix this issue don't seem to work. How can I stop the error, fix my JDK and finally use SSL-enabled services again?

Answer 1

After futile investigation I ended up purging and reinstalling the JDK, which resolved the issue. The version of the JDK did not change. For those of you reaching this page for this issue via Google, just do that and save yourself the dread.

Answer 2

You should check JDK version you are using and install the Intermediate certificates as well as CAs (if it is self signed or internal signed ) into the JDK which maven is using. I think that resolve the problem.

removing ~/.m2/repository should not be the reason. make sure the has not changed the Certificate Recently.

You could even use the following maven options to locate your trust store and keystore.

MAVEN_OPTS="-Xmx512m -Djavax.net.ssl.trustStore=trust.jks \
                     -Djavax.net.ssl.trustStorePassword=  \
                     -Djavax.net.ssl.keyStore=/home/directory/mycertificate.p12 \
                     -Djavax.net.ssl.keyStoreType=pkcs12 \
                     -Djavax.net.ssl.keyStorePassword=XXXXXX"

Please refer to below URL it's good guide for Maven SSL configuration

https://maven.apache.org/guides/mini/guide-repository-ssl.html