Wednesday, 16 September 2020

How To Fix "unable to find valid certification path to requested target" Error

If you are here, that means probably you have encountered below error:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460)
        ... 101 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)


That happens when you try to connect to a https url from Java application & that remote server SSL certificate is not trusted by your JVM. Basically Java has a Truststore where it stores root certificates & intermediate certificates from Certified Authorities (CA). So in case the remote server is using a self-signed certificate or a certificate from not a well-known CA, there is a chance that the root & intermediate certificates of the CA are not present in your Java Truststore. You need to add it manually.

I found out a small Java program online that can easily help you with that. You can just check this link & follow the steps to add certificates to your Java Truststore. This program also validates if the certificates are already added & working properly.

But just make sure you do really know the remote server before adding their certificates to your Java Truststore.

No comments:

Post a comment

How To Solve XML Parsing Issue "Content is not allowed in prolog" In Java

If you have come to this post, then you are facing xml parsing issue in Java. Caused by: org.xml.sax.SAXParseException; lineNumber: 1; colum...