stackoom
  简体   繁体   中英

SSLHandshakeException: PKIX path building failed with Unable to find certificate chain

 原文  2019-03-18 12:37:40       java/ ssl/ https/ ssl-certificate/ ssrs-2016

Question

I am trying to Connect SSRS ReportServer with HTTPS Protocol from Java Client it's giving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain But I have added the certificate in Java Keystore, It the keystore the certificate is showing with the defined alias name. But Same SSRS Request call is working with HTTP Protocol. Note: We are using a wildcard certificate from Go-Daddy for secure communication

2 answers

solution1
 0  2019-03-18 12:54:26

When you got your certificate, there should have been a p7b (possibly) included with it.

Essentially, when GoDaddy issues a certificate, they are not issued from the root directly.

Most likely you have one issued from an intermediate authority.

You can get the intermediate certificates at https://ssl-ccp.godaddy.com/repository?origin=CALLISTO

The certificate chain needs to be appended to the actual certificate and imported on the server .

The PEM file containing the cert being imported should look like: 

<actual certificate>
<intermediate certificate>
[<intermediate certificate> ...]

After that you shouldn't have a need to do anything else on the client.

EDIT

After re-reading my answer, I realized there may be a little bit of vagueness with regard to the process. So in efforts to bring this more full cycle here we go.

  1. Generate keypair / self-signed certificate as say PKCS#12 container.
  2. Create PKCS#10 certificate signing request to send to GoDaddy of above certificate.
  3. GoDaddy returns signed X.509 Certificate (typically with instructions on how to install it).
  4. Taking the certificate (assuming PEM format) and concatenate the issuance chain from https://ssl-ccp.godaddy.com/repository?origin=CALLISTO and import that back into the PKCS#12 from step 1.
  5. Assign the PKCS#12 as the TLS certificate store on the SSRS server.

solution2
 0  2019-03-18 15:06:26

Can you verify that the certificate is added to 'Java Truststore' and not Keystore (although both have .jks extension). Have a look at this https://docs.oracle.com/cd/E19830-01/819-4712/ablqw/index.html

Keystore file, keystore.jks, contains the Application Server's certificate, including its private key

Truststore file, cacerts.jks, contains the Application Server's trusted certificates

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SSLHandshakeException: PKIX path building failed SSLHandshakeException: PKIX path building failed SunCertPathBuilderException: unable to find valid certification path to requested target PKIX path building failed SSLHandshakeException with Maven SSLHandshakeException: PKIX path building failed. Even after i imported the certificate PKIX path building failed, but the certificate is in cacerts PKIX path building failed:certificate missing Jarsigner - This jar contains entries whose certificate chain is invalid. Reason: PKIX path building failed: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: even i have created the certificate PKIX path building failed: HTTPS client unable to connect - PKIX path building failed but root certificate exists
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM