JAVA EXAMPLE PROGRAMS

JAVA EXAMPLE PROGRAMS
Publish Your Article Here

SunCertPathBuilderException: Unable To Find Valid Certification Path To Requested Target


If you are getting given below exception means, the web server or the URL you are connecting to does not have a valid certificate from an authorized CA. This page shows how to create trusted key store to solve this issue.

stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
	PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: 
	unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)

Download InstallCert.java utility from Sun to add the server's certificate to the KeyStore.

Compile InstallCert.java class with below command which will create .class files. 

javac InstallCert.java

Run InstallCert class, with your domain name, and press enter whenever asked for your input. It will add your requested domain as a trusted keystore, and generate a file called “jssecacerts“.

java2novice$ java InstallCert java2novice.com
Loading KeyStore /System/Library/Java/1.6.0.jdk/Contents/Home/lib/security/jssecacerts...
Opening connection to java2novice.com:443...
Starting SSL handshake...

No errors, certificate is already trusted

Server sent 2 certificate(s):

 1 Subject CN=ssl2000.cloudflare.com, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
   Issuer  CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE
   sha1    d6 1f 75 62 67 69 84 1f a4 11 2f bb 03 54 1e 69 61 fa a1 44 
   md5     74 ea 58 4a b4 18 0c e1 49 88 41 af da aa 24 f5 

 2 Subject CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE
   Issuer  CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
   sha1    b9 ee 85 a1 0f d4 95 d9 94 ed 63 48 8a b7 4a 18 cb 8e 6b fa 
   md5     65 0b ea 04 19 77 80 e1 d0 0d 24 e8 dc 91 8a 15 

Enter certificate to add to trusted keystore or 'q' to quit: [1]


[
[
  Version: V3
  Subject: CN=ssl2000.cloudflare.com, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 2179868001399023805459918262369683288759968738161675086787035351459308361569
  0848128614148800516266117861476569092228184059858512948084597947022064397470961865426
  5709093760956491035507206546276252079445480637447514706144335766963539775883217053028
  8336281374967114263789122050850943794555550357063117832790364999469581394805178938336
  7895671962297745636099733952604087823150583081869745154258907544337212909687469590104
  3495194282786962163448293902587249949549135196299458174805288635293859700341919156306
  6529003955759798179643374460421445042457639539925484347078017019281173886896460000580
  2425952553955070116331017958471
  public exponent: 65537
  Validity: [From: Sat Oct 11 15:38:15 GMT+05:30 2014,
               To: Mon Oct 12 15:38:15 GMT+05:30 2015]
  Issuer: CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE
  SerialNumber: [    11219734 823ff1f5 54008b32 1506c7e6 9993]

Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: 1.3.6.1.5.5.7.48.2
   accessLocation: URIName: http://secure.globalsign.com/cacert/gsorganizationvalg2.crt, 
   accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp2.globalsign.com/gsorganizationvalg2]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 5D 46 B2 8D C4 4B 74 1C   BB ED F5 73 B6 3A B7 38  ]F...Kt....s.:.8
0010: 8F 75 9E 7E                                        .u..
]

]

[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.globalsign.com/gs/gsorganizationvalg2.crl]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.23.140.1.2.2]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 26 68 74 74 70 73 3A   2F 2F 77 77 77 2E 67 6C  .&https://www.gl
0010: 6F 62 61 6C 73 69 67 6E   2E 63 6F 6D 2F 72 65 70  obalsign.com/rep
0020: 6F 73 69 74 6F 72 79 2F                            ository/

]]  ]
]

[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: ssl2000.cloudflare.com
  DNSName: cloudflare.com
  DNSName: *.cloudflare.com
]

[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 1F A5 37 C4 B2 08 68 FB   FC BD CA 75 67 38 BA 8C  ..7...h....ug8..
0010: 5B 4D 6B DE                                        [Mk.
]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 4B E2 35 E5 F1 42 FE B3   1D B4 6C FC 08 66 6E D7  K.5..B....l..fn.
0010: 49 0D A8 8D 65 57 BA 44   5D B4 0A 73 DE BF E5 F8  I...eW.D]..s....
0020: 1F C5 D5 C2 16 BC D0 68   0D A9 D5 02 04 8B 90 64  .......h.......d
0030: 82 7E 2F B9 41 34 CC 40   02 9F 97 B8 25 BF E0 5F  ../[email protected]%.._
0040: 79 F5 94 2D 02 C6 64 88   56 8C 51 FE CD 23 B0 69  y..-..d.V.Q..#.i
0050: 97 AD 56 D7 96 90 3D 5A   65 B7 5F 04 90 CA 42 7F  ..V...=Ze._...B.
0060: 70 81 5C 50 AA 27 C4 7F   A0 98 A5 CC 94 5D 87 46  p.\P.'.......].F
0070: D0 DB 22 0B E8 80 C8 1B   F6 C2 67 D1 97 87 D4 CA  ..".......g.....
0080: 04 A2 42 E8 C5 33 B1 FD   46 33 38 A2 87 2B 60 FF  ..B..3..F38..+`.
0090: 9D 74 76 78 34 37 0A 75   FE AF B4 5E 2A 0E B3 1A  .tvx47.u...^*...
00A0: 4E A7 7A 97 D8 B9 C2 FD   D6 AD 8E C1 08 1E D8 C8  N.z.............
00B0: AF C2 E7 65 9A 23 87 74   46 D9 CB 8C 4D 2D E7 E5  ...e.#.tF...M-..
00C0: F8 B0 C5 7A 76 F4 68 3F   16 A9 13 5C 77 D6 06 07  ...zv.h?...\w...
00D0: 73 67 BC 03 F0 D0 0F C5   A9 34 DC 09 43 8D 0B 61  sg.......4..C..a
00E0: 5C 49 F8 63 00 7F 73 C0   A3 2A A9 FE AF BE E8 E2  \I.c..s..*......
00F0: 9B CB 9B E2 44 6C 92 ED   28 36 98 6C D9 94 2F 16  ....Dl..(6.l../.

]

Added certificate to keystore 'jssecacerts' using alias 'java2novice.com-1'
java2novice$

Move jssecacerts file to $JAVA_HOME\jre\lib\security folder. Now your problem is solved, you no more get this exception again.

Java problems and solutions

  1. Unable to install Java 7 in Eclipse on Mac - Java 7 Mac OS issues
  2. How to change Java (JVM) version in Mac OS? - Java version Mac OS issues
  3. SunCertPathBuilderException: Unable To Find Valid Certification Path To Requested Target
  4. How to merge two jssecacerts files? - Merge key store files
  5. How to write Micro-Benchmark for java Hotspot?
  6. servlet-api-2.5.jar - jar not loaded - tomcat error
  7. How to exclude property files in a jar using Maven
  8. ClassNotFoundException: org.springframework.web.context.ContextLoaderListener
  9. CGLIB is required to process @Configuration classes
  10. Git command to list conflicted files
  11. Where is default localhost folder in Mac OSX?
  12. How to edit hosts file on Mac OSX
  13. How to set up java version in Maven based projects?
  14. How to split a string by new line character in java?
  15. How to configure Spring Boot without the parent POM (spring-boot-starter-parent)?
  16. My Spring boot application is not scaning my components (controllers)
  17. How to download a file in Spring RestController?
  18. How to get convert excel HSSFWorkbook (workbook) into byte array?
  19. How to add Oracle JDBC driver in your Maven local repository
  20. How to add jar file in your Maven local repository using command line?
  21. How to add default value to Spring @Value annotation?
  22. How to route Apache ProxyPass configuration through another proxy server? (Proxy to proxy)
  23. How to disable Maven unit test?
Java2Novice - YouTube Channel
  1. Java Interview Programs
  2. Data Structure Programs in Java
  3. Linked List Programs in Java
  4. Python Tutorial for Beginners
Java2Novice
Knowledge Centre
Can we call servlet destory() from service()?
As you know, destory() is part of servlet life cycle methods, it is used to kill the servlet instance. Servlet Engine is used to call destory(). In case, if you call destory method from service(), it just execute the code written in the destory(), but it wont kill the servlet instance. destroy() will be called before killing the servlet instance by servlet engine.
Famous Quotations
There is a great difference between worry and concern. A worried person sees a problem, and a concerned person solves a problem.
-- Harold Stephens
Few Random Java Examples
  1. Find longest substring without repeating characters.
  2. Write a program to find maximum repeated words from a file.
  3. Spring Dependency Injection via Constructor
  4. How to get spring application context object reference?
  5. Evaluation of an infix expression that is fully parenthesized using stack in java.
  6. Spring bean java based configuration using @Configuration and @Bean
  7. Double-ended queue (Decue) implementation using Doubly linked list.
  8. How implement bounded types (implements an interface) with generics?
  9. Spring java based configuration @Import example

About Author

I'm Nataraja Gootooru, programmer by profession and passionate about technologies. All examples given here are as simple as possible to help beginners. The source code is compiled and tested in my dev environment.

If you come across any mistakes or bugs, please email me to [email protected].

Most Visited Pages

  1. Java Interview Questions
  2. How to Create Java Custom Exception
  3. Java Interview Programs
  4. Spring-Boot Tutorial with Examples
  5. Java Constructor Chaining Examples
  6. Spring Framework Examples
  7. Write a program to find maximum repeated words from a file.
  8. Java Data Structures
  9. Java 8 new features
  10. Write a program to find common integers between two sorted arrays.

Other Interesting Sites

  1. Wikipedia
  2. ShortNews247
  3. Health Shots
Reference: Java™ Platform Standard Ed. 7 - API Specification | Java™ Platform Standard Ed. 8 - API Specification | Java is registered trademark of Oracle.
Privacy Policy | Copyright © 2022 by Nataraja Gootooru. All Rights Reserved.