SunCertPathBuilderException: Unable To Find Valid Certification Path To Requested Target
If you are getting given below exception means, the web server or the URL you are connecting to does not
have a valid certificate from an authorized CA. This page shows how to create trusted key store to solve this issue.
stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
|
Download InstallCert.java
utility from Sun to add the server's certificate to the KeyStore.
Compile InstallCert.java class with below command which will create .class files.
Run InstallCert class, with your domain name, and press enter whenever asked for your input. It will add your requested domain as a
trusted keystore, and generate a file called “jssecacerts“.
java2novice$ java InstallCert java2novice.com
Loading KeyStore /System/Library/Java/1.6.0.jdk/Contents/Home/lib/security/jssecacerts...
Opening connection to java2novice.com:443...
Starting SSL handshake...
No errors, certificate is already trusted
Server sent 2 certificate(s):
1 Subject CN=ssl2000.cloudflare.com, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
Issuer CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE
sha1 d6 1f 75 62 67 69 84 1f a4 11 2f bb 03 54 1e 69 61 fa a1 44
md5 74 ea 58 4a b4 18 0c e1 49 88 41 af da aa 24 f5
2 Subject CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE
Issuer CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
sha1 b9 ee 85 a1 0f d4 95 d9 94 ed 63 48 8a b7 4a 18 cb 8e 6b fa
md5 65 0b ea 04 19 77 80 e1 d0 0d 24 e8 dc 91 8a 15
Enter certificate to add to trusted keystore or 'q' to quit: [1]
[
[
Version: V3
Subject: CN=ssl2000.cloudflare.com, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 2179868001399023805459918262369683288759968738161675086787035351459308361569
0848128614148800516266117861476569092228184059858512948084597947022064397470961865426
5709093760956491035507206546276252079445480637447514706144335766963539775883217053028
8336281374967114263789122050850943794555550357063117832790364999469581394805178938336
7895671962297745636099733952604087823150583081869745154258907544337212909687469590104
3495194282786962163448293902587249949549135196299458174805288635293859700341919156306
6529003955759798179643374460421445042457639539925484347078017019281173886896460000580
2425952553955070116331017958471
public exponent: 65537
Validity: [From: Sat Oct 11 15:38:15 GMT+05:30 2014,
To: Mon Oct 12 15:38:15 GMT+05:30 2015]
Issuer: CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE
SerialNumber: [ 11219734 823ff1f5 54008b32 1506c7e6 9993]
Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://secure.globalsign.com/cacert/gsorganizationvalg2.crt,
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp2.globalsign.com/gsorganizationvalg2]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 5D 46 B2 8D C4 4B 74 1C BB ED F5 73 B6 3A B7 38 ]F...Kt....s.:.8
0010: 8F 75 9E 7E .u..
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.com/gs/gsorganizationvalg2.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.2]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&https://www.gl
0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep
0020: 6F 73 69 74 6F 72 79 2F ository/
]] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: ssl2000.cloudflare.com
DNSName: cloudflare.com
DNSName: *.cloudflare.com
]
[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 1F A5 37 C4 B2 08 68 FB FC BD CA 75 67 38 BA 8C ..7...h....ug8..
0010: 5B 4D 6B DE [Mk.
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 4B E2 35 E5 F1 42 FE B3 1D B4 6C FC 08 66 6E D7 K.5..B....l..fn.
0010: 49 0D A8 8D 65 57 BA 44 5D B4 0A 73 DE BF E5 F8 I...eW.D]..s....
0020: 1F C5 D5 C2 16 BC D0 68 0D A9 D5 02 04 8B 90 64 .......h.......d
0030: 82 7E 2F B9 41 34 CC 40 02 9F 97 B8 25 BF E0 5F ../[email protected]%.._
0040: 79 F5 94 2D 02 C6 64 88 56 8C 51 FE CD 23 B0 69 y..-..d.V.Q..#.i
0050: 97 AD 56 D7 96 90 3D 5A 65 B7 5F 04 90 CA 42 7F ..V...=Ze._...B.
0060: 70 81 5C 50 AA 27 C4 7F A0 98 A5 CC 94 5D 87 46 p.\P.'.......].F
0070: D0 DB 22 0B E8 80 C8 1B F6 C2 67 D1 97 87 D4 CA ..".......g.....
0080: 04 A2 42 E8 C5 33 B1 FD 46 33 38 A2 87 2B 60 FF ..B..3..F38..+`.
0090: 9D 74 76 78 34 37 0A 75 FE AF B4 5E 2A 0E B3 1A .tvx47.u...^*...
00A0: 4E A7 7A 97 D8 B9 C2 FD D6 AD 8E C1 08 1E D8 C8 N.z.............
00B0: AF C2 E7 65 9A 23 87 74 46 D9 CB 8C 4D 2D E7 E5 ...e.#.tF...M-..
00C0: F8 B0 C5 7A 76 F4 68 3F 16 A9 13 5C 77 D6 06 07 ...zv.h?...\w...
00D0: 73 67 BC 03 F0 D0 0F C5 A9 34 DC 09 43 8D 0B 61 sg.......4..C..a
00E0: 5C 49 F8 63 00 7F 73 C0 A3 2A A9 FE AF BE E8 E2 \I.c..s..*......
00F0: 9B CB 9B E2 44 6C 92 ED 28 36 98 6C D9 94 2F 16 ....Dl..(6.l../.
]
Added certificate to keystore 'jssecacerts' using alias 'java2novice.com-1'
java2novice$
|
Move jssecacerts file to $JAVA_HOME\jre\lib\security folder. Now your problem is solved, you no more get this
exception again.
|