Wednesday, 16 September 2020

How To Fix "unable to find valid certification path to requested target" Error

If you are here, that means probably you have encountered below error:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460)
        ... 101 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)


That happens when you try to connect to a https url from Java application & that remote server SSL certificate is not trusted by your JVM. Basically Java has a Truststore where it stores root certificates & intermediate certificates from Certified Authorities (CA). So in case the remote server is using a self-signed certificate or a certificate from not a well-known CA, there is a chance that the root & intermediate certificates of the CA are not present in your Java Truststore. You need to add it manually.

I found out a small Java program online that can easily help you with that. You can just check this link & follow the steps to add certificates to your Java Truststore. This program also validates if the certificates are already added & working properly.

But just make sure you do really know the remote server before adding their certificates to your Java Truststore.

No comments:

Post a comment

Java Program for Least Common Ancestor Of A Binary Tree

This is common interview question. There can be a variant where we would have to find Least Common Ancestor (LCA) of a Binary Search Tree (B...