stackoom
  简体   繁体   中英

Getting PKIX path build failure for aws com.amazonaws.SdkClientException

 原文  2020-06-22 09:55:35       java/ amazon-web-services/ amazon-s3/ sdk

Question

While I am trying to upload an object to the S3 bucket from java using Eclipse. I am getting below exception

com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Please refer the link from which I have taken and execute the sample code

https://docs.aws.amazon.com/AmazonS3/latest/dev/UploadingObjects.html

Any help on this will be appriciated.

2 answers

solution1
 1  2020-06-25 12:21:51

I'm having the same issue. I seen on other posts (examples include forums.aws.amazon.com/thread.jspa?threadID=290003 and github.com/aws/aws-sdk-java/issues/1757 ), that adding JDKs CACERTS to the eclipse.ini file has worked. I have a Public S3 bucket and an IAM user with Admin rights, to ensure permissions were not causing this.

This is still an ongoing issue for me, but one of these may fix your issue uddeshya pratik

solution2
 0  2022-06-20 18:17:36

I faced the same issue with Eclipse with AWS Java SDK 2 to execute the AWS Java SDK sample codes from AWS SDK documentation. Here are the things I found. Newer Java versions have Amazon Root CA already in JDK truststore.

After troubleshooting the Application with with Parameter -Djavax.net.debug=all , or -Djavax.net.debug=ssl by passing vmargs in Run configurations, it was throwing an exception from the Intermediate Root CA from ZScalar certificate. JDK truststore does not have that Intermediate Root CA.

Then I went to ZScaler website to download their root, and intermediate CA from the URL. Here are the certificates that I downloaded. Add them to JDK truststore using the following command.

I have added root as well intermediate CA certificates from ZScaler, and then Eclipse Java Application with AWS Java SDK worked well without giving any errors.

Summary is: Sometimes the problem is with Intermediate Root CAs that are not added to JDK trust store by default.

keytool -import -alias zscaler-int-ca1 -file zscaler-ca1.cer -keystore $JAVA_HOME/lib/jre/security/cacerts

keytool -import -alias zscaler-root-ca1 -file zscaler-ca2.cer -keystore $JAVA_HOME/lib/jre/security/cacerts

Zscaler website URL to get CA

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Upgraded aws.java.sdk.version from 1.11.510 to 1.11.825 , now getting error - com.amazonaws.SdkClientException: Failed to connect to service endpoint com.amazonaws.SdkClientException : Unable to execute HTTP request: sts.amazonaws.com in GetSessionToken com.amazonaws.SdkClientException: Data read has a different length than the expected Error when running application - "|WARN|Fail to retrieve token com.amazonaws.SdkClientException: Failed to connect to service endpoint:" SQS Java client exception - com.amazonaws.SdkClientException: Unable to execute HTTP request: Permission denied: connect Why this error? Connect to sts.amazonaws.com:443 [sts.amazonaws.com/54.239.29.25] failed: connect timed out: com.amazonaws.SdkClientException Error while token management process in lambda (Java runtime) “Unable to load credentials from service endpoint: com.amazonaws.SdkClientException” getting PKIX path build failed AWS Java SDK PKIX path building failed Maven build issue: PKIX path building failed
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM