How can I call an api endpoint using a public certificate using lambda function java

Question

I Have a aws lambda function built in java.

When i try to call one api endpoint i get this error:

"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".

I tried to import the public certificate CRT but not worked:

 - echo "Install My certificates"
      - aws s3 cp s3://myrepositoria/mycacert.crt 
      - cp mycacert.crt  /usr/local/share/ca-certificates/mycacert.crt
      - ls /usr/local/share/ca-certificates/
      - keytool -import -noprompt -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -alias mycacert -file /usr/local/share/ca-certificates/mycacert.crt -storepass changeit
      - update-ca-certificates
      - apt-get install jq

But I get error when I call an api endpoint.

Answer 1

There are multiple errors in your command. First is that you can only write to /tmp in an AWS Lambda by default. So start with:

- echo "Install My certificates"
  - aws s3 cp s3://myrepositoria/mycacert.crt /tmp/mycacert.crt

Then, following this answer , you'll need to change your code to use the certificate store in /tmp instead of the default. Note that a quick check to see if your custom store is there could be an optimization in case of a warm Lambda start.

Lastly, you're not on Ubuntu/Debian. apt-get will not work. To install jq , instead run yum install jq