PKIX path building failed: unable to find valid certification path to requested target - imported CERT
Question
I am trying to use get request on site with REST API. However the link to acces it is an IP address and I am getting the:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
When I use the same exact link in browser, it works.
How can I solve this issue?
Below is my code:
public static void main(String[] args) {
System.getProperties().put( "proxySet", "true" );
System.getProperties().put( "socksProxyHost", "xxx.xxx.xxx.xxx" );
System.getProperties().put( "socksProxyPort", "xxxx" );
URL requestLink = ismTicketManager.UrlEncode.convertToURLEscapingIllegalCharacters("https://xx.xx.xx.xx/e/528f5016-6fd9-403f-85e4-5a54bb2498b9/api/v1/problem/feed?relativeTime=30mins&Api-Token=xxxxx");
try {
HttpURLConnection targetConn = (HttpURLConnection)requestLink.openConnection();
targetConn.setRequestMethod("GET");
System.out.println(targetConn.getResponseCode());
} catch (Exception e) {
e.printStackTrace();
System.out.println("Connection failed");
}
static {
HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> hostname.equals("127.0.0.1"));
}
}
I exported the cert from firefox and imported it into the cacerts file: The cacerts file list looks like this:
restapi, 25-Sep-2018, trustedCertEntry, Certificate fingerprint (SHA1): AB:6D:C6:2E:9F:B3:D9:48:1E:A9:84:AA:DD:03:64:1D:7C:08:42:CE
How can I solve this?
EDIT: Solved thanks to Guillaume. My problem was that I have program files/JDK and program files/JRE. I was importing into the cacerts file in JDK, while eclipse was using the JRE. This was discovered thansk to the -Djavax.net.debug=ssl VM argument.
Also the IP in :
static {
HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> hostname.equals("10.31.17.38"));
}
should be equal to the one in the variable requestLink that I am using. In fact when I did not do this, I got an error telling me exactly that.
1 answers
solution1
0 ACCPTED 2018-09-25 12:50:05
It could be that the website does not send the full certification path (including the root). Try adding this VM option: -Dcom.sun.security.enableAIAcaIssuers=true
When launching the Java program from command line, your command should look like that (as explained in the Oracle doc )
java -Dcom.sun.security.enableAIAcaIssuers=true <Main Class>
When launching from Eclipse the option should be added under "VM Arguments:"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.